Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/05/23 8:12 a.m.18 views

CVE-2026-4070

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...

4.3CVSS5.9AI score0.00164EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 4:29 a.m.13 views

CVE-2026-4070

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...

4.3CVSS5.9AI score0.00164EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

WordPress plugin Alfie – Feed Plugin 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00164EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.13 views

PT-2026-42724

Name of the Vulnerable Software and Affected Versions Alfie – Feed Plugin for WordPress versions prior to 1.2.2 Description Cross-Site Request Forgery occurs due to missing nonce validation in the alfie manage function, which handles feed deletion through the 'delete' GET parameter. This allows...

4.3CVSS5.8AI score0.00164EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.5 views

CVE-2026-4069

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfieoptionpage function combined with insufficient input sanitization and output escaping...

6.1CVSS5.8AI score0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/21 6:30 a.m.3 views

EUVD-2026-13991

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfieoptionpage function combined with insufficient input sanitization and output escaping...

6.1CVSS5.8AI score0.00242EPSS
Exploits0References10
NVD
NVD
added 2026/03/21 4:17 a.m.5 views

CVE-2026-4069

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfieoptionpage function combined with insufficient input sanitization and output escaping...

6.1CVSS0.00242EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.2 views

CVE-2026-4069

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfieoptionpage function combined with insufficient input sanitization and output escaping...

6.1CVSS5.8AI score0.00242EPSS
Exploits0References10
CVE
CVE
added 2026/03/21 3:26 a.m.11 views

CVE-2026-4069

The Alfie – Feed Plugin for WordPress (WordPress plugin) is affected by CVE-2026-4069, with a Stored Cross-Site Scripting flaw in all versions up to 1.2.1. The root cause is missing nonce validation on the alfie_option_page() function combined with insufficient input sanitization and output escap...

6.1CVSS5.8AI score0.00242EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.27 views

CVE-2026-4069 Alfie – Feed Plugin <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'naam' Parameter

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfieoptionpage function combined with insufficient input sanitization and output escaping...

6.1CVSS0.00242EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.3 views

CVE-2026-4069 Alfie – Feed Plugin <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'naam' Parameter

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfieoptionpage function combined with insufficient input sanitization and output escaping...

6.1CVSS5.8AI score0.00242EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.8 views

WordPress plugin Alfie – Feed Plugin 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.1CVSS5.7AI score0.00242EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.8 views

PT-2026-26871

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfie option page function combined with insufficient input sanitization and output...

6.1CVSS5.8AI score0.00242EPSS
Exploits0References10
Rows per page
Query Builder