1117 matches found
CVE-2025-14077
The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the settingsPage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged...
CVE-2025-13990
The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to create, update, or delete...
CVE-2025-13520
The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugi...
CVE-2025-13749
The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcrupmchangeflag" function. This makes it possible for...
CVE-2025-13749 Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering
The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcrupmchangeflag" function. This makes it possible for...
CVE-2025-13749 Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering
The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcrupmchangeflag" function. This makes it possible for...
PT-2026-1711
Name of the Vulnerable Software and Affected Versions Clearfy Cache – WordPress optimization plugin versions prior to 2.4.1 Description The Clearfy Cache – WordPress optimization plugin is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by the absence of nonce validation...
CVE-2025-14077
The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the settingsPage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged...
CVE-2025-13519
The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on multiple AJAX actions including 'savedata', 'deletedata', and 'addpopup'. This makes it possible for...
CVE-2025-14077
CVE-2025-14077 – Simcast plugin for WordPress : The WordPress Simcast plugin has a Cross-Site Request Forgery vulnerability affecting all versions up to 1.0.0. The vulnerability arises from missing or incorrect nonce validation in the settingsPage function, enabling unauthenticated attackers to m...
CVE-2025-13990
CVE-2025-13990 concerns the Mamurjor Employee Info WordPress plugin. The vulnerability is a Cross-Site Forgery (CSRF) in all versions up to 1.0.0, caused by missing nonce validation on multiple admin actions. This allows unauthenticated attackers to forge requests that create, update, or delete e...
CVE-2025-14465 Sticky Action Buttons <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update
The Sticky Action Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the sabsoptionspageformsubmit function. This makes it possible for unauthenticated attackers to update plug...
CVE-2025-13521 WP Status Notifier <= 1.0 - Cross-Site Request Forgery to Settings Update
The WP Status Notifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin...
CVE-2025-13520
CVE-2025-13520 concerns the MTCaptcha WordPress Plugin. Wordfence’s detailed entry and weekly report confirm a CSRF vulnerability in the plugin’s settings update, allowing unauthenticated attackers to forge requests that can modify plugin settings (including the private key) if a site admin is tr...
CVE-2025-13520 MTCaptcha WordPress Plugin <= 2.7.2 - Cross-Site Request Forgery to Settings Update
The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugi...
CVE-2025-13527 xShare <= 1.0.1 - Cross-Site Request Forgery to 'rs_plugin_reset' Parameter
The xShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'xsharepluginreset' function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged...
CVE-2025-14999
The CVE-2025-14999 vulnerability affects the Latest Tabs WordPress plugin (
CVE-2025-14468 AMP for WP – Accelerated Mobile Pages <= 1.1.9 - Cross-Site Request Forgery to Comment Submission
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the ampthemeajaxcomments AJAX handler, which rejects requests with VALID nonces and accepts...
PT-2026-1591
Name of the Vulnerable Software and Affected Versions SVG Map Plugin for WordPress versions prior to 1.0.1 Description The software is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on multiple AJAX actions. Specifically, the AJAX actions ‘save data’,...
PT-2026-1592
Name of the Vulnerable Software and Affected Versions MTCaptcha WordPress Plugin versions prior to 2.7.3 Description The software is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the settings update functionality. An unauthenticated attacker could...