Lucene search
K

1117 matches found

EUVD
EUVD
added 2025/12/06 6:30 a.m.6 views

EUVD-2025-201529

The WP Landing Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the 'wplpapiupdatetext' function. This makes it possible for unauthenticated attackers to update arbitrary post meta via a...

4.3CVSS4.9AI score0.00126EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 a.m.5 views

CVE-2025-12190

The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the imagopbyajaxoptimizegallery function. This makes it possible for unauthenticated attackers to...

4.3CVSS5.2AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 a.m.3 views

CVE-2025-13621

The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's...

6.1CVSS5.4AI score0.00119EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 a.m.4 views

CVE-2025-12128

The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the savedatahcps function. This makes it possible for unauthenticated attackers to...

4.3CVSS5.1AI score0.00102EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/06 5:49 a.m.14 views

CVE-2025-13629 WP Landing Page <= 0.9.3 - Cross-Site Request Forgery to Arbitrary Post Meta Update

The WP Landing Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the 'wplpapiupdatetext' function. This makes it possible for unauthenticated attackers to update arbitrary post meta via a...

4.3CVSS0.00126EPSS
Exploits0References3
CVE
CVE
added 2025/12/06 5:49 a.m.9 views

CVE-2025-13629

CVE-2025-13629 relates to the WP Landing Page WordPress plugin (versions up to 0.9.3). The vulnerability is a CSRF flaw caused by missing nonce validation in the wplp_api_update_text function, allowing unauthenticated attackers to forge requests that update arbitrary post meta if a site administr...

4.3CVSS5AI score0.00126EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/06 2:53 a.m.22 views

CVE-2025-11759

The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the XclonerRemoteStorage:save function. This makes it possible for...

4.3CVSS5.3AI score0.00102EPSS
Exploits0References1
NVD
NVD
added 2025/12/05 8:15 a.m.4 views

CVE-2025-13684

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the arkrpoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via a...

4.3CVSS0.00128EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 7:26 a.m.11 views

CVE-2025-12130

CVE-2025-12130 concerns the WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors WordPress plugin. Wordfence and NVD indicate a Cross-Site Request Forgery (CSRF) vulnerability due to missing/incorrect nonce validation on the /vendor_dashboard/product/delete/ endpoint, al...

4.3CVSS4.9AI score0.00102EPSS
Exploits0References2
NVD
NVD
added 2025/12/05 7:16 a.m.7 views

CVE-2025-12373

The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the savesettings function. This makes it possible for...

4.3CVSS0.00124EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/05 6:31 a.m.3 views

EUVD-2025-201380

The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's...

6.1CVSS5AI score0.00119EPSS
Exploits0References6
NVD
NVD
added 2025/12/05 6:16 a.m.2 views

CVE-2025-13621

The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's...

6.1CVSS0.00119EPSS
Exploits0References5
NVD
NVD
added 2025/12/05 6:16 a.m.4 views

CVE-2025-12190

The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the imagopbyajaxoptimizegallery function. This makes it possible for unauthenticated attackers to...

4.3CVSS0.00124EPSS
Exploits0References3
NVD
NVD
added 2025/12/05 6:16 a.m.10 views

CVE-2025-10055

The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on several endpoints. This makes it possible for unauthenticated attackers to perform a variety of actions via a forge...

4.3CVSS0.00102EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/05 6:7 a.m.9 views

EUVD-2025-201360

The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the savesettings function. This makes it possible for...

4.3CVSS4.8AI score0.00124EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/05 6:7 a.m.6 views

CVE-2025-12373 Torod – The smart shipping and delivery portal for e-shops and retailers <= 1.9 - Cross-Site Request Forgery To Plugin's Settings Modification

The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the savesettings function. This makes it possible for...

4.3CVSS4.8AI score0.00124EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/05 5:31 a.m.3 views

CVE-2025-12190 Image Optimizer by wps.sk <= 1.2.0 - Cross-Site Request Forgery to Bulk Image Optimization

The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the imagopbyajaxoptimizegallery function. This makes it possible for unauthenticated attackers to...

4.3CVSS4.9AI score0.00124EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/05 5:31 a.m.3 views

EUVD-2025-201369

The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the savedatahcps function. This makes it possible for unauthenticated attackers to...

4.3CVSS4.7AI score0.00102EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/05 5:31 a.m.32 views

CVE-2025-12189 Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents <= 7.11.1374 - Cross-Site Request Forgery to Arbitrary File Upload

The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.11.1374. This is due to missing or incorrect nonce validation on the uploadImage function...

4.3CVSS0.00268EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2025/12/05 5:31 a.m.3 views

CVE-2025-10055 Time Sheets <= 2.1.3 - Cross-Site Request Forgery

The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on several endpoints. This makes it possible for unauthenticated attackers to perform a variety of actions via a forge...

4.3CVSS5AI score0.00102EPSS
Exploits0References2
Rows per page
Query Builder