Lucene search
K

1117 matches found

EUVD
EUVD
added 2025/12/12 6:31 a.m.4 views

EUVD-2025-202957

The Rabbit Hole plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the plugin's reset functionality. This makes it possible for unauthenticated attackers to reset the plugin's settings...

4.3CVSS4.9AI score0.00124EPSS
Exploits0References4
NVD
NVD
added 2025/12/12 4:15 a.m.8 views

CVE-2025-14354

The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to perform variou...

4.3CVSS0.00135EPSS
Exploits0References8
NVD
NVD
added 2025/12/12 4:15 a.m.14 views

CVE-2025-14162

The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.11.4. This is due to missing nonce validation on the 'BMLTPlugincreateoption' and 'BMLTPlugindeleteoption ' action. This makes it possible for unauthenticated attackers to...

4.3CVSS0.00124EPSS
Exploits0References3
NVD
NVD
added 2025/12/12 4:15 a.m.11 views

CVE-2025-14161

The Truefy Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'truefyembedoptionsupdate' settings update action. This makes it possible for unauthenticated attackers to update the...

4.3CVSS0.00124EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/12 3:21 a.m.31 views

CVE-2025-14391 Simple Theme Changer <= 1.0 - Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update

The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted...

4.3CVSS0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/12 3:21 a.m.22 views

CVE-2025-13366 Rabbit Hole <= 1.1 - Cross-Site Request Forgery to Settings Reset

The Rabbit Hole plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the plugin's reset functionality. This makes it possible for unauthenticated attackers to reset the plugin's settings...

4.3CVSS0.00124EPSS
Exploits0References3
CVE
CVE
added 2025/12/12 3:20 a.m.13 views

CVE-2025-14160

CVE-2025-14160 concerns the Up coming for Calendly plugin for WordPress. The Wordfence vulnerability report confirms a Cross-Site Request Forgery (CSRF) flaw caused by missing nonce validation in the plugin’s settings update path, enabling unauthenticated attackers to forge requests to modify the...

4.3CVSS5AI score0.00128EPSS
Exploits0References5
CVE
CVE
added 2025/12/12 3:20 a.m.8 views

CVE-2025-13987

CVE-2025-13987 affects the WordPress plugin Purchase and Expense Manager up to version 1.1.2. The issue is a Cross-Site Request Forgery (CSRF) due to missing nonce validation in the function sup_pt_handle_deletion . This allows unauthenticated attackers to delete arbitrary purchase records by tri...

4.3CVSS5.1AI score0.00124EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/12 3:20 a.m.4 views

EUVD-2025-202971

The Animated Pixel Marquee Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery via the 'marquee' parameter in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the marquee deletion function. This makes it possible for unauthenticated attacke...

4.3CVSS5AI score0.00124EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.3 views

CVE-2025-14354 Resource Library for Logged In Users <= 1.5 - Cross-Site Request Forgery to Multiple Administrative Actions

The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to perform variou...

4.3CVSS5.7AI score0.00135EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.3 views

CVE-2025-13363 IMAQ Core <= 1.2.1 - Cross-Site Request Forgery to URL Structure Update

The IMAQ Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the URL structure settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's URL...

4.3CVSS5AI score0.0014EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.32 views

CVE-2025-13408 Foxtool All-in-One: Contact chat button, Custom login, Media optimize images <= 2.5.2 - Cross-Site Request Forgery to Google OAuth Connection

The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the foxtoollogingoogle function. This makes it...

4.3CVSS0.00145EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.5 views

CVE-2025-14162 BMLT WordPress Plugin <= 3.11.4 - Cross-Site Request Forgery to Settings Creation and Deletion

The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.11.4. This is due to missing nonce validation on the 'BMLTPlugincreateoption' and 'BMLTPlugindeleteoption ' action. This makes it possible for unauthenticated attackers to...

4.3CVSS5AI score0.00124EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.8 views

PT-2025-50861

The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.11.4. This is due to missing nonce validation on the 'BMLTPlugin create option' and 'BMLTPlugin delete option ' action. This makes it possible for unauthenticated attackers ...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.3 views

WordPress plugin IMAQ Core 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

4.3CVSS6.3AI score0.0014EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

WordPress plugin Foxtool All-in-One: Contact chat button, Custom login, Media optimize images 跨站请求伪造漏洞

...

4.3CVSS5.8AI score0.00145EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.8 views

PT-2025-50316

Name of the Vulnerable Software and Affected Versions Video Merchant plugin for WordPress versions 5.0.4 and earlier Description The Video Merchant plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is due to inadequate nonce validation within the video merchant add vide...

8.8CVSS7.6AI score0.00376EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/12/06 9:37 a.m.12 views

CVE-2025-12879

The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV File" function. This makes it possible for unauthenticated attackers to elevate user privileges ...

8.8CVSS5.7AI score0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/06 7:56 a.m.10 views

CVE-2025-13684

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the arkrpoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via a...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/06 6:58 a.m.13 views

CVE-2025-12373

The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the savesettings function. This makes it possible for...

4.3CVSS5.2AI score0.00124EPSS
Exploits0References1
Rows per page
Query Builder