CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/20 1:25 a.m.•32 views

CVE-2026-8424 Remove Yellow BGBOX <= 1.0 - Cross-Site Request Forgery

The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'rybbapisettings' page. This makes it possible for unauthenticated attackers to reset the plugin's stored...

4.3CVSS0.00014EPSS

CVE•added 2026/05/20 1:25 a.m.•6 views

CVE-2026-8424

CVE-2026-8424 concerns the WordPress plugin Remove Yellow BGBOX (versions

ATTACKERKB•added 2026/05/20 1:25 a.m.•3 views

CVE-2026-6452

The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bigfishgamessyndicatesubmenu function. This makes it possible for unauthenticated attackers to reset...

CVE•added 2026/05/20 1:25 a.m.•9 views

Exploits0References6

CVE-2026-6452

The CVE-2026-6452 entry describes a Cross-Site Request Forgery in the WordPress plugin Bigfishgames Syndicate (versions

Cvelist•added 2026/05/20 1:25 a.m.•35 views

CVE-2026-6452 Bigfishgames Syndicate <= 1.2 - Cross-Site Request Forgery to Settings Reset and Update

4.3CVSS0.00014EPSS

Vulnrichment•added 2026/05/20 1:25 a.m.•6 views

CVE-2026-6452 Bigfishgames Syndicate <= 1.2 - Cross-Site Request Forgery to Settings Reset and Update

Patchstack•added 2026/05/19 12:5 p.m.•7 views

WordPress Bigfishgames Syndicate plugin <= 1.2 - Cross-Site Request Forgery to Settings Reset and Update vulnerability

Cross-Site Request Forgery to Settings Reset and Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Bigfishgames Syndicate versions = 1.2...

4.3CVSS5.8AI score0.00014EPSS

CVE•added 2026/05/16 2:26 a.m.•9 views

CVE-2026-8681

CVE-2026-8681 affects the WordPress plugin “Essential Chat Support” up to version 1.0.1. The issue is an authorization bypass where unauthenticated attackers can reset all plugin settings by sending a POST request with ecs_reset_settings=1, potentially affecting general settings, display rules, c...

Vulnrichment•added 2026/05/16 2:26 a.m.•6 views

CVE-2026-8681 Essential Chat Support <= 1.0.1 - Missing Authorization to Unauthenticated Settings Reset via 'ecs_reset_settings' Parameter

The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to reset all...

EUVD•added 2026/05/16 2:26 a.m.•5 views

EUVD-2026-30669

Patchstack•added 2026/05/15 1:35 p.m.•4 views

WordPress Essential Chat Support plugin <= 1.0.1 - Missing Authorization to Unauthenticated Settings Reset vulnerability

Missing Authorization to Unauthenticated Settings Reset vulnerability discovered by Legion Hunter in WordPress Plugin Essential Chat Support versions = 1.0.1...

Vulnrichment•added 2026/04/10 1:24 a.m.•0 views

CVE-2026-1924 Aruba HiSpeed Cache <= 3.0.4 - Cross-Site Request Forgery to Plugin Settings Reset

The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing nonce verification on the ahscajaxresetoptions function. This makes it possible for unauthenticated attackers to reset all plugin settings t...

4.3CVSS5.6AI score0.00007EPSS

Cvelist•added 2026/04/10 1:24 a.m.•22 views

CVE-2026-1924 Aruba HiSpeed Cache <= 3.0.4 - Cross-Site Request Forgery to Plugin Settings Reset

4.3CVSS0.00007EPSS

CVE•added 2026/04/10 1:24 a.m.•3 views

CVE-2026-1924

The connected Patchstack entry describes a CSRF to Plugin Settings Reset vulnerability in WordPress Aruba HiSpeed Cache plugin, affecting versions

4.3CVSS5.8AI score0.00007EPSS

EUVD•added 2026/04/10 1:24 a.m.•0 views

EUVD-2026-21250

4.3CVSS5.8AI score0.00007EPSS

Patchstack•added 2026/04/10 12:11 a.m.•2 views

WordPress Aruba HiSpeed Cache plugin <= 3.0.4 - Cross-Site Request Forgery to Plugin Settings Reset vulnerability

Cross-Site Request Forgery to Plugin Settings Reset vulnerability discovered by Legion Hunter in WordPress Plugin Aruba HiSpeed Cache versions = 3.0.4...

4.3CVSS5.9AI score0.00007EPSS

EUVD•added 2026/04/08 9:32 p.m.•1 views

EUVD-2024-47007

The Easy Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eaflresetsettings AJAX action in all versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.9AI score0.00108EPSS

CVE•added 2026/03/21 3:26 a.m.•4 views

CVE-2026-3570

The CVE-2026-3570 entry concerns the Smarter Analytics plugin for WordPress. Affected: all versions up to and including 2.0. Root cause: missing authentication and capability checks on the configuration reset function in smarter-analytics.php, in the global scope. Impact: unauthenticated attacker...

5.3CVSS5.8AI score0.00193EPSS

Vulnrichment•added 2026/03/21 3:26 a.m.•1 views

CVE-2026-3570 Smarter Analytics <= 2.0 - Missing Authorization to Unauthenticated Plugin Settings Reset via 'reset' Parameter

The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configuration reset functionality in the global scope of smarter-analytics.php. This makes it possible for...

5.3CVSS5.8AI score0.00193EPSS