Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.11 views

CVE-2026-9723

The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS5.3AI score0.00128EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 7:48 a.m.12 views

CVE-2026-9723 Google Plus One Bottom <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page

The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/11/05 1:18 a.m.6 views

WordPress Features plugin <= 0.0.2 - Missing Authorization to Authenticated (Subscriber+) Option Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Option Reset vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Module Features versions = 0.0.2...

4.3CVSS7AI score0.00178EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.5 views

PT-2024-39601 · WordPress · Elemenda

Name of the Vulnerable Software and Affected Versions: Elemenda plugin for WordPress versions up to, and including, 0.0.2 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS6.3AI score0.0025EPSS
Exploits0References6
Rows per page
Query Builder