1246 matches found
CVE-2026-6452
The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bigfishgamessyndicatesubmenu function. This makes it possible for unauthenticated attackers to reset...
CVE-2026-6400
The CVE-2026-6400 entry concerns the WordPress plugin “Child Height Predictor by Ostheimer” (versions
CVE-2026-6400 Child Height Predictor by Ostheimer <= 1.3 - Cross-Site Request Forgery to Settings Update via Plugin Settings Form
The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options function, which handles plugin settings updates. The form template does not include a...
CVE-2026-6400
The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options function, which handles plugin settings updates. The form template does not include a...
CVE-2026-8419 Amazon Scraper <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update
The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...
CVE-2026-8419 Amazon Scraper <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update
The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...
CVE-2026-8420 BLOGCHAT Chat System <= 1.3.6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update
The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...
CVE-2026-8420 BLOGCHAT Chat System <= 1.3.6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update
The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...
PT-2026-42059
The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the create admin page function. This makes it possible for unauthenticated attacke...
CVE-2026-34216
CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation without any allowli...
CVE-2026-34216
CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation without any allowli...
WordPress Bigfishgames Syndicate plugin <= 1.2 - Cross-Site Request Forgery to Settings Reset and Update vulnerability
Cross-Site Request Forgery to Settings Reset and Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Bigfishgames Syndicate versions = 1.2...
WordPress Bottom Bar plugin <= 0.1.7 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Bottom Bar versions = 0.1.7...
WordPress Child Height Predictor by Ostheimer plugin <= 1.3 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Child Height Predictor by Ostheimer versions = 1.3...
WordPress Smartcat Translator for WPML plugin <= 3.1.77 - Missing Authorization to Unauthenticated Plugin Settings Update vulnerability
Missing Authorization to Unauthenticated Plugin Settings Update vulnerability discovered by Alexis Lafontaine in WordPress Plugin Smartcat Translator for WPML versions = 3.1.77...
CVE-2026-8425 Notify Odoo <= 1.0.1 - Cross-Site Request Forgery to Settings Update
The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...
CVE-2026-8425
CVE-2026-8425 describes a Cross-Site Request Forgery in the WordPress Notify Odoo plugin (versions ≤ 1.0.1). The root cause is missing or incorrect nonce validation on the _updateSettings function, enabling unauthenticated attackers to alter the Notify Odoo URL and related settings (notification,...
CVE-2026-8425 Notify Odoo <= 1.0.1 - Cross-Site Request Forgery to Settings Update
The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...
WordPress Notify Odoo plugin <= 1.0.1 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Notify Odoo versions = 1.0.1...
EUVD-2026-29412
The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings update handler in edit-weight.php. This makes it possible for unauthenticated attackers to modify t...