Lucene search
+L

29 matches found

NVD
NVD
added yesterday6 views

CVE-2026-11866

The Appointment Booking Plugin WordPress plugin before 5.6.3 does not validate a CSRF nonce on several state-changing actions handled by its central request dispatcher, allowing attackers to perform privileged actions, such as overwriting the booking-form configuration or disconnecting the...

5.4CVSS0.00097EPSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-44871

The Appointment Booking Plugin WordPress plugin before 5.6.3 does not validate a CSRF nonce on several state-changing actions handled by its central request dispatcher, allowing attackers to perform privileged actions, such as overwriting the booking-form configuration or disconnecting the...

5.4CVSS6.1AI score0.00097EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/17 1:38 p.m.7 views

CVE-2025-14266 CSRF in Ercom Cryptobox administration console

CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link while he has an open session on the administration console...

2.3CVSS6.4AI score0.00157EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.16 views

PT-2025-51034

Name of the Vulnerable Software and Affected Versions OpenPLC V3 affected versions not specified Description The software is susceptible to a cross-site request forgery CSRF attack because of missing CSRF validation. An unauthenticated attacker can potentially trick a logged-in administrator into...

8CVSS6.5AI score0.00281EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.6 views

PT-2025-33126 · WordPress · Quiz/Survey Master

Name of the Vulnerable Software and Affected Versions: Quiz and Survey Master WordPress plugin versions prior to 10.2.3 Description: The Quiz and Survey Master QSM WordPress plugin does not have Cross-Site Request Forgery CSRF checks in place when updating its settings. This could allow attackers...

4.3CVSS6.3AI score0.00124EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 12:17 a.m.7 views

CVE-2022-4548

The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

6.5CVSS6.6AI score0.00332EPSS
Exploits2References1
OSV
OSV
added 2024/09/08 6:15 a.m.6 views

CVE-2024-6856

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS5.8AI score0.00201EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/06/14 12:0 a.m.4 views

WordPress plugin Similarity security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

5.4CVSS6.6AI score0.002EPSS
Exploits2References2
OSV
OSV
added 2024/06/07 6:15 a.m.7 views

CVE-2024-5003

The WP Stacker WordPress plugin through 1.8.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

5.4CVSS5.8AI score0.00199EPSS
Exploits2References1
OSV
OSV
added 2024/01/08 7:15 p.m.7 views

CVE-2023-6532

The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS7.3AI score0.00348EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/09/11 12:0 a.m.5 views

WordPress plugin Herd Effects Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

4.3CVSS6.8AI score0.00218EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/08/16 12:0 a.m.4 views

WordPress Plugin Tiempo.com 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS6.5AI score0.00252EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2023/08/10 12:0 a.m.13 views

Absolute Privacy <= 2.1 - User Email/Password Change via Cross-Site Request Forgery

Description The plugin does not protect its abprprofileShortcode action against CSRF attacks, allowing an unauthenticated attacker to change a users email or password by tricking a logged in administrator to submit a crafted request...

8.8CVSS6.7AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/07/17 12:0 a.m.6 views

WordPress plugin WooCommerce Google Sheet Connector 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

8.8CVSS8.5AI score0.00389EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.5 views

WordPress plugin HTML2WP 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress HTML2WP plugin 1.0.0 and earlier versions are vulnerable to cross-site request forgery, whi...

4.3CVSS5.3AI score0.00412EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/06/20 12:0 a.m.3 views

WordPress plugin WPlite 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WPlite plugin 1.3.1 and earlier versions are vulnerable to cross-site request forgery, whic...

6.5CVSS5.3AI score0.00393EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.7 views

CVE-2022-1793

The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public...

4.3CVSS5.8AI score0.00412EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.8 views

CVE-2022-1605

The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users...

6.5CVSS6.7AI score0.00513EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/03/04 9:20 p.m.28 views

CVE-2021-32008 Logged-in Administrator may get unrestricted file system access

This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories...

9.9CVSS9.5AI score0.00981EPSS
Exploits0References1
NVD
NVD
added 2021/07/12 8:15 p.m.34 views

CVE-2021-24409

The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator...

6.1CVSS0.01793EPSS
Exploits2References1
Rows per page
Query Builder