Lucene search
K

271 matches found

Positive Technologies
Positive Technologies
added 2025/09/20 12:0 a.m.7 views

PT-2025-38634

Name of the Vulnerable Software and Affected Versions osTicket WP Bridge versions up to and including 1.9.2 Description The osTicket WP Bridge plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on a function. This allows unauthenticated...

6.1CVSS5.8AI score0.00141EPSS
Exploits0References5
CVE
CVE
added 2025/09/12 3:22 a.m.25 views

CVE-2025-9881

CVE-2025-9881 (Ultimate Blogroll, WordPress) : The WordPress plugin Ultimate Blogroll (≤ 2.5.2) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in a function. This can allow unauthenticated attackers to update plugin settings and inject malicious scripts via ...

6.1CVSS5AI score0.00141EPSS
Exploits0References3
CVE
CVE
added 2025/09/12 3:22 a.m.28 views

CVE-2025-9880

CVE-2025-9880 affects the WordPress plugin Side Slide Responsive Menu (versions

6.1CVSS5AI score0.00148EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/12 3:22 a.m.3 views

CVE-2025-9880 Side Slide Responsive Menu <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Side Slide Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

6.1CVSS4.9AI score0.00148EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.6 views

PT-2025-37145

The Seo Monster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.3. This is due to missing or incorrect nonce validation on the check integration function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS5.3AI score0.00141EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/25 5:32 a.m.5 views

CVE-2025-7827

The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the niwoocpraction function in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-leve...

4.3CVSS6.8AI score0.00188EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/23 4:25 a.m.2 views

CVE-2025-7827 Ni WooCommerce Customer Product Report <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the niwoocpraction function in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-leve...

4.3CVSS6.7AI score0.00188EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/18 4:31 a.m.18 views

CVE-2025-7686

The weichuncaiWP伪春菜 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the sm-options.php page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS6.7AI score0.00127EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/18 4:31 a.m.9 views

CVE-2025-7683

The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation on the 'LatestCheckins' page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS6.7AI score0.00159EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/18 4:31 a.m.13 views

CVE-2025-7684

The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...

6.1CVSS6.7AI score0.00159EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-1204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all...

4.3CVSS5AI score0.00514EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/17 8:29 a.m.12 views

CVE-2025-7688

The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'add-user-meta' page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS6.7AI score0.00141EPSS
Exploits0References1
NVD
NVD
added 2025/08/16 4:16 a.m.8 views

CVE-2025-7668

The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'inux-promotional-plugin.php' page. This makes it possible for unauthenticated attackers to update...

6.1CVSS0.00159EPSS
Exploits0References3
CVE
CVE
added 2025/08/16 3:38 a.m.27 views

CVE-2025-7686

CVE-2025-7686 refers to a CSRF-to-Stored XSS vulnerability in the WordPress plugin weichuncai(WP伪春菜) up to version 1.5, caused by missing or incorrect nonce validation on sm-options.php. Exploitation requires social engineering to persuade an admin to perform an action (e.g., clicking a forged li...

6.1CVSS6.5AI score0.00127EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/16 3:38 a.m.4 views

CVE-2025-7686 weichuncai(WP伪春菜) <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The weichuncaiWP伪春菜 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the sm-options.php page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS6.7AI score0.00127EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/16 3:38 a.m.9 views

CVE-2025-7686 weichuncai(WP伪春菜) <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The weichuncaiWP伪春菜 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the sm-options.php page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS0.00127EPSS
Exploits0References2
CVE
CVE
added 2025/08/16 3:38 a.m.26 views

CVE-2025-7668

CVE-2025-7668 — Linux Promotional Plugin for WordPress is a CSRF to Stored XSS vulnerability affecting all versions up to 1.4. The issue arises from missing or incorrect nonce validation on the plugin’s linux-promotional-plugin.php page, enabling unauthenticated attackers to update settings and i...

6.1CVSS6.6AI score0.00159EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/16 3:38 a.m.5 views

CVE-2025-7668 Linux Promotional Plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'inux-promotional-plugin.php' page. This makes it possible for unauthenticated attackers to update...

6.1CVSS6.6AI score0.00159EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/16 12:0 a.m.6 views

PT-2025-33533 · WordPress · Last.Fm Recent Album Artwork

Name of the Vulnerable Software and Affected Versions: Last.fm Recent Album Artwork plugin for WordPress versions up to and including 1.0.2 Description: The Last.fm Recent Album Artwork plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation ...

6.1CVSS6.3AI score0.00159EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/08/16 12:0 a.m.7 views

PT-2025-33534 · WordPress · Weichuncai

Name of the Vulnerable Software and Affected Versions: weichuncaiWP伪春菜 plugin for WordPress versions up to and including 1.5 Description: The weichuncaiWP伪春菜 plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the sm-options.php page...

6.1CVSS6.3AI score0.00127EPSS
Exploits0References6
Rows per page
Query Builder