13 matches found
CVE-2026-4070
The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...
CVE-2026-4070
The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...
WordPress plugin Alfie – Feed Plugin 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-42724
Name of the Vulnerable Software and Affected Versions Alfie – Feed Plugin for WordPress versions prior to 1.2.2 Description Cross-Site Request Forgery occurs due to missing nonce validation in the alfie manage function, which handles feed deletion through the 'delete' GET parameter. This allows...
CVE-2026-4069
The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfieoptionpage function combined with insufficient input sanitization and output escaping...
EUVD-2026-13991
The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfieoptionpage function combined with insufficient input sanitization and output escaping...
CVE-2026-4069
The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfieoptionpage function combined with insufficient input sanitization and output escaping...
CVE-2026-4069
The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfieoptionpage function combined with insufficient input sanitization and output escaping...
CVE-2026-4069
The Alfie – Feed Plugin for WordPress (WordPress plugin) is affected by CVE-2026-4069, with a Stored Cross-Site Scripting flaw in all versions up to 1.2.1. The root cause is missing nonce validation on the alfie_option_page() function combined with insufficient input sanitization and output escap...
CVE-2026-4069 Alfie – Feed Plugin <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'naam' Parameter
The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfieoptionpage function combined with insufficient input sanitization and output escaping...
CVE-2026-4069 Alfie – Feed Plugin <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'naam' Parameter
The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfieoptionpage function combined with insufficient input sanitization and output escaping...
WordPress plugin Alfie – Feed Plugin 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-26871
The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfie option page function combined with insufficient input sanitization and output...