Lucene search
K

1117 matches found

NVD
NVD
added 2025/12/23 10:15 a.m.10 views

CVE-2025-14163

The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insertinnertemplate' function. This makes it possible for unauthenticated attackers to create arbitrary...

4.3CVSS0.00133EPSS
Exploits0References5
OSV
OSV
added 2025/12/23 10:15 a.m.3 views

CVE-2025-14163

The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insertinnertemplate' function. This makes it possible for unauthenticated attackers to create arbitrary...

4.3CVSS5.7AI score0.00133EPSS
Exploits0References4
CVE
CVE
added 2025/12/23 9:20 a.m.19 views

CVE-2025-14163

CVE-2025-14163 : The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation in insert_inner_template. This enables unauthenticated attackers to forge requests and cause creation of arbitrary Elementor templates, by tricking a ...

4.3CVSS4.9AI score0.00133EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/12/23 9:20 a.m.27 views

CVE-2025-14163 Premium Addons for Elementor <= 4.11.53 - Cross-Site Request Forgery via 'insert_inner_template'

The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insertinnertemplate' function. This makes it possible for unauthenticated attackers to create arbitrary...

4.3CVSS0.00133EPSS
Exploits0References5
NVD
NVD
added 2025/12/21 4:16 a.m.5 views

CVE-2025-13361

The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the custom field deletion functionality. This makes it possible for unauthenticated attackers to delete custom fields v...

4.3CVSS0.00129EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/21 4:12 a.m.11 views

CVE-2025-13365

The WP Hallo Welt plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'halloweltseite' function. This makes it possible for unauthenticated attackers to update plugin settings and...

6.1CVSS4.9AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/21 4:12 a.m.9 views

CVE-2025-14734

The Amazon affiliate lite Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'ADALsettingspage' function. This makes it possible for unauthenticated attackers to update...

5.4CVSS5.2AI score0.00101EPSS
Exploits0References1
NVD
NVD
added 2025/12/20 4:16 a.m.4 views

CVE-2025-14734

The Amazon affiliate lite Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'ADALsettingspage' function. This makes it possible for unauthenticated attackers to update...

5.4CVSS0.00101EPSS
Exploits0References2
NVD
NVD
added 2025/12/20 4:16 a.m.5 views

CVE-2025-14164

The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation in the qurangatewayoptions function. This makes it possible for unauthenticated attackers to modify the plugin's display settings v...

4.3CVSS0.00126EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/20 3:20 a.m.21 views

CVE-2025-13365 WP Hallo Welt <= 1.4. - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WP Hallo Welt plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'halloweltseite' function. This makes it possible for unauthenticated attackers to update plugin settings and...

6.1CVSS0.00123EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/12/20 3:20 a.m.22 views

CVE-2025-14164 Quran Gateway <= 1.5 - Cross-Site Request Forgery to Settings Update

The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation in the qurangatewayoptions function. This makes it possible for unauthenticated attackers to modify the plugin's display settings v...

4.3CVSS0.00126EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/20 3:20 a.m.3 views

CVE-2025-14164 Quran Gateway <= 1.5 - Cross-Site Request Forgery to Settings Update

The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation in the qurangatewayoptions function. This makes it possible for unauthenticated attackers to modify the plugin's display settings v...

4.3CVSS4.9AI score0.00126EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/15 2:25 p.m.4 views

CVE-2025-13950 OneSignal – Web Push Notifications <= 3.6.1 - Missing Authorization to Unauthenticated Plugin Settings Update

The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings handling functionality in all versions up to, and including, 3.6.1. This is due to the plugin processing POST requests without verifying...

5.3CVSS5AI score0.003EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/14 5:3 a.m.8 views

CVE-2025-14462

The Lucky Draw Contests plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation in misc-settings.php. This makes it possible for unauthenticated attackers to update plugin settings via a forge...

4.3CVSS5.3AI score0.00112EPSS
Exploits0References1
NVD
NVD
added 2025/12/13 4:16 p.m.5 views

CVE-2025-14394

The Popover Windows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they...

4.3CVSS0.00102EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.5 views

CVE-2025-14161

The Truefy Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'truefyembedoptionsupdate' settings update action. This makes it possible for unauthenticated attackers to update the...

4.3CVSS5.4AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.5 views

CVE-2025-14165

The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9. This is due to missing nonce validation on the plugin's settings page. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS5.4AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.4 views

CVE-2025-13408

The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the foxtoollogingoogle function. This makes it...

4.3CVSS5.2AI score0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 6:31 a.m.4 views

EUVD-2025-203017

The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.11.4. This is due to missing nonce validation on the 'BMLTPlugincreateoption' and 'BMLTPlugindeleteoption ' action. This makes it possible for unauthenticated attackers to...

4.3CVSS4.9AI score0.00124EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/12 6:31 a.m.5 views

EUVD-2025-202997

The Coding Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update plugin settings including th...

4.3CVSS4.9AI score0.00128EPSS
Exploits0References5
Rows per page
Query Builder