Lucene search
K

64 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:14 a.m.9 views

CVE-2016-10865

The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery CSRF via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS...

6.1CVSS7.2AI score0.00515EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-1126

Malware in sbrugna...

8.8CVSS5.2AI score0.00488EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-33052

Malicious code in bioql PyPI...

4.3CVSS8.8AI score0.00212EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-33802

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00304EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2025-22304

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00117EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2021-34245

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00397EPSS
Exploits1References9
CVE
CVE
added 2025/07/27 4:23 a.m.14 views

CVE-2025-8104

CVE-2025-8104 concerns the WordPress plugin Memory Usage (also listed as Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions). The vulnerability is a Cross-Site Request Forgery due to missing nonce validation in the wpmemory_install_plugin() function, allowing u...

4.3CVSS6.1AI score0.00176EPSS
Exploits0References4
CVE
CVE
added 2025/07/16 10:36 a.m.14 views

CVE-2025-48153

CVE-2025-48153 : A CSRF vulnerability in the WordPress plugin “Import CDN-Remote Images” (versions up to and including 2.1.2) can lead to stored XSS. Affected product: Import CDN-Remote Images. Root cause: CSRF in the plugin allows injection that can persist as stored XSS. CVSSv3.1 base score 7.1...

7.1CVSS5.9AI score0.00127EPSS
Exploits0References1
CVE
CVE
added 2025/07/16 10:36 a.m.16 views

CVE-2025-54041

CVE-2025-54041 describes a Cross-Site Request Forgery (CSRF) flaw in the Wallet System for WooCommerce plugin. Affected software: Wallet System for WooCommerce, versions n/a through 2.6.7. Root cause and impact are stated as CSRF allowing an attacker to induce actions on behalf of an authenticate...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/16 10:36 a.m.11 views

CVE-2025-54035 WordPress Newsletters plugin <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tribulant Software Newsletters newsletters-lite allows Cross Site Request Forgery.This issue affects Newsletters: from n/a through = 4.10...

4.3CVSS0.00128EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/16 10:36 a.m.2 views

CVE-2025-54020 WordPress AntiSpam for Contact Form 7 plugin <= 0.6.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Erik AntiSpam for Contact Form 7 cf7-antispam allows Cross Site Request Forgery.This issue affects AntiSpam for Contact Form 7: from n/a through = 0.6.3...

5.4CVSS5.9AI score0.00124EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/04 1:44 a.m.12 views

CVE-2025-5933 RD Contacto <= 1.4 - Cross-Site Request Forgery to Settings Update

The RD Contacto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the rdWappUpdateData function. This makes it possible for unauthenticated attackers to update plugin settings via a...

4.3CVSS0.00133EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/27 1:21 p.m.4 views

CVE-2025-53305 WordPress WP Forum Server plugin <= 1.8.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in lucidcrew WP Forum Server forum-server allows Stored XSS.This issue affects WP Forum Server: from n/a through = 1.8.2...

7.1CVSS5.2AI score0.00109EPSS
Exploits0References1
CVE
CVE
added 2025/06/27 1:21 p.m.15 views

CVE-2025-53254

CVE-2025-53254 CSRF in WordPress Cyrlitera plugin (versions up to 1.2.0) affects Cyrlitera transliteration functionality. Public sources list the vulnerability as CSRF (CVSS v3.1 base score 4.3, Medium) with unauthenticated users able to cause unauthorized actions. Connected references indicate a...

4.3CVSS5.9AI score0.0014EPSS
Exploits0References1
CVE
CVE
added 2025/06/20 3:4 p.m.21 views

CVE-2025-49968

CVE-2025-49968 affects WordPress XML Travel Portal Widget (XML Travel Portal Widget) with CSRF in versions n/a through 2.0. Root cause: Cross-Site Request Forgery (CSRF) in the widget. Affected product/version details are provided, but no exploit specifics are documented in the connected sources....

4.3CVSS5.9AI score0.00132EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/20 3:3 p.m.4 views

CVE-2025-50044 WordPress Real Estate Manager plugin <= 7.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rameez Iqbal Real Estate Manager allows Cross Site Request Forgery. This issue affects Real Estate Manager: from n/a through 7.3...

6.5CVSS7.2AI score0.00157EPSS
Exploits0References1
CVE
CVE
added 2025/06/20 3:3 p.m.16 views

CVE-2025-52780

CVE-2025-52780 affects the WordPress plugin Logo Manager For Samandehi (versions

7.1CVSS5.9AI score0.00109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/16 8:26 a.m.4 views

CVE-2025-6064

The WP URL Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the 'urlshortenersettings' page. This makes it possible for unauthenticated attackers to update settings and...

6.1CVSS6.7AI score0.00117EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/06 12:53 p.m.14 views

CVE-2025-49283 WordPress Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Matthias Nordwig Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant gdpr-compliant-recaptcha-for-all-forms allows Cross Site Request Forgery.This issue affects Anti-spam, Spam protection, ReCaptcha for all forms and...

4.3CVSS0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:38 a.m.12 views

CVE-2023-2893

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...

4.3CVSS6.3AI score0.00241EPSS
Exploits0References1
Rows per page
Query Builder