Lucene search
K

385 matches found

NVD
NVD
added 2026/03/16 2:17 p.m.6 views

CVE-2013-20005

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password,...

6.9CVSS0.00232EPSS
Exploits1References3
NVD
NVD
added 2026/03/07 8:16 a.m.6 views

CVE-2026-1086

The Font Pairing Preview For Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS0.00126EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.12 views

PT-2026-23837

The Font Pairing Preview For Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS5.6AI score0.00126EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.5 views

PT-2026-23838

The Guardian News Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS5.6AI score0.00126EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/06 3:31 p.m.6 views

EUVD-2018-21639

Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can craft HTML forms targeting the /kim/profile endpoint with hidden fields containing malicious user...

6.9CVSS5.7AI score0.00136EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/26 10:14 a.m.9 views

CVE-2026-2410

The Disable Admin Notices – Hide Dashboard Notifications plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing nonce validation in the showPageContent function. This makes it possible for unauthenticated attackers to a...

4.3CVSS5.4AI score0.00131EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/25 9:26 a.m.5 views

CVE-2026-2410

The Disable Admin Notices – Hide Dashboard Notifications plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing nonce validation in the showPageContent function. This makes it possible for unauthenticated attackers to a...

4.3CVSS5.4AI score0.00131EPSS
Exploits0References5
NVD
NVD
added 2026/02/19 7:17 a.m.7 views

CVE-2025-13413

The Country Blocker for AdSense plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the CBFAguardarcbfa function. This makes it possible for unauthenticated attackers to update the plugin's settings...

4.3CVSS0.00173EPSS
Exploits0References3
NVD
NVD
added 2026/02/18 8:16 a.m.6 views

CVE-2026-2112

The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pendi...

4.3CVSS0.00165EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-20298

The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pendi...

4.3CVSS5.5AI score0.00165EPSS
Exploits0References6
CVE
CVE
added 2026/02/14 4:35 a.m.16 views

CVE-2026-1983

CVE-2026-1983 concerns the SEATT: Simple Event Attendance plugin for WordPress. The Wordfence entry states this vuln is a Cross-Site Request Forgery (CSRF) flaw present in all versions up to 1.5.0, caused by missing nonce validation on event deletion. This enables unauthenticated attackers to tri...

4.3CVSS5.7AI score0.00124EPSS
Exploits0References3
CVE
CVE
added 2026/02/11 8:49 p.m.24 views

CVE-2019-25313

FlexNet Publisher 11.12.1 is affected by a cross-site request forgery that lets an attacker create a local admin account without authentication. An attacker can craft a malicious HTML form to trick an authenticated user into submitting a request that creates a new local admin with a predefined pa...

5.1CVSS5.3AI score0.0013EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/07 8:26 a.m.7 views

EUVD-2026-5738

The TITLE ANIMATOR plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings page form handler in inc/settings-page.php. This makes it possible for unauthenticated attackers to modify plugin...

4.3CVSS5.3AI score0.00151EPSS
Exploits0References3
CVE
CVE
added 2026/02/07 8:26 a.m.29 views

CVE-2026-1082

The CVE concerns the TITLE ANIMATOR WordPress plugin, where a Cross-Site Request Forgery flaw exists in all versions up to and including 1.0 due to missing nonce validation on the settings-page form handler in inc/settings-page.php. This allows unauthenticated attackers to modify plugin settings ...

4.3CVSS5.3AI score0.00151EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/02/01 1:23 a.m.190 views

Exploit for CVE-2025-2304

Camaleon CMS -p Arguments - -t, --target Base t...

9.4CVSS5.9AI score0.00566EPSS
Exploits17
Cvelist
Cvelist
added 2026/01/31 2:22 p.m.32 views

CVE-2026-1165 Popup Box <= 6.1.1 - Cross-Site Request Forgery to Popup Status Change

The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publishunpublishpopupbox' function that verifies a self-created nonce rather than one submitted in the request. This mak...

4.3CVSS0.00165EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/31 12:0 a.m.11 views

PT-2026-5544

The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publish unpublish popupbox' function that verifies a self-created nonce rather than one submitted in the request. This...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/29 3:18 p.m.12 views

CVE-2026-1398

The Change WP URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'change-wp-url' page. This makes it possible for unauthenticated attackers to change the WP Login URL via a...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 12:15 p.m.14 views

CVE-2026-1380

The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS0.00124EPSS
Exploits0References3
NVD
NVD
added 2026/01/28 12:15 p.m.21 views

CVE-2025-14616

The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...

4.3CVSS0.00128EPSS
Exploits0References5
Rows per page
Query Builder