Lucene search
K

8 matches found

NVD
NVD
added 2026/05/27 8:16 a.m.18 views

CVE-2026-8906

The WP Promoter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts...

6.1CVSS0.00119EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 7:20 p.m.21 views

CVE-2021-24166

The wpajaxnfoauthdisconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection...

5.8CVSS6.8AI score0.00458EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:26 p.m.9 views

CVE-2022-2001

The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the dxssadminpage function found in the /dx-share-selection.php file. This makes it possible for unauthenticated attackers to...

8.8CVSS6.5AI score0.0053EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/10/16 7:15 a.m.5 views

CVE-2022-4974

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...

6.3CVSS5.9AI score0.00424EPSS
Exploits0References7
OSV
OSV
added 2022/09/06 6:15 p.m.4 views

CVE-2022-2233

The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabcadminslidespostback function found in the /admin/admin.php file. This makes it possible for unauthenticated attackers to inje...

8.8CVSS5.8AI score0.00546EPSS
Exploits0References3
OSV
OSV
added 2022/07/18 5:15 p.m.6 views

CVE-2022-2001

The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the dxssadminpage function found in the /dx-share-selection.php file. This makes it possible for unauthenticated attackers to...

8.8CVSS5.8AI score0.0053EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/07/18 12:0 a.m.7 views

PT-2022-14256 · WordPress · Dx Share Selection

Name of the Vulnerable Software and Affected Versions: DX Share Selection plugin for WordPress versions up to, and including 1.4 Description: The issue is due to missing nonce protection on the dxss admin page function found in the /dx-share-selection.php file, making it possible for...

8.8CVSS8.6AI score0.0053EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2022/07/18 12:0 a.m.5 views

PT-2022-16691 · WordPress · Freemind Wp Browser

Name of the Vulnerable Software and Affected Versions: FreeMind WP Browser plugin for WordPress versions up to, and including 1.2 Description: The issue is due to missing nonce protection on the FreemindOptions function found in the /freemind-wp-browser.php file. This allows unauthenticated...

8.8CVSS8.4AI score0.00518EPSS
Exploits0References6
Rows per page
Query Builder