CVE-2026-1380 Bitcoin Donate Button <= 1.0 - Cross-Site Request Forgery to Settings Update

The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

Logitech: CSRF in changing users donation_settings [https://streamlabs.com/api/v6/viewer-portal/viewer-settings/donation_settings]

Hey there, I have found that the api/v6/viewer-portal/viewer-settings/donationsettings endpoint is vulnerable to csrf attack, which allows an attacker to update victim's donationsettings like username,amount...