CVE-2026-53738

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdpactionhandling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...

WordPress plugin AJAX Report Comments 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-9732

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

CVE-2026-9722

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2026-9723

CVE-2026-9723 affects the WordPress plugin Google Plus One Bottom (versions

CVE-2026-9723 Google Plus One Bottom <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page

The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...

CVE-2026-8939 Search Simple Fields <= 0.2 - Cross-Site Request Forgery to Plugin Settings Update

The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the searchsimplefieldsoptions function in functionsadmin.php. This makes it possible for unauthenticated attacke...

EUVD-2026-32059

The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the searchsimplefieldsoptions function in functionsadmin.php. This makes it possible for unauthenticated attacke...

CVE-2026-8425

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...

GHSA-W76P-3CGP-QFCM Apache Polaris has an Improper Input Validation issue

In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...

EUVD-2026-24682

The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the niorderexportaction AJAX handler function. The handler processes settings updates when the 'page' parameter is...

CVE-2026-6294

The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4. This is due to missing nonce validation in the gpdisplayoption function, which handles the plugin settings page. The settings form does not include a wpnoncefield, and...

WordPress plugin Google PageRank Display 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-30379

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/user manipulate and admin/settings/generall endpoints to...

CVE-2026-1378

The WP Posts Re-order plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the cptpluginoptions function. This makes it possible for unauthenticated attackers to update the plugin settings including...

CVE-2026-4143 Neos Connector for Fakturama <= 0.0.14 - Cross-Site Request Forgery to Settings Update

The Neos Connector for Fakturama plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.0.14. This is due to missing nonce validation in the ncffaddpluginpage function which handles settings updates. This makes it possible for unauthenticated...

PT-2026-26806

The WP Posts Re-order plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the cpt plugin options function. This makes it possible for unauthenticated attackers to update the plugin settings includin...

CVE-2026-1087

The Guardian News Feed plugin for WordPress is affected by CVE-2026-1087. All versions up to and including 1.2 are vulnerable to Cross-Site Request Forgery caused by missing nonce validation on the settings update function. This allows unauthenticated or tricked attackers to modify the plugin’s s...

CVE-2025-68023 WordPress Addonify – Compare Products For WooCommerce plugin <= 1.1.17 - Settings Change vulnerability

Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – Compare Products For WooCommerce: from n/a through = 1.1.17...

CVE-2025-14357

CVE-2025-14357 affects the Mega Store Woocommerce theme for WordPress. The vulnerability is an unauthorized data modification issue caused by a missing capability check in setup_widgets() (core/includes/importer/whizzie.php) across all versions up to and including 5.9. This allows authenticated a...