CVE-2026-6222

CVE-2026-6222 affects the WordPress plugin Forminator Forms (versions

EUVD-2026-23390

The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX deletion handlers: vehiclescfmwdvehicle, contactscfmwdcontact, supplierscfmwdsupplier,...

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

EUVD-2025-208581

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

CVE-2025-67035

CVE-2025-67035 affects Lantronix EDS5000 (2.1.0.0R3). The SSH Client and SSH Server pages are vulnerable due to insufficient sanitization of input parameters, enabling an attacker to inject arbitrary commands in delete actions of objects like server keys, users, and known hosts. Commands are exec...

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

CVE-2021-47733

CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like '-alert1// and execute arbitrary JavaScript when victims interact with delete buttons...

EUVD-2007-5547

Malware in sbrugna...

CVE-2024-8700

The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars...

PT-2025-21531 · WordPress · The Events Calendar

Name of the Vulnerable Software and Affected Versions: The Event Calendar WordPress plugin versions 1.0.0 through 1.0.4 Description: The issue concerns a lack of authorization checks on delete actions, allowing unauthenticated users to delete arbitrary calendars. This means that without proper...

User with only "edit" can delete post and somethimes can add post

Description If you create a user with edit-only user rights, they should not be able to perform delete or add actions. This is really an admin error, because users with edit permissions can delete posts, and in the case of FAQs, they can also add posts. Proof of Concept 1.Create new user with edi...

CVE-2022-23052

PeteReport Version 0.5 contains a Cross Site Request Forgery CSRF vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application...

CVE-2021-24491

The Fileviewer WordPress plugin through 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack...

CSRF in extension "femanager" (femanager)

The extension fails to implement a CSRF protection for edit and delete actions...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to 1 hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, 2 hijack the authentication of users for...

OpenX 2.8.11 Cross Site Request Forgery

Hello, Multiple cross-site request forgery CSRF vulnerabilities in OpenX 2.8.11and earlier allows remote attackers to hijack the authentication of administrators for requests that delete 1 users, 2 advertisers, 3 banners, 4 campaigns, 5 channels, 6 websites or 7 zones via delete actions. File:...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in main.php in Contao formerly TYPOlight 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 delete users via a delete action in the user module, 2 delete news via a delete action in...