Lucene search
K

1395 matches found

CVE
CVE
added 2025/12/20 3:20 a.m.10 views

CVE-2025-14164

Technical details about CVE-2025-14164 are not publicly provided in the supplied documents. The initial description mentions a CSRF vulnerability in Quran Gateway for WordPress up to version 1.5, but no further technical specifics are available here.

4.3CVSS5AI score0.00126EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/20 12:0 a.m.7 views

PT-2025-52540

Name of the Vulnerable Software and Affected Versions WP DB Booster plugin versions up to and including 1.0.1 Description The WP DB Booster plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of nonce validation on the cleanup all AJAX action. An...

4.3CVSS6AI score0.00126EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/12/19 12:0 a.m.4 views

CVE-2025-66908

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the @FormDatacontentType =...

6.4AI score0.00367EPSS
Exploits1References3
OSV
OSV
added 2025/12/17 8:15 p.m.5 views

CVE-2025-34434

AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload ...

9.1CVSS7.1AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/17 3:34 p.m.8 views

Mattermost has missing redirect URL validation

Mattermost versions 10.11.x = 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab...

6.1CVSS6.7AI score0.00125EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2025/12/17 8:15 a.m.7 views

CVE-2025-14399

The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.6. This is due to missing or incorrect nonce validation on the downloadpluginbulk and downloadthemebulk functions. This makes it possibl...

4.3CVSS0.00104EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/12/16 11:13 p.m.2 views

kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption

A flaw was found in Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM, which did not fully adhere to the requirements of RFC 5802. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the...

5.3CVSS5.7AI score0.0078EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/12/13 11:6 a.m.5 views

CVE-2025-12835

The WooMulti WordPress plugin through 17 does not validate a file parameter when deleting files, which could allow any authenticated users, such as subscriber to delete arbitrary files on the server...

7.3CVSS6.7AI score0.00243EPSS
Exploits0References1
CVE
CVE
added 2025/12/13 4:31 a.m.9 views

CVE-2025-14462

The CVE-2025-14462 issue affects the Lucky Draw Contests plugin for WordPress (versions

4.3CVSS5AI score0.00112EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/13 4:31 a.m.4 views

CVE-2025-14462 Lucky Draw Contests <= 4.2 - Cross-Site Request Forgery to Plugin Settings Update

The Lucky Draw Contests plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation in misc-settings.php. This makes it possible for unauthenticated attackers to update plugin settings via a forge...

4.3CVSS5AI score0.00112EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.6 views

CVE-2025-14162

The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.11.4. This is due to missing nonce validation on the 'BMLTPlugincreateoption' and 'BMLTPlugindeleteoption ' action. This makes it possible for unauthenticated attackers to...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.8 views

PT-2025-51048

The Image Slider by Ays- Responsive Slider and Carousel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.0. This is due to missing or incorrect nonce validation on the bulk delete functionality. This makes it possible for unauthenticated...

4.3CVSS5.5AI score0.00131EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.4 views

WordPress plugin WP3D Model Import Viewer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

8.8CVSS6.8AI score0.00433EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/12 6:31 a.m.4 views

EUVD-2025-202990

The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9. This is due to missing nonce validation on the plugin's settings page. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS4.9AI score0.00128EPSS
Exploits0References6
NVD
NVD
added 2025/12/12 4:15 a.m.8 views

CVE-2025-14062

The Animated Pixel Marquee Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery via the 'marquee' parameter in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the marquee deletion function. This makes it possible for unauthenticated attacke...

4.3CVSS0.00124EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/12 3:20 a.m.3 views

EUVD-2025-202968

The Purchase and Expense Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation on the 'suppthandledeletion' function. This makes it possible for unauthenticated attackers to delete arbitrary...

4.3CVSS5AI score0.00124EPSS
Exploits0References4
CVE
CVE
added 2025/12/12 3:20 a.m.11 views

CVE-2025-14062

CVE-2025-14062 – Animated Pixel Marquee Creator (WordPress) is a CSRF vulnerability in all versions up to 1.0.0 caused by missing nonce validation on the marquee deletion function. This enables unauthenticated attackers to delete marquees via forged requests if the site administrator is fooled in...

4.3CVSS5.1AI score0.00124EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.27 views

CVE-2025-14161 Truefy Embed <= 1.1.0 - Cross-Site Request Forgery to 'truefy_embed_options_update' Settings Update

The Truefy Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'truefyembedoptionsupdate' settings update action. This makes it possible for unauthenticated attackers to update the...

4.3CVSS0.00124EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.3 views

CVE-2025-14165 Kirim.Email WooCommerce Integration <= 1.2.9 - Cross-Site Request Forgery to Settings Update

The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9. This is due to missing nonce validation on the plugin's settings page. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS5AI score0.00128EPSS
Exploits0References5
CVE
CVE
added 2025/12/12 3:20 a.m.20 views

CVE-2025-14165

CVE-2025-14165 refers to the Kirim.Email WooCommerce Integration plugin for WordPress, with a CSRF vulnerability affecting all versions up to 1.2.9. The root cause is missing nonce validation on the plugin’s settings page, enabling unauthenticated attackers to modify API credentials and integrati...

4.3CVSS5AI score0.00128EPSS
Exploits0References5
Rows per page
Query Builder