64 matches found
CVE-2016-10865
The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery CSRF via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS...
EUVD-2015-1126
Malware in sbrugna...
EUVD-2024-33052
Malicious code in bioql PyPI...
EUVD-2024-33802
Malicious code in bioql PyPI...
EUVD-2025-22304
Malicious code in bioql PyPI...
EUVD-2021-34245
Malicious code in bioql PyPI...
CVE-2025-8104
CVE-2025-8104 concerns the WordPress plugin Memory Usage (also listed as Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions). The vulnerability is a Cross-Site Request Forgery due to missing nonce validation in the wpmemory_install_plugin() function, allowing u...
CVE-2025-48153
CVE-2025-48153 : A CSRF vulnerability in the WordPress plugin “Import CDN-Remote Images” (versions up to and including 2.1.2) can lead to stored XSS. Affected product: Import CDN-Remote Images. Root cause: CSRF in the plugin allows injection that can persist as stored XSS. CVSSv3.1 base score 7.1...
CVE-2025-54041
CVE-2025-54041 describes a Cross-Site Request Forgery (CSRF) flaw in the Wallet System for WooCommerce plugin. Affected software: Wallet System for WooCommerce, versions n/a through 2.6.7. Root cause and impact are stated as CSRF allowing an attacker to induce actions on behalf of an authenticate...
CVE-2025-54035 WordPress Newsletters plugin <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Tribulant Software Newsletters newsletters-lite allows Cross Site Request Forgery.This issue affects Newsletters: from n/a through = 4.10...
CVE-2025-54020 WordPress AntiSpam for Contact Form 7 plugin <= 0.6.3 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Erik AntiSpam for Contact Form 7 cf7-antispam allows Cross Site Request Forgery.This issue affects AntiSpam for Contact Form 7: from n/a through = 0.6.3...
CVE-2025-5933 RD Contacto <= 1.4 - Cross-Site Request Forgery to Settings Update
The RD Contacto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the rdWappUpdateData function. This makes it possible for unauthenticated attackers to update plugin settings via a...
CVE-2025-53305 WordPress WP Forum Server plugin <= 1.8.2 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in lucidcrew WP Forum Server forum-server allows Stored XSS.This issue affects WP Forum Server: from n/a through = 1.8.2...
CVE-2025-53254
CVE-2025-53254 CSRF in WordPress Cyrlitera plugin (versions up to 1.2.0) affects Cyrlitera transliteration functionality. Public sources list the vulnerability as CSRF (CVSS v3.1 base score 4.3, Medium) with unauthenticated users able to cause unauthorized actions. Connected references indicate a...
CVE-2025-49968
CVE-2025-49968 affects WordPress XML Travel Portal Widget (XML Travel Portal Widget) with CSRF in versions n/a through 2.0. Root cause: Cross-Site Request Forgery (CSRF) in the widget. Affected product/version details are provided, but no exploit specifics are documented in the connected sources....
CVE-2025-50044 WordPress Real Estate Manager plugin <= 7.3 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Rameez Iqbal Real Estate Manager allows Cross Site Request Forgery. This issue affects Real Estate Manager: from n/a through 7.3...
CVE-2025-52780
CVE-2025-52780 affects the WordPress plugin Logo Manager For Samandehi (versions
CVE-2025-6064
The WP URL Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the 'urlshortenersettings' page. This makes it possible for unauthenticated attackers to update settings and...
CVE-2025-49283 WordPress Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Matthias Nordwig Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant gdpr-compliant-recaptcha-for-all-forms allows Cross Site Request Forgery.This issue affects Anti-spam, Spam protection, ReCaptcha for all forms and...
CVE-2023-2893
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...