CVE-2025-13749

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcrupmchangeflag" function. This makes it possible for...

CVE-2025-13749 Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcrupmchangeflag" function. This makes it possible for...

CVE-2025-13749 Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcrupmchangeflag" function. This makes it possible for...

CVE-2025-13749

CVE-2025-13749 was reported for Clearfy Cache – WordPress optimization plugin, affecting versions up to 2.4.0, due to missing nonce validation in wbcr_upm_change_flag that enables CSRF to tamper with update notifications. The connected Wordfence entry confirms the issue as a CSRF to Update Notifi...

PT-2026-1711

Name of the Vulnerable Software and Affected Versions Clearfy Cache – WordPress optimization plugin versions prior to 2.4.1 Description The Clearfy Cache – WordPress optimization plugin is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by the absence of nonce validation...

EUVD-2008-7123

Malware in sbrugna...

EUVD-2024-45587

Malicious code in bioql PyPI...

CVE-2023-34029

Cross-Site Request Forgery CSRF vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin = 2.3.3 versions...

CVE-2024-51653

Cross-Site Request Forgery CSRF vulnerability in akira1891 UPDATE NOTIFICATIONS update-notifications allows Stored XSS.This issue affects UPDATE NOTIFICATIONS: from n/a through = 0.3.4...

CVE-2024-55931 Token stored in session storage

Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised. The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to the security bulletin...

CVE-2024-57033

creationtimestamp| type| source ---|---|--- 2025-01-17 20:17:24+00:00| seen| https://infosec.exchange/users/cve/statuses/113845537573466684 2025-01-17 20:21:07+00:00| seen| https://infosec.exchange/users/cve/statuses/113845552194441254 2025-01-17 21:15:27+00:00| seen|...

CVE-2025-23644

creationtimestamp| type| source ---|---|--- 2025-01-16 20:18:42+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv423ikiq2h 2025-01-16 23:38:18+00:00| seen| https://infosec.exchange/users/cve/statuses/113840665271851220...

CVE-2025-21231

creationtimestamp| type| source ---|---|--- 2025-01-14 17:29:48+00:00| seen| https://www.thezdi.com/blog/2025/1/14/the-january-2025-security-update-review 2025-01-14 18:18:01+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpuegc3zo2e 2025-01-14 19:56:07+00:00| seen|...

CVE-2025-21307

creationtimestamp| type| source ---|---|--- 2025-01-14 17:29:48+00:00| seen| https://www.thezdi.com/blog/2025/1/14/the-january-2025-security-update-review 2025-01-14 18:21:07+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpujxq4ne2r 2025-01-14 18:49:06+00:00| seen|...

CVE-2025-21202

creationtimestamp| type| source ---|---|--- 2025-01-14 17:29:48+00:00| seen| https://www.thezdi.com/blog/2025/1/14/the-january-2025-security-update-review 2025-01-14 18:17:10+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpucvlfda2n 2025-01-14 18:41:00+00:00| seen|...

CVE-2025-21403

creationtimestamp| type| source ---|---|--- 2025-01-14 17:29:48+00:00| seen| https://www.thezdi.com/blog/2025/1/14/the-january-2025-security-update-review 2025-01-14 18:23:37+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpuohjobz2f 2025-01-14 19:51:38+00:00| seen|...

CVE-2025-21332

creationtimestamp| type| source ---|---|--- 2025-01-14 17:29:48+00:00| seen| https://www.thezdi.com/blog/2025/1/14/the-january-2025-security-update-review 2025-01-14 18:22:10+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpultslht2p 2025-01-15 01:26:36+00:00| seen|...

CVE-2025-21378

creationtimestamp| type| source ---|---|--- 2025-01-14 17:29:48+00:00| seen| https://www.thezdi.com/blog/2025/1/14/the-january-2025-security-update-review 2025-01-14 18:23:21+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpuny36p22f 2025-01-14 19:51:46+00:00| seen|...

CVE-2023-42246

creationtimestamp| type| source ---|---|--- 2025-01-13 22:11:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113823335037954990 2025-01-13 22:16:58+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfnrash5wj2s 2025-01-13 22:38:14+00:00| seen|...

CVE-2024-11764

creationtimestamp| type| source ---|---|--- 2025-01-07 06:46:27+00:00| seen| https://infosec.exchange/users/cve/statuses/113785725693099056 2025-01-07 07:15:56+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf5442xe5q22 2025-01-07 07:15:56+00:00| seen|...