CVE-2025-1926

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayersavepost function. This makes it possible for...

WordPress plugin Page Builder: Pagelayer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. WordPress plugin Page Builder: A...

PT-2023-12528 · WordPress · Wp-Mpdf

Name of the Vulnerable Software and Affected Versions: wp-mpdf plugin for WordPress versions up to, and including, 3.5.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the mpdf admin savepost function. This allows unauthenticated...

PT-2023-12502 · WordPress · Contact Form 7 Style

Name of the Vulnerable Software and Affected Versions: Contact Form 7 Style plugin for WordPress versions up to, and including, 3.2 Description: The issue is due to missing or incorrect nonce validation on the manage wp posts be qe save post function, making it possible for unauthenticated...