Lucene search
K

55998 matches found

Cvelist
Cvelist
added 2025/12/05 6:7 a.m.26 views

CVE-2025-12373 Torod – The smart shipping and delivery portal for e-shops and retailers <= 1.9 - Cross-Site Request Forgery To Plugin's Settings Modification

The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the savesettings function. This makes it possible for...

4.3CVSS0.00124EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/05 6:7 a.m.6 views

CVE-2025-12373 Torod – The smart shipping and delivery portal for e-shops and retailers <= 1.9 - Cross-Site Request Forgery To Plugin's Settings Modification

The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the savesettings function. This makes it possible for...

4.3CVSS4.8AI score0.00124EPSS
Exploits0References2
CVE
CVE
added 2025/12/05 6:7 a.m.11 views

CVE-2025-12373

CVE-2025-12373 : Torod WordPress plugin (≤1.9) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in the save_settings function, allowing unauthenticated attackers to trick an admin into altering plugin settings via forged requests.

4.3CVSS4.8AI score0.00124EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/05 5:31 a.m.1 views

CVE-2025-12128 Hide Categories Or Products On Shop Page <= 1.0.7 - Cross-Site Request Forgery to Settings Update

The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the savedatahcps function. This makes it possible for unauthenticated attackers to...

4.3CVSS4.8AI score0.00102EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/05 5:31 a.m.9 views

EUVD-2025-201368

The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.10.1321. This is due to missing or incorrect nonce validation on the uploadImage function...

4.3CVSS6.3AI score0.00268EPSS
Exploits2References5
EUVD
EUVD
added 2025/12/05 5:31 a.m.5 views

EUVD-2025-201375

The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on several endpoints. This makes it possible for unauthenticated attackers to perform a variety of actions via a forge...

4.3CVSS4.9AI score0.00102EPSS
Exploits0References3
CVE
CVE
added 2025/12/05 5:31 a.m.19 views

CVE-2025-10055

CVE-2025-10055 concerns the Time Sheets plugin for WordPress. The vulnerability is a Cross-Site Request Forgery (CSRF) in all versions up to 2.1.3 caused by missing or incorrect nonce validation on several endpoints. This could allow unauthenticated attackers to cause administrators to perform ac...

4.3CVSS5AI score0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/05 5:31 a.m.26 views

CVE-2025-13621 dream gallery <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action

The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's...

6.1CVSS0.00119EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/05 5:31 a.m.5 views

EUVD-2025-201385

The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.7. This is due to missing or insufficient nonce validation on the addcstusettings function. This makes it possible for unauthenticated attackers to modify plugin settings v...

4.3CVSS4.8AI score0.00128EPSS
Exploits0References4
NVD
NVD
added 2025/12/05 5:16 a.m.3 views

CVE-2025-13362

The Norby AI plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings and inject...

4.3CVSS0.00124EPSS
Exploits0References3
NVD
NVD
added 2025/12/05 3:15 a.m.6 views

CVE-2025-11759

The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the XclonerRemoteStorage:save function. This makes it possible for...

4.3CVSS0.00102EPSS
Exploits0References2
CVE
CVE
added 2025/12/05 1:55 a.m.11 views

CVE-2025-11759

CVE-2025-11759 affects the WordPress plugin “Backup, Restore and Migrate your sites with XCloner” (versions up to and including 4.8.2). The issue is a Cross-Site Request Forgery (CSRF) due to missing/incorrect nonce validation in the Xcloner_Remote_Storage:save() function, enabling unauthenticate...

4.3CVSS4.9AI score0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/05 1:55 a.m.24 views

CVE-2025-11759 Backup, Restore and Migrate your sites with XCloner <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save()

The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the XclonerRemoteStorage:save function. This makes it possible for...

4.3CVSS0.00102EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.3 views

HedgeDoc 跨站请求伪造漏洞

HedgeDoc is a Javascript-based real-time editing and sharing platform for Markdown documents from the HedgeDoc team. A cross-site request forgery vulnerability exists in HedgeDoc versions prior to 1.10.4, which stems from a lack of CSRF protection in the OAuth2 endpoint and could lead to cross-si...

4.3CVSS6.4AI score0.00084EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.2 views

WordPress plugin Time Sheets 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.5AI score0.00102EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.6 views

PT-2025-49232

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the ark rp options page function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via ...

4.3CVSS5.6AI score0.00128EPSS
Exploits0References4
OSV
OSV
added 2025/12/05 12:0 a.m.3 views

UBUNTU-CVE-2025-59775

NTLM Leakage on Windows through UNC SSRF...

7.5CVSS5.8AI score0.00771EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/04 11:31 p.m.8 views

WordPress User Generator and Importer plugin <= 1.2.2 - Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation vulnerability

Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation vulnerability discovered by Ivan Cese in WordPress Plugin User Generator and Importer versions = 1.2.2...

8.8CVSS6.7AI score0.00154EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/04 11:26 p.m.7 views

WordPress ARK Related Posts plugin <= 2.19 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin ARK Related Posts versions = 2.19...

4.3CVSS6.8AI score0.00128EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2025/12/04 10:3 p.m.4 views

Server-side Request Forgery (SSRF)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /api/v1/retrieval/process/web endpoint . An attacker can access internal network resources, cloud metadata endpoints, and sensitive information by submitting crafted...

8.5CVSS6.6AI score0.03965EPSS
Exploits1References2
Rows per page
Query Builder