Lucene search
K

245 matches found

NVD
NVD
added 2025/08/21 6:15 a.m.6 views

CVE-2025-8592

The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on the inspiroinstallplugin function. This makes it possible for unauthenticated attackers to install plugins from the...

8.1CVSS0.00199EPSS
Exploits0References5
OSV
OSV
added 2025/08/20 1:15 p.m.3 views

CVE-2025-54174

QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/20 12:53 p.m.2 views

CVE-2025-54174 Cross-Site Request Forgery in QuickCMS

QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...

5.1CVSS7AI score0.0018EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/20 12:53 p.m.10 views

CVE-2025-54174 Cross-Site Request Forgery in QuickCMS

QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...

5.1CVSS0.00124EPSS
Exploits0References2
CVE
CVE
added 2025/08/20 12:53 p.m.23 views

CVE-2025-54174

CVE-2025-54174 concerns QuickCMS: a Cross-Site Request Forgery in the article creation flow. An attacker could lure an admin to a crafted site, triggering a POST to create a malicious article with attacker-defined content. Documented impact is limited to the described CSRF behavior; exploitation ...

5.1CVSS7AI score0.0018EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/08/20 12:15 p.m.7 views

CVE-2025-8102

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the eddsendwpdisconnect and eddsendwpremoteinstall functions. This makes it possible for unauthenticated attackers t...

5.4CVSS0.00151EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/18 4:31 a.m.13 views

CVE-2025-7684

The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...

6.1CVSS6.7AI score0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/16 3:38 a.m.10 views

CVE-2025-7683 LatestCheckins <= 1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation on the 'LatestCheckins' page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS0.00159EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/15 4:34 a.m.15 views

CVE-2025-8491

The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsceprmsavemenu function. This makes it possible for unauthenticated attackers to upload a men...

4.3CVSS6.8AI score0.00151EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:25 a.m.7 views

CVE-2024-3642

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack...

6.9CVSS6.7AI score0.00254EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 8:33 a.m.6 views

CVE-2024-46485

dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery CSRF via /admin/doAdminAction.php?act=addCate...

6.3CVSS5.9AI score0.00178EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:37 a.m.6 views

CVE-2024-4409

The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a...

4.3CVSS6.4AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:30 a.m.8 views

CVE-2024-48291

dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery CSRF via /admin/doAdminAction.php?act=editAdmin=17...

6.3CVSS6.5AI score0.0017EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:25 a.m.11 views

CVE-2024-50966

dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/doAdminAction.php?act=addAdmin...

9.3CVSS9.4AI score0.00254EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:56 a.m.6 views

CVE-2023-0831

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the dismissnotice function called via the adminactionucpdismissnotice action. This makes it possible for...

4.3CVSS4.4AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:11 a.m.8 views

CVE-2022-1793

The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public...

4.3CVSS6.7AI score0.00412EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:19 p.m.8 views

CVE-2022-1826

The Cross-Linker WordPress plugin through 3.0.1.9 does not have CSRF check in place when creating Cross-Links, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

6.5CVSS6.8AI score0.00513EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:50 p.m.7 views

CVE-2021-4418

The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save code snippets via a forged...

4.3CVSS5.9AI score0.00397EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.4 views

CVE-2021-4416

The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on the mpdfadminsavepost function. This makes it possible for unauthenticated attackers to save post data via a forged request...

4.3CVSS5.8AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:10 a.m.8 views

CVE-2019-17676

app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin=index=doSaveSetup URI...

8.8CVSS6.9AI score0.00598EPSS
Exploits1References1
Rows per page
Query Builder