93 matches found
WordPress Shelf Planner plugin <= 2.7.0 - Missing Authorization to Unauthenticated Settings Update vulnerability
Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Shelf Planner versions = 2.7.0...
CVE-2025-12403
The Associados Amazon Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on the brzonadminpanel function. This makes it possible for unauthenticated attackers to update settings an...
CVE-2025-12413 Social Media WPCF7 Stop Words <= 1.1.3 - Cross-Site Request Forgery to Settings Update
The Social Media WPCF7 Stop Words plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.3. This is due to missing or incorrect nonce validation on the smWpCfSwOptions function. This makes it possible for unauthenticated attackers to update the...
PT-2025-44916
Name of the Vulnerable Software and Affected Versions CE21 Suite versions 2.2.1 through 2.3.1 Description The CE21 Suite plugin for WordPress is affected by an issue allowing unauthorized updates to plugin settings. A missing capability check on the wp ajax nopriv ce21 single sign on save api...
WordPress plugin DominoKit 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-44946
The Posts Navigation Links for Sections and Headings – Free by WP Masters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'wpm navigation links settings' page. This makes it...
CVE-2025-11269 Product Filter by WBW <= 3.0.0 - Missing Authorization to Unauthenticated Settings Update
The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'approveNotice' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings...
PT-2025-43596
Name of the Vulnerable Software and Affected Versions Multi Item Responsive Slider plugin for WordPress versions prior to 1.1 Description The software is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the mioptions.php page. This allows...
CVE-2025-9213
The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken' function. This makes it possible for unauthenticated attackers to update a user's authorization token via a forged...
EUVD-2025-24006
Malicious code in bioql PyPI...
MicroWorld eScan AV 安全漏洞
MicroWorld eScan AV is a security software for protection against malware from MicroWorld India. A security vulnerability exists in MicroWorld eScan AV that stems from a failure of the update mechanism to ensure the authenticity and integrity of update packages, which could lead to...
CVE-2025-6247
CVE-2025-6247 affects the WordPress Automatic Plugin for WordPress (
CVE-2025-7668
The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'inux-promotional-plugin.php' page. This makes it possible for unauthenticated attackers to update...
Arbitrary Code Injection
Overview livewire/livewire is an A front-end framework for Laravel. Affected versions of this package are vulnerable to Arbitrary Code Injection via the hydration process of component property updates. An attacker can execute arbitrary commands on the server by sending specially crafted requests ...
CVE-2023-1660
The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard...
WordPress plugin Altair 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Gift Cards plugin <= 4.4.9 - Missing Authorization to Unauthenticated Price, Date, and Note Updates vulnerability
Missing Authorization to Unauthenticated Price, Date, and Note Updates vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Gift Vouchers versions = 4.4.9...
PT-2025-6559 · WordPress · Memorialday
Name of the Vulnerable Software and Affected Versions: MemorialDay plugin for WordPress versions up to, and including, 1.0.4 Description: The issue is due to missing or incorrect nonce validation on a function, making it possible for unauthenticated attackers to update settings and inject malicio...
PT-2025-2199 · WordPress · Wonder Fontawesome
Name of the Vulnerable Software and Affected Versions: Wonder FontAwesome plugin for WordPress versions up to, and including, 0.8 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation in one of the plugin's functions. This allows...
PT-2024-16975 · WordPress · Vernetzungsfunktion
Name of the Vulnerable Software and Affected Versions: Vernetzungsfunktion plugin for WordPress versions up to, and including, 1.97.5 Description: The issue is related to Cross-Site Request Forgery. It is caused by missing or incorrect nonce validation on the djo einstellungen menue function. Thi...