Lucene search
K

6 matches found

EUVD
EUVD
added 2026/04/22 9:31 a.m.6 views

EUVD-2026-24678

The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation on the plugin's settings form in the dxuc-unanswered-comments-admin-page.php file. This makes it possible for...

4.3CVSS5.7AI score0.00193EPSS
Exploits0References10
CVE
CVE
added 2026/04/22 7:45 a.m.17 views

CVE-2026-4138

The CVE-2026-4138 entry concerns the DX Unanswered Comments plugin for WordPress (versions up to 1.7). A Cross-Site Request Forgery vulnerability arises from missing nonce validation on the plugin’s settings form (dxuc-unanswered-comments-admin-page.php), enabling unauthenticated attackers to mod...

4.3CVSS5.7AI score0.00193EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.31 views

CVE-2026-4138 DX Unanswered Comments <= 1.7 - Cross-Site Request Forgery via Settings Update

The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation on the plugin's settings form in the dxuc-unanswered-comments-admin-page.php file. This makes it possible for...

4.3CVSS0.00193EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/04/22 7:45 a.m.2 views

CVE-2026-4138 DX Unanswered Comments <= 1.7 - Cross-Site Request Forgery via Settings Update

The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation on the plugin's settings form in the dxuc-unanswered-comments-admin-page.php file. This makes it possible for...

4.3CVSS5.7AI score0.00193EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

WordPress plugin DX Unanswered Comments 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/21 7:5 p.m.6 views

WordPress DX Unanswered Comments plugin <= 1.7 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin DX Unanswered Comments versions = 1.7...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder