Lucene search
K

1117 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.8 views

CVE-2025-14077

The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the settingsPage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged...

4.3CVSS5.2AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.5 views

CVE-2025-13990

The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to create, update, or delete...

4.3CVSS5.4AI score0.00149EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.6 views

CVE-2025-13520

The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugi...

4.3CVSS5.3AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/01/09 6:16 a.m.9 views

CVE-2025-13749

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcrupmchangeflag" function. This makes it possible for...

4.3CVSS0.00124EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/09 5:25 a.m.23 views

CVE-2025-13749 Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcrupmchangeflag" function. This makes it possible for...

4.3CVSS0.00124EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/09 5:25 a.m.2 views

CVE-2025-13749 Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcrupmchangeflag" function. This makes it possible for...

4.3CVSS4.9AI score0.00124EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.7 views

PT-2026-1711

Name of the Vulnerable Software and Affected Versions Clearfy Cache – WordPress optimization plugin versions prior to 2.4.1 Description The Clearfy Cache – WordPress optimization plugin is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by the absence of nonce validation...

4.3CVSS6.5AI score0.00124EPSS
Exploits0References6
NVD
NVD
added 2026/01/07 12:16 p.m.4 views

CVE-2025-14077

The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the settingsPage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged...

4.3CVSS0.0014EPSS
Exploits0References3
NVD
NVD
added 2026/01/07 12:16 p.m.4 views

CVE-2025-13519

The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on multiple AJAX actions including 'savedata', 'deletedata', and 'addpopup'. This makes it possible for...

6.1CVSS0.00115EPSS
Exploits0References3
CVE
CVE
added 2026/01/07 9:21 a.m.10 views

CVE-2025-14077

CVE-2025-14077 – Simcast plugin for WordPress : The WordPress Simcast plugin has a Cross-Site Request Forgery vulnerability affecting all versions up to 1.0.0. The vulnerability arises from missing or incorrect nonce validation in the settingsPage function, enabling unauthenticated attackers to m...

4.3CVSS4.9AI score0.0014EPSS
Exploits0References3
CVE
CVE
added 2026/01/07 9:21 a.m.11 views

CVE-2025-13990

CVE-2025-13990 concerns the Mamurjor Employee Info WordPress plugin. The vulnerability is a Cross-Site Forgery (CSRF) in all versions up to 1.0.0, caused by missing nonce validation on multiple admin actions. This allows unauthenticated attackers to forge requests that create, update, or delete e...

4.3CVSS5AI score0.00149EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/01/07 9:20 a.m.23 views

CVE-2025-14465 Sticky Action Buttons <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update

The Sticky Action Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the sabsoptionspageformsubmit function. This makes it possible for unauthenticated attackers to update plug...

4.3CVSS0.00112EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/07 8:21 a.m.5 views

CVE-2025-13521 WP Status Notifier <= 1.0 - Cross-Site Request Forgery to Settings Update

The WP Status Notifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin...

4.3CVSS5AI score0.00124EPSS
Exploits0References3
CVE
CVE
added 2026/01/07 8:21 a.m.12 views

CVE-2025-13520

CVE-2025-13520 concerns the MTCaptcha WordPress Plugin. Wordfence’s detailed entry and weekly report confirm a CSRF vulnerability in the plugin’s settings update, allowing unauthenticated attackers to forge requests that can modify plugin settings (including the private key) if a site admin is tr...

4.3CVSS4.9AI score0.0014EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/07 8:21 a.m.2 views

CVE-2025-13520 MTCaptcha WordPress Plugin <= 2.7.2 - Cross-Site Request Forgery to Settings Update

The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugi...

4.3CVSS4.9AI score0.0014EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/07 8:21 a.m.21 views

CVE-2025-13527 xShare <= 1.0.1 - Cross-Site Request Forgery to 'rs_plugin_reset' Parameter

The xShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'xsharepluginreset' function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged...

4.3CVSS0.0014EPSS
Exploits0References3
CVE
CVE
added 2026/01/07 8:21 a.m.14 views

CVE-2025-14999

The CVE-2025-14999 vulnerability affects the Latest Tabs WordPress plugin (

4.3CVSS5AI score0.00102EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/07 4:32 a.m.3 views

CVE-2025-14468 AMP for WP – Accelerated Mobile Pages <= 1.1.9 - Cross-Site Request Forgery to Comment Submission

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the ampthemeajaxcomments AJAX handler, which rejects requests with VALID nonces and accepts...

4.3CVSS5.3AI score0.00132EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.5 views

PT-2026-1591

Name of the Vulnerable Software and Affected Versions SVG Map Plugin for WordPress versions prior to 1.0.1 Description The software is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on multiple AJAX actions. Specifically, the AJAX actions ‘save data’,...

6.1CVSS6.4AI score0.00115EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1592

Name of the Vulnerable Software and Affected Versions MTCaptcha WordPress Plugin versions prior to 2.7.3 Description The software is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the settings update functionality. An unauthenticated attacker could...

4.3CVSS6.3AI score0.0014EPSS
Exploits0References5
Rows per page
Query Builder