Lucene search
K

56012 matches found

Vulnrichment
Vulnrichment
added 2025/11/04 4:27 a.m.4 views

CVE-2025-12400 LMB^Box Smileys <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managepage function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS4.9AI score0.00127EPSS
Exploits0References4
CVE
CVE
added 2025/11/04 4:27 a.m.16 views

CVE-2025-12412

The CVE-2025-12412 entry concerns the WordPress Top Bar Notification plugin (versions

6.1CVSS5AI score0.00123EPSS
Exploits0References3
CVE
CVE
added 2025/11/04 4:27 a.m.9 views

CVE-2025-12188

CVE-2025-12188 concerns the WordPress plugin “Posts Navigation Links for Sections and Headings – Free by WP Masters.” The vulnerability is a Cross-Site Request Forgery (CSRF) caused by missing or incorrect nonce validation on the wpm_navigation_links_settings page. Exploitation requires a site ad...

4.3CVSS5AI score0.00108EPSS
Exploits0References2
NVD
NVD
added 2025/11/04 4:15 a.m.6 views

CVE-2025-12401

The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the labelpluginsoptions function. This makes it possible for unauthenticated attackers to update settings and injec...

6.1CVSS0.00127EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/04 3:26 a.m.4 views

CVE-2025-12069 WP Global Screen Options <= 0.2 - Cross-Site Request Forgery to Screen Options Update

The WP Global Screen Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing nonce validation on the updatewpglobalscreenoptions action handler. This makes it possible for unauthenticated attackers to modify global...

4.3CVSS5.2AI score0.00108EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/04 3:26 a.m.3 views

CVE-2025-12401 Label Plugins <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the labelpluginsoptions function. This makes it possible for unauthenticated attackers to update settings and injec...

6.1CVSS5AI score0.00127EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/04 3:26 a.m.12 views

CVE-2025-12401 Label Plugins <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the labelpluginsoptions function. This makes it possible for unauthenticated attackers to update settings and injec...

6.1CVSS0.00127EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/04 3:26 a.m.10 views

CVE-2025-12070 ViaAds <= 2.1.2 - Cross-Site Request Forgery to API Key Update

The ViaAds plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing nonce validation on the ViaAdspluginHandler function. This makes it possible for unauthenticated attackers to modify the plugin's API key and cookie...

4.3CVSS5.8AI score0.00131EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.7 views

PT-2025-44959

The MapMap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the admin shortcode submit, admin configuration submit, and admin shortcode delete functions. This makes it possible for...

6.1CVSS5.4AI score0.00127EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.6 views

PT-2025-44953

The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage page function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS5.3AI score0.00127EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.10 views

PT-2025-44956

The SH Contextual Help plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation in the sh contextual help dashboard widget function. This makes it possible for unauthenticated attackers to...

6.1CVSS5.4AI score0.00127EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.7 views

CVE-2020-36862

Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could 1 inject script into exported/returned content due to insufficient output encoding XSS, and 2 cause the server to fetch attacker-specified URLs SSRF,...

6.9CVSS6.7AI score0.00573EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 12:30 p.m.4 views

EUVD-2025-37336

Cross-Site Request Forgery CSRF vulnerability in Younes JFR. Advanced Database Cleaner advanced-database-cleaner allows Cross Site Request Forgery.This issue affects Advanced Database Cleaner: from n/a through = 3.1.6...

4.3CVSS6.3AI score0.00118EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/31 12:30 a.m.9 views

EUVD-2020-30808

Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could 1 inject script into exported/returned content due to insufficient output encoding XSS, and 2 cause the server to fetch attacker-specified URLs SSRF,...

6.9CVSS6.2AI score0.00573EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/31 12:0 a.m.4 views

WordPress plugin Bard 安全漏洞

WordPress Bard plugin is a tool used to stop chatbots such as Bard from crawling the content of your website, which is achieved by modifying the virtual robots.txt file. The WordPress Bard plugin suffers from a cross-site request forgery vulnerability that originates when a web application does n...

5.4CVSS6.7AI score0.0011EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.3 views

IBM Concert Software Server-Side Request Forgery Vulnerability

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software suffers from a server-side request forgery vulnerability th...

5.4CVSS7AI score0.0016EPSS
Exploits0References1
NVD
NVD
added 2025/10/30 10:15 p.m.14 views

CVE-2023-7325

Anheng Mingyu Operation and Maintenance Audit and Risk Control System up to 2023-08-10 contains a server-side request forgery SSRF vulnerability in the xmlrpc.sock handler. The product accepts specially crafted XML-RPC requests that can be used to instruct the server to connect to internal unix...

9.3CVSS0.0037EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 10:15 p.m.5 views

CVE-2020-36862

Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could 1 inject script into exported/returned content due to insufficient output encoding XSS, and 2 cause the server to fetch attacker-specified URLs SSRF,...

6.9CVSS0.00573EPSS
Exploits0References2
OSV
OSV
added 2025/10/30 10:15 p.m.4 views

CVE-2020-36862

Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could 1 inject script into exported/returned content due to insufficient output encoding XSS, and 2 cause the server to fetch attacker-specified URLs SSRF,...

6.1CVSS5.8AI score0.00573EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:47 p.m.11 views

CVE-2023-53688

Nagios XI

5.4CVSS5.9AI score0.00289EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder