Lucene search
K

56007 matches found

Cvelist
Cvelist
added 2025/11/18 12:29 p.m.4 views

CVE-2025-8084 AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...

6.8CVSS0.00368EPSS
Exploits0References3
NVD
NVD
added 2025/11/18 9:15 a.m.5 views

CVE-2025-9625

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...

4.3CVSS0.00133EPSS
Exploits0References4
NVD
NVD
added 2025/11/18 9:15 a.m.7 views

CVE-2025-12962

The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the url parameter in the syndicatelocal shortcode. This is due to the use of wpremoteget instead of wpsaferemoteget which lacks protections against requests to...

6.4CVSS0.00205EPSS
Exploits0References3
NVD
NVD
added 2025/11/18 9:15 a.m.10 views

CVE-2025-12404

The Like-it plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the likeitconf function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

6.1CVSS0.00124EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/18 8:27 a.m.10 views

CVE-2025-12406 Project Honey Pot Spam Trap <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the printAdminPage function. This makes it possible for unauthenticated attackers to update setting...

6.1CVSS0.00124EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/18 8:27 a.m.7 views

CVE-2025-12962 Local Syndication <= 1.5a - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode

The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the url parameter in the syndicatelocal shortcode. This is due to the use of wpremoteget instead of wpsaferemoteget which lacks protections against requests to...

6.4CVSS0.00205EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/18 8:27 a.m.4 views

EUVD-2025-197944

The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the url parameter in the syndicatelocal shortcode. This is due to the use of wpremoteget instead of wpsaferemoteget which lacks protections against requests to...

6.4CVSS5.4AI score0.00205EPSS
Exploits0References4
CVE
CVE
added 2025/11/18 8:27 a.m.14 views

CVE-2025-9625

Affected software: WordPress Coil Web Monetization plugin. Vulnerability: Cross-Site Request Forgery due to missing/incorrect nonce validation on the coil-get-css-selector handling in the maybe_restrict_content function. Impact: Unauthenticated attackers can trigger CSS selector detection functio...

4.3CVSS4.9AI score0.00133EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/11/18 4:50 a.m.6 views

WordPress Icon List Block plugin <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by Sushi Com Abacate in WordPress Plugin Icon List Block versions = 1.2.1...

6.4CVSS7.1AI score0.00162EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/11/18 2:47 a.m.15 views

MGASA-2025-0301 Updated apache packages fix security vulnerabilities

HTTP response splitting. CVE-2024-42516 SSRF with modheaders setting Content-Type header. CVE-2024-43204 modssl error log variable escaping. CVE-2024-47252 modproxyhttp2 denial of service. CVE-2025-49630 modssl access control bypass with session resumption. CVE-2025-23048 modssl TLS upgrade attac...

9.1CVSS6.8AI score0.04409EPSS
Exploits2References11
Cvelist
Cvelist
added 2025/11/18 12:0 a.m.6 views

CVE-2025-63408

Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request SSRF, or execute OS commands...

0.00346EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/18 12:0 a.m.2 views

CVE-2025-63408

Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request SSRF, or execute OS commands...

6.8AI score0.00346EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/18 12:0 a.m.5 views

CVE-2025-63955

A Cross-Site Request Forgery CSRF vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged request. This leads to the unauthorized deletion of user accounts, causing a Denial of...

6.2AI score0.002EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.11 views

WSO2多款产品 安全漏洞

WSO2 Open Banking AM and others are products of WSO2, Inc. of the U.S.A. WSO2 Open Banking AM is an Open Banking Accelerator.WSO2 Open Banking IAM is an identity and access management solution for the Open Banking OB space.WSO2 Traffic WSO2 Traffic Manager is a component for regulating and managi...

8.8CVSS6.5AI score0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.11 views

PT-2025-47317

Name of the Vulnerable Software and Affected Versions Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress versions up to and including 1.2.1 Description The software is susceptible to a Server-Side Request Forgery SSRF issue. Authenticated attackers with Subscriber-leve...

6.4CVSS6.2AI score0.00162EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.3 views

WordPress plugin Icon List Block 代码问题漏洞

WordPress Icon List Block plugin is a plugin designed for WordPress to insert custom icon lists in the block editor Gutenberg. The WordPress Icon List Block plugin suffers from a server-side request forgery vulnerability that stems from the fsapirequest function failing to implement an adequate...

6.4CVSS6.4AI score0.00162EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.6 views

PT-2025-47272

Name of the Vulnerable Software and Affected Versions Coil Web Monetization plugin for WordPress versions prior to 2.0.3 Description The software is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by inadequate nonce validation when handling the coil-get-css-selector...

4.3CVSS6.4AI score0.00133EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/11/17 10:48 p.m.8 views

WordPress WP Admin Microblog plugin <= 3.1.1 - Cross-Site Request Forgery to Message Creation vulnerability

Cross-Site Request Forgery to Message Creation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Admin Microblog versions = 3.1.1...

4.3CVSS7AI score0.00106EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/11/17 7:11 p.m.7 views

GO-2025-4111 Soft Serve is vulnerable to SSRF through its Webhooks in github.com/charmbracelet/soft-serve

Soft Serve is vulnerable to SSRF through its Webhooks in github.com/charmbracelet/soft-serve...

9.1CVSS6.9AI score0.00307EPSS
Exploits1References4
EUVD
EUVD
added 2025/11/17 6:30 p.m.6 views

EUVD-2025-197810

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...

7.1CVSS6.6AI score0.00338EPSS
Exploits1References4
Rows per page
Query Builder