8171 matches found
EUVD-2025-32265
The PayPal Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the form creation and management functions. This makes it possible for unauthenticated attackers to create new PayPal forms and...
CVE-2025-10309 PayPal Forms <= 1.0.3 - Cross-Site Request Forgery
The PayPal Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the form creation and management functions. This makes it possible for unauthenticated attackers to create new PayPal forms and...
Denial Of Service (DoS)
com.liferay.portal.workflow.kaleo.forms.web is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient restrictions on saving request parameters in the portlet session because the application allows unvalidated request data to be stored in memory; an attacker can send crafte...
WordPress PayPal Forms plugin <= 1.0.3 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin PayPal Forms versions = 1.0.3...
WordPress plugin PayPal Forms 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
PT-2025-40472
Name of the Vulnerable Software and Affected Versions PayPal Forms plugin for WordPress versions up to and including 1.0.3 Description The PayPal Forms plugin for WordPress is susceptible to Cross-Site Request Forgery. This is a result of a lack of nonce validation during form creation and...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the API. An attacker can perform unauthorized actions, such as creating and starting arbitrary instances or executing arbitrary commands inside containers, by tricking a victim authenticated with clien...
DEBIAN-CVE-2025-54286
Cross-Site Request Forgery CSRF in LXD-UI in Canonical LXD versions = 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication...
CVE-2025-54286 CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI
Cross-Site Request Forgery CSRF in LXD-UI in Canonical LXD versions = 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication...
PT-2025-40326
Name of the Vulnerable Software and Affected Versions Canonical LXD versions 5.0 and later Description A Cross-Site Request Forgery CSRF issue exists in LXD-UI. This allows an attacker to create and start container instances without user consent by submitting crafted HTML forms that exploit clien...
WordPress NEX-Forms LITE plugin < 8.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin NEX-Forms LITE versions 8.2...
CVE-2025-10499
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...
CVE-2025-10498
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated...
CVE-2025-60166
Missing Authorization vulnerability in wpshuffle WP Subscription Forms PRO wp-subscription-forms-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms PRO: from n/a through = 2.0.5...
CVE-2025-9898
CVE-2025-9898 (cForms – Light speed fast Form Builder for WordPress) is a Cross-Site Request Forgery vulnerability present in all versions up to 3.0.0. The root cause is missing or incorrect nonce validation on the cforms_api function, enabling unauthenticated attackers to modify forms and their ...
CVE-2025-9898 cForms – Light speed fast Form Builder <= 3.0.0 - Cross-Site Request Forgery
The cForms – Light speed fast Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the cformsapi function. This makes it possible for unauthenticated attackers to modify...
CVE-2025-10499
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...
CVE-2025-10499
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...
CVE-2025-10498
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated...
CVE-2025-10498
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated...