Lucene search
K

652 matches found

Cvelist
Cvelist
added 2026/02/19 4:36 a.m.34 views

CVE-2025-13413 Country Blocker for AdSense <= 1.0 - Cross-Site Request Forgery to Settings Update

The Country Blocker for AdSense plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the CBFAguardarcbfa function. This makes it possible for unauthenticated attackers to update the plugin's settings...

4.3CVSS0.00173EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.4 views

CVE-2025-13413 Country Blocker for AdSense <= 1.0 - Cross-Site Request Forgery to Settings Update

The Country Blocker for AdSense plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the CBFAguardarcbfa function. This makes it possible for unauthenticated attackers to update the plugin's settings...

4.3CVSS5.4AI score0.00173EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 4:36 a.m.10 views

CVE-2025-13413

CVE-2025-13413 (Country Blocker for AdSense) is a CSRF vulnerability in WordPress plugin versions up to 1.0 due to missing nonce validation in the CBFA_guardar_cbfa() function, enabling unauthenticated attackers to trigger settings updates by tricking an admin. Public details indicate the issue a...

4.3CVSS5.4AI score0.00173EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/19 4:36 a.m.3 views

CVE-2026-2502

The xmlrpc attacks blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0, via the 'X-Forwarded-For' HTTP header. This is due to the plugin trusting and logging attacker-controlled IP header data and rendering debug log entries without outp...

6.1CVSS6.1AI score0.00265EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.9 views

PT-2026-20598

Name of the Vulnerable Software and Affected Versions Country Blocker for AdSense plugin for WordPress versions prior to 1.1 Description The software is susceptible to Cross-Site Request Forgery CSRF due to the absence of nonce validation in the CBFA guardar cbfa function. This allows...

4.3CVSS5.1AI score0.00173EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

WordPress plugin Country Blocker for AdSense 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.7AI score0.00173EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/18 11:6 p.m.8 views

WordPress Country Blocker for AdSense plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Country Blocker for AdSense versions = 1.0...

4.3CVSS5.5AI score0.00173EPSS
Exploits0References1Affected Software1
Vivaldi Security Advisories
Vivaldi Security Advisories
added 2026/02/13 1:11 p.m.17 views

Minor update for Vivaldi Android Browser 7.8

Head to the Google Play Store and download the browser. Alternatively, you can download Vivaldi from Uptodown, the Android app store. Your rating for our browser matters. ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ Enjoy! Changelog The following is a list of changes since the initial 7.8 stable release: Ad blocker Improvements...

8.8CVSS5.8AI score0.2202EPSS
Exploits12References1
RedhatCVE
RedhatCVE
added 2026/02/08 1:3 p.m.15 views

CVE-2026-1675

The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for...

5.3CVSS5.4AI score0.00342EPSS
Exploits0References1
NVD
NVD
added 2026/02/07 9:16 a.m.6 views

CVE-2026-1675

The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for...

5.3CVSS0.00342EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/07 8:26 a.m.9 views

CVE-2026-1675 Advanced Country Blocker <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key

The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for...

5.3CVSS5.5AI score0.00342EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/07 8:26 a.m.3 views

CVE-2026-1675

The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for...

5.3CVSS5.4AI score0.00342EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/07 8:26 a.m.35 views

CVE-2026-1675 Advanced Country Blocker <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key

The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for...

5.3CVSS0.00342EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.9 views

WordPress plugin Advanced Country Blocker 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00342EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.12 views

PT-2026-6896

Name of the Vulnerable Software and Affected Versions Advanced Country Blocker plugin for WordPress versions prior to 2.3.2 Description The Advanced Country Blocker plugin for WordPress is susceptible to an authorization bypass. This is due to the use of a predictable default value for the secret...

5.3CVSS5.5AI score0.00342EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/02/06 11:51 p.m.7 views

WordPress Advanced Country Blocker plugin <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key vulnerability

Unauthenticated Authorization Bypass via Insecure Default Secret Key vulnerability discovered by Hector Flores in WordPress Plugin Advanced Country Blocker versions = 2.3.1...

5.3CVSS5.3AI score0.00342EPSS
Exploits0References1Affected Software1
Microsoft Secure
Microsoft Secure
added 2026/02/05 6:51 p.m.20 views

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into executing malicious commands under the pretext of restoring normal functionality. This variant...

6.1AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/02/05 6:51 p.m.10 views

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into executing malicious commands under the pretext of restoring normal functionality. This variant...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/30 1:42 p.m.9 views

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens. One of the extensions in question is Amazon Ads Blocker ID: pnpchphmplpdimbllknjoiopmfphellj, which...

6.1CVSS6.9AI score0.01004EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/01/19 9:9 a.m.4 views

CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures

Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix-like lures to deliver a...

6.5AI score
Exploits0
Rows per page
Query Builder