Lucene search
+L

1246 matches found

NVD
NVD
added 2026/05/20 2:16 a.m.31 views

CVE-2026-6452

The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bigfishgamessyndicatesubmenu function. This makes it possible for unauthenticated attackers to reset...

4.3CVSS0.00158EPSS
Exploits0References5
CVE
CVE
added 2026/05/20 1:25 a.m.21 views

CVE-2026-6400

The CVE-2026-6400 entry concerns the WordPress plugin “Child Height Predictor by Ostheimer” (versions

4.3CVSS5.7AI score0.00163EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.41 views

CVE-2026-6400 Child Height Predictor by Ostheimer <= 1.3 - Cross-Site Request Forgery to Settings Update via Plugin Settings Form

The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options function, which handles plugin settings updates. The form template does not include a...

4.3CVSS0.00163EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.19 views

CVE-2026-6400

The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options function, which handles plugin settings updates. The form template does not include a...

4.3CVSS5.7AI score0.00163EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.10 views

CVE-2026-8419 Amazon Scraper <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update

The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS5.7AI score0.00191EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.45 views

CVE-2026-8419 Amazon Scraper <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update

The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS0.00191EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.8 views

CVE-2026-8420 BLOGCHAT Chat System <= 1.3.6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update

The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.45 views

CVE-2026-8420 BLOGCHAT Chat System <= 1.3.6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update

The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS0.00174EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.16 views

PT-2026-42059

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the create admin page function. This makes it possible for unauthenticated attacke...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References11
NVD
NVD
added 2026/05/19 9:16 p.m.21 views

CVE-2026-34216

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation without any allowli...

6.6CVSS0.00532EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 8:31 p.m.7 views

CVE-2026-34216

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation without any allowli...

6.6CVSS6AI score0.00532EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:5 p.m.15 views

WordPress Bigfishgames Syndicate plugin <= 1.2 - Cross-Site Request Forgery to Settings Reset and Update vulnerability

Cross-Site Request Forgery to Settings Reset and Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Bigfishgames Syndicate versions = 1.2...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:4 p.m.11 views

WordPress Bottom Bar plugin <= 0.1.7 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Bottom Bar versions = 0.1.7...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:4 p.m.10 views

WordPress Child Height Predictor by Ostheimer plugin <= 1.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Child Height Predictor by Ostheimer versions = 1.3...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/15 10:34 a.m.16 views

WordPress Smartcat Translator for WPML plugin <= 3.1.77 - Missing Authorization to Unauthenticated Plugin Settings Update vulnerability

Missing Authorization to Unauthenticated Plugin Settings Update vulnerability discovered by Alexis Lafontaine in WordPress Plugin Smartcat Translator for WPML versions = 3.1.77...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/15 7:46 a.m.11 views

CVE-2026-8425 Notify Odoo <= 1.0.1 - Cross-Site Request Forgery to Settings Update

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...

4.3CVSS5.7AI score0.00135EPSS
Exploits0References8
CVE
CVE
added 2026/05/15 7:46 a.m.30 views

CVE-2026-8425

CVE-2026-8425 describes a Cross-Site Request Forgery in the WordPress Notify Odoo plugin (versions ≤ 1.0.1). The root cause is missing or incorrect nonce validation on the _updateSettings function, enabling unauthenticated attackers to alter the Notify Odoo URL and related settings (notification,...

4.3CVSS5.7AI score0.00135EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/15 7:46 a.m.58 views

CVE-2026-8425 Notify Odoo <= 1.0.1 - Cross-Site Request Forgery to Settings Update

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...

4.3CVSS0.00135EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/05/14 6:52 p.m.11 views

WordPress Notify Odoo plugin <= 1.0.1 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Notify Odoo versions = 1.0.1...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/12 9:31 a.m.11 views

EUVD-2026-29412

The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings update handler in edit-weight.php. This makes it possible for unauthenticated attackers to modify t...

4.3CVSS5.7AI score0.00132EPSS
Exploits0References6
Rows per page
Query Builder