271 matches found
PT-2025-38634
Name of the Vulnerable Software and Affected Versions osTicket WP Bridge versions up to and including 1.9.2 Description The osTicket WP Bridge plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on a function. This allows unauthenticated...
CVE-2025-9881
CVE-2025-9881 (Ultimate Blogroll, WordPress) : The WordPress plugin Ultimate Blogroll (≤ 2.5.2) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in a function. This can allow unauthenticated attackers to update plugin settings and inject malicious scripts via ...
CVE-2025-9880
CVE-2025-9880 affects the WordPress plugin Side Slide Responsive Menu (versions
CVE-2025-9880 Side Slide Responsive Menu <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Side Slide Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicio...
PT-2025-37145
The Seo Monster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.3. This is due to missing or incorrect nonce validation on the check integration function. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2025-7827
The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the niwoocpraction function in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-leve...
CVE-2025-7827 Ni WooCommerce Customer Product Report <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update
The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the niwoocpraction function in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-leve...
CVE-2025-7686
The weichuncaiWP伪春菜 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the sm-options.php page. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2025-7683
The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation on the 'LatestCheckins' page. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2025-7684
The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...
Linux Distros Unpatched Vulnerability : CVE-2023-1204
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all...
CVE-2025-7688
The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'add-user-meta' page. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2025-7668
The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'inux-promotional-plugin.php' page. This makes it possible for unauthenticated attackers to update...
CVE-2025-7686
CVE-2025-7686 refers to a CSRF-to-Stored XSS vulnerability in the WordPress plugin weichuncai(WP伪春菜) up to version 1.5, caused by missing or incorrect nonce validation on sm-options.php. Exploitation requires social engineering to persuade an admin to perform an action (e.g., clicking a forged li...
CVE-2025-7686 weichuncai(WP伪春菜) <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The weichuncaiWP伪春菜 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the sm-options.php page. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2025-7686 weichuncai(WP伪春菜) <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The weichuncaiWP伪春菜 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the sm-options.php page. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2025-7668
CVE-2025-7668 — Linux Promotional Plugin for WordPress is a CSRF to Stored XSS vulnerability affecting all versions up to 1.4. The issue arises from missing or incorrect nonce validation on the plugin’s linux-promotional-plugin.php page, enabling unauthenticated attackers to update settings and i...
CVE-2025-7668 Linux Promotional Plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'inux-promotional-plugin.php' page. This makes it possible for unauthenticated attackers to update...
PT-2025-33533 · WordPress · Last.Fm Recent Album Artwork
Name of the Vulnerable Software and Affected Versions: Last.fm Recent Album Artwork plugin for WordPress versions up to and including 1.0.2 Description: The Last.fm Recent Album Artwork plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation ...
PT-2025-33534 · WordPress · Weichuncai
Name of the Vulnerable Software and Affected Versions: weichuncaiWP伪春菜 plugin for WordPress versions up to and including 1.5 Description: The weichuncaiWP伪春菜 plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the sm-options.php page...