Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2026/02/19 7:28 a.m.8 views

CVE-2026-2023

The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajaxsavecustomplugin function, which is disabled by prefixing the check with 'false &&'. This makes it possible for...

4.3CVSS5.4AI score0.00156EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/18 5:29 a.m.4 views

CVE-2026-2023

The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajaxsavecustomplugin function, which is disabled by prefixing the check with 'false &&'. This makes it possible for...

4.3CVSS5.4AI score0.00156EPSS
Exploits0References6
osv
osv
added 2026/02/18 5:29 a.m.5 views

CVE-2026-2023 WP Plugin Info Card <= 6.2.0 - Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation

The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajaxsavecustomplugin function, which is disabled by prefixing the check with 'false &&'. This makes it possible for...

4.3CVSS5.8AI score0.00156EPSS
Exploits0References7
cve
cve
added 2025/04/01 2:51 p.m.62 views

CVE-2025-31835

The CVE-2025-31835 issue in the WP Plugin Info Card plugin is associated with a Stored Cross-Site Scripting risk via the containerid parameter. Connected sources indicate this affects all versions up to 5.3.1 and that the prior patch for CVE-31835 was incomplete, leaving authenticated attackers (...

6.5CVSS7.2AI score0.00193EPSS
Exploits0References1
Rows per page
Query Builder