Lucene search
K

56013 matches found

CNNVD
CNNVD
added 2025/10/27 12:0 a.m.3 views

WordPress plugin WP Business Hours 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

7.1CVSS5.9AI score0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/26 7:16 a.m.16 views

CVE-2025-11976

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...

4.3CVSS5.2AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/25 11:32 a.m.12 views

CVE-2025-10861

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.1.4. This is due to insufficient validation on the URLs supplied via the URL parameter...

7.5CVSS6AI score0.0035EPSS
Exploits0References1
NVD
NVD
added 2025/10/25 7:15 a.m.9 views

CVE-2025-11497

The Advanced Database Cleaner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.6. This is due to missing or incorrect nonce validation on the aDBcprepareelementstoclean function. This makes it possible for unauthenticated attackers to alte...

4.3CVSS0.00208EPSS
Exploits0References2
CVE
CVE
added 2025/10/25 6:49 a.m.25 views

CVE-2025-11976

CVE-2025-11976 concerns FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) for WordPress. According to connected sources, the vulnerability is a Cross-Site Forgery (CSRF) due to missing or incorrect nonce validation in the save_cha...

4.3CVSS4.9AI score0.00124EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/25 12:0 a.m.4 views

WordPress plugin Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

7.5CVSS6.4AI score0.0035EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/25 12:0 a.m.3 views

WSO2 API Manager 安全漏洞

WSO2 API Manager is a suite of API lifecycle management solutions from US-based WSO2. A security vulnerability exists in WSO2 API Manager that stems from the Try-It feature not properly validating user-supplied URLs, which could lead to server-side request forgery and reflective cross-site...

5.9CVSS6.1AI score0.00583EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/24 9:35 p.m.11 views

CVE-2025-59503

Server-side request forgery ssrf in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network...

10CVSS6.9AI score0.007EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/10/24 4:47 p.m.5 views

WordPress Slider Templates plugin <= 1.0.3 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Slider Templates versions = 1.0.3...

4.9CVSS7AI score0.00142EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/10/24 11:25 a.m.16 views

CVE-2025-10861

CVE-2025-10861: Unauthenticated SSRF in the WordPress plugin “Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers” affecting versions up to and including 2.1.4 due to insufficient URL validation. Exploitation could allow the server to make requests t...

7.5CVSS5.7AI score0.0035EPSS
Exploits0References5
NVD
NVD
added 2025/10/24 10:15 a.m.5 views

CVE-2025-5350

SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side request forgery SSRF. Additionally, the...

5.9CVSS0.00583EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/24 10:8 a.m.4 views

EUVD-2025-35829

SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side request forgery SSRF. Additionally, the...

5.9CVSS5.1AI score0.00583EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/24 9:23 a.m.5 views

EUVD-2025-35827

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes ...

6.8CVSS5.3AI score0.00358EPSS
Exploits0References8
CVE
CVE
added 2025/10/24 9:23 a.m.26 views

CVE-2025-12136

CVE-2025-12136 affects the WordPress plugin “Real Cookie Banner: GDPR & ePrivacy Cookie Consent”. Wordfence and related sources describe a Server-Side Request Forgery (SSRF) vulnerability in all versions up to and including 5.2.4, caused by insufficient validation of the user-supplied URL in the ...

6.8CVSS5.4AI score0.00358EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/10/24 9:23 a.m.10 views

CVE-2025-12136 Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.2.4 - Authenticated (Admin+) Server-Side Request Forgery via scan-without-login Endpoint

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes ...

6.8CVSS0.00358EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/24 8:23 a.m.6 views

EUVD-2025-35817

The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4. This is due to missing nonce verification on the loginformindieauth function and the authorization endpoint at wp-login.php?action=indieauth. This makes it possible for...

8.8CVSS5.2AI score0.00194EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/10/24 8:23 a.m.2 views

CVE-2025-12028 IndieAuth <= 4.5.4 - Cross-Site Request Forgery to Account Takeover via Stolen OAuth Tokens

The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4. This is due to missing nonce verification on the loginformindieauth function and the authorization endpoint at wp-login.php?action=indieauth. This makes it possible for...

8.8CVSS5.3AI score0.00194EPSS
Exploits0References5
CVE
CVE
added 2025/10/24 8:23 a.m.10 views

CVE-2025-12072

CVE-2025-12072 concerns the WordPress plugin Disable Content Editor For Specific Template (≤ 2.0). Root cause is missing nonce validation on template configuration updates, enabling CSRF. Impact: unauthenticated attackers can induce administrators to add or delete template configurations via forg...

4.3CVSS5.1AI score0.00122EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/24 8:23 a.m.9 views

CVE-2025-11992 Multi Item Responsive Slider <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Multi Item Responsive Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'mioptions.php' page. This makes it possible for unauthenticated attackers to update settings an...

6.1CVSS0.00191EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/24 8:23 a.m.9 views

EUVD-2025-35822

The Multi Item Responsive Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'mioptions.php' page. This makes it possible for unauthenticated attackers to update settings an...

6.1CVSS5AI score0.00191EPSS
Exploits0References3
Rows per page
Query Builder