CVE-2026-9730

The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the gmzcommentsettingssave function. This makes it possible for unauthenticated attackers to modify...

CVE-2026-9730

The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the gmzcommentsettingssave function. This makes it possible for unauthenticated attackers to modify...

PT-2026-45715

Name of the Vulnerable Software and Affected Versions Remove NoFollow Commenter URL versions prior to 1.1 Description The plugin is subject to Cross-Site Request Forgery due to missing or incorrect nonce validation in the gmz comment settings save function. This allows unauthenticated attackers t...

EUVD-2024-1227

Malicious code in bioql PyPI...

CVE-2018-16374

Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings...

CVE-2018-16374

Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings...

Frog CMS Cross-Site Scripting Vulnerability (CNVD-2019-10140)

Frog CMS is a content management system CMS developed by software developer Philippe Archambault. The system provides tools for page templates, user rights management, and document management. A stored cross-site scripting vulnerability exists in Frog CMS 0.9.5, which can be exploited by an...