Lucene search
K

1242 matches found

CVE
CVE
added 1 hour ago4 views

CVE-2026-9731

The CVE concerns the WordPress plugin Wp Js Detect (versions up to 1.0.9). Affected component: plugin_settings in the plugin, where missing/incorrect nonce validation enables a Cross-Site Request Forgery (CSRF) . Unauthenticated attackers could forge requests to update the plugin’s settings (wp_n...

4.3CVSS5.9AI score
Exploits0References5
Nuclei
Nuclei
added yesterday14 views

NetAlertX 23.01.14–24.x < 24.10.12 - Remote Code Execution

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php. id: CVE-2024-46506 info: name:...

10CVSS7.1AI score0.62307EPSS
Exploits5
NVD
NVD
added last week8 views

CVE-2026-11562

The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings...

4.3CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 6:0 a.m.38 views

CVE-2026-11562 WS Form LITE < 1.11.8 - Subscriber+ Arbitrary Settings Update

The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings...

0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 6:0 a.m.18 views

CVE-2026-11562

CVE-2026-11562 : The WS Form LITE WordPress plugin is vulnerable prior to version 1.11.8 due to a missing capability check on a settings-update action. This allows authenticated users with subscriber-level access and above to modify the plugin’s settings. Impact is limited to settings modificatio...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.33 views

CVE-2026-6292 MP Customize Login Page <= 1.0 - Cross-Site Request Forgery to Settings Update

The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to and including 1.0. This is due to a completely broken nonce validation in the entermpclploginoptions function, which contains an inverted check if wpverifynonce... return false;...

4.3CVSS0.00176EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 5:33 a.m.13 views

CVE-2026-6292

CVE-2026-6292 affects the WordPress plugin MP Customize Login Page (versions ≤ 1.0). The issue is a CSRF vulnerability caused by a broken nonce validation in enter_mpclp_login_options() (inverted wp_verify_nonce() check and missing action parameter) and a settings-update handler hooked on init wi...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.31 views

CVE-2026-9724 MotorDesk <= 1.1.2 - Cross-Site Request Forgery to Settings Update

The MotorDesk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the motordeskadminhome function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00145EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.33 views

CVE-2026-9721 Book a Room Event Calendar <= 1.9 - Cross-Site Request Forgery to Settings Update

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...

4.3CVSS0.00103EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 5:33 a.m.8 views

CVE-2026-9721

CVE-2026-9721 affects the Book a Room Event Calendar plugin for WordPress (versions up to 1.9). The vulnerability is a Cross-Site Request Forgery due to missing nonce validation on the settings_form()/update_settings() flow. The plugin’s settings page accepts POST actions and persists configurati...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/23 4:41 p.m.5 views

WordPress Bulk SEO Image plugin <= 1.1 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by nishida azuka in WordPress Plugin Bulk SEO Image versions = 1.1...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:41 p.m.5 views

WordPress MotorDesk plugin <= 1.1.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by swat in WordPress Plugin MotorDesk versions = 1.1.2...

4.3CVSS5.8AI score0.00145EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:40 p.m.5 views

WordPress Book a Room Event Calendar plugin <= 1.9 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by swat in WordPress Plugin Book a Room Event Calendar versions = 1.9...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:37 p.m.5 views

WordPress MP Customize Login Page plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin MP Customize Login Page versions = 1.0...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.13 views

CVE-2026-8910

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

6.1CVSS5.4AI score0.0012EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.32 views

CVE-2026-10553 jQuery Hover Footnotes <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFootnotesoptionssubpanel function. This makes it possible for unauthenticated attackers to update th...

4.3CVSS0.00145EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 3:41 a.m.10 views

CVE-2026-10553 jQuery Hover Footnotes <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFootnotesoptionssubpanel function. This makes it possible for unauthenticated attackers to update th...

4.3CVSS5.5AI score0.00145EPSS
Exploits0References4
CVE
CVE
added 2026/06/09 3:41 a.m.23 views

CVE-2026-8910

The CVE refers to the WordPress plugin WP Emoticon Rating (versions

6.1CVSS5.4AI score0.0012EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/09 3:41 a.m.15 views

EUVD-2026-35313

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

6.1CVSS5.4AI score0.0012EPSS
Exploits0References7
CVE
CVE
added 2026/06/09 3:41 a.m.22 views

CVE-2026-8902

CVE-2026-8902 affects the WordPress plugin “AJAX Report Comments” (versions ≤ 2.0.4). The vulnerability stems from missing or incorrect nonce validation on the rc_options_page function, enabling Cross‑Site Request Forgery. This allows unauthenticated attackers to forge requests and modify plugin ...

4.3CVSS5.4AI score0.00124EPSS
Exploits0References3
Rows per page
Query Builder