EUVD-2026-16171

The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...

EUVD-2026-14004

The Redirect countdown plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the countdownsettingscontent function. This makes it possible for unauthenticated attackers to update the plugin settings...

CVE-2026-2112

The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pendi...

EUVD-2026-1857

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce...

EUVD-2025-199854

The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...

PT-2025-47256

Name of the Vulnerable Software and Affected Versions Like-it plugin for WordPress versions prior to 2.3 Description The Like-it plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is caused by insufficient or incorrect nonce validation within the likeit conf function. An...

PT-2025-38102

Name of the Vulnerable Software and Affected Versions: USS Upyun plugin for WordPress versions prior to 1.5.1 Description: The USS Upyun plugin for WordPress is susceptible to a Cross-Site Request Forgery issue. This is due to missing or incorrect nonce validation within the uss setting page...

Account Spoofing

phpMyFAQ is vulnerable to User Account Spoofing. The vulnerability is due to the user removal page lacking backend validation, allowing an attacker to manipulate form details by intercepting the request via a proxy, which can allow an attacker to trick an admin into removing the account...

Cross site request forgery (csrf)

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpausecdnintegrationajaxrequestcallback function. This makes it possible for unauthenticated attackers to...

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

Description More instances of CSRF Proof of Concept /index.php?route=/panel/users/reports/&action=close&id=1 /index.php?route=/panel/users/reports/&action=open&id=1 /index.php?route=/panel/core/emails/errors/&do=delete&id=2 /index.php?route=/panel/core/emails/errors/&do=purge...