Lucene search
K

1117 matches found

EUVD
EUVD
added 2025/12/05 5:31 a.m.5 views

EUVD-2025-201375

The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on several endpoints. This makes it possible for unauthenticated attackers to perform a variety of actions via a forge...

4.3CVSS4.9AI score0.00102EPSS
Exploits0References3
CVE
CVE
added 2025/12/05 5:31 a.m.19 views

CVE-2025-10055

CVE-2025-10055 concerns the Time Sheets plugin for WordPress. The vulnerability is a Cross-Site Request Forgery (CSRF) in all versions up to 2.1.3 caused by missing or incorrect nonce validation on several endpoints. This could allow unauthenticated attackers to cause administrators to perform ac...

4.3CVSS5AI score0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/05 5:31 a.m.20 views

CVE-2025-13360 Quantic Social Image Hover <= 1.0.8 - Cross-Site Request Forgery to Settings Update

The Quantic Social Image Hover plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00124EPSS
Exploits0References3
CVE
CVE
added 2025/12/05 5:31 a.m.11 views

CVE-2025-13360

CVE-2025-13360 relates to the WordPress plugin Quantic Social Image Hover (versions up to and including 1.0.8). The vulnerability is a Cross-Site Request Forgery (CSRF) due to missing nonce validation on the plugin’s settings update function. Exploitation requires tricking a site administrator in...

4.3CVSS5.1AI score0.00124EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/05 5:31 a.m.5 views

EUVD-2025-201378

The Quantic Social Image Hover plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5AI score0.00124EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 5:31 a.m.3 views

CVE-2025-13144 ContentStudio <= 1.3.7 - Cross-Site Request Forgery to Settings Update

The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.7. This is due to missing or insufficient nonce validation on the addcstusettings function. This makes it possible for unauthenticated attackers to modify plugin settings v...

4.3CVSS4.9AI score0.00128EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/05 4:29 a.m.2 views

CVE-2025-13362 Norby AI <= 1.0.3 - Cross-Site Request Forgery to Settings Update

The Norby AI plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings and inject...

4.3CVSS5.1AI score0.00124EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.5 views

PT-2025-49213

The Quantic Social Image Hover plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.5AI score0.00124EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.3 views

PT-2025-49235

Name of the Vulnerable Software and Affected Versions User Generator and Importer plugin for WordPress versions up to and including 1.2.2 Description The plugin is susceptible to Cross-Site Request Forgery due to missing nonce validation in the "Import Using CSV File" function. This allows...

8.8CVSS6.2AI score0.00154EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.5 views

PT-2025-49198

The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on several endpoints. This makes it possible for unauthenticated attackers to perform a variety of actions via a forge...

4.3CVSS5.3AI score0.00102EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.3 views

PT-2025-49216

The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's...

6.1CVSS5.4AI score0.00119EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.6 views

PT-2025-49232

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the ark rp options page function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via ...

4.3CVSS5.6AI score0.00128EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/03 12:29 p.m.3 views

EUVD-2025-200980

The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "postaddtolist" function as well as an incorrect permissions callback in the "Api/init"...

4.3CVSS5AI score0.00104EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/03 12:29 p.m.4 views

CVE-2025-12358 ShopEngine <= 4.8.5 - Cross-Site Request Forgery to Wishlist Manipulation

The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "postaddtolist" function as well as an incorrect permissions callback in the "Api/init"...

4.3CVSS5.1AI score0.00104EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.5 views

PT-2025-48803

The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "post add to list" function as well as an incorrect permissions callback in the "Api/init...

4.3CVSS5.5AI score0.00104EPSS
Exploits0References3
NVD
NVD
added 2025/12/02 7:15 a.m.6 views

CVE-2025-13140

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJSDeleteSurvey AJAX action. This makes it possible for unauthenticated attackers to...

4.3CVSS0.00129EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/02 6:40 a.m.8 views

CVE-2025-13140 SurveyJS: Drag & Drop WordPress Form Builder <= 1.12.20 - Cross-Site Request Forgery to Survey Deletion

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJSDeleteSurvey AJAX action. This makes it possible for unauthenticated attackers to...

4.3CVSS0.00129EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/02 4:37 a.m.8 views

CVE-2025-13606 Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...

6.5CVSS0.00138EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/02 4:37 a.m.4 views

EUVD-2025-200180

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...

6.5CVSS4.8AI score0.00138EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.4 views

PT-2025-48649

The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.8. This is due to missing nonce verification on the bulk action functionality in the 'process bulk action' function. This makes it possible for unauthenticated...

4.3CVSS5.5AI score0.00137EPSS
Exploits0References5
Rows per page
Query Builder