Lucene search
K

1117 matches found

NVD
NVD
added 2025/11/28 4:16 a.m.6 views

CVE-2025-13737

The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...

4.3CVSS0.00129EPSS
Exploits0References3
NVD
NVD
added 2025/11/25 8:15 a.m.3 views

CVE-2025-12587

The Peer Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the website management pages. This makes it possible for unauthenticated attackers to add, modify, or delete website configuratio...

4.3CVSS0.00129EPSS
Exploits0References3
CVE
CVE
added 2025/11/25 7:28 a.m.12 views

CVE-2025-12587

The CVE-2025-12587 issue affects the WordPress Peer Publish plugin. Multiple sources describe a Cross-Site Request Forgery vulnerability in all versions up to 1.0 caused by missing nonce validation on admin pages, allowing unauthenticated attackers to add, modify, or delete site configurations vi...

4.3CVSS5.1AI score0.00129EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/25 7:28 a.m.3 views

EUVD-2025-199579

The Conditional Maintenance Mode for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation when toggling the maintenance mode status. This makes it possible for unauthenticated attackers to...

4.3CVSS5AI score0.00141EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/22 9:12 p.m.22 views

CVE-2025-11087

The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.0.1. This is due to missing nonce validation and missing file type validation in the '/custom-font-code/custom-fonts-uploads.php' file. This makes it possib...

8.8CVSS7.1AI score0.00211EPSS
Exploits0References1
CVE
CVE
added 2025/11/21 8:29 p.m.21 views

CVE-2025-11087

CVE-2025-11087 (Zegen Core, WordPress) : Zegen Core plugin

8.8CVSS6.7AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/21 8:29 p.m.6 views

EUVD-2025-198511

The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.0.1. This is due to missing nonce validation and missing file type validation in the '/custom-font-code/custom-fonts-uploads.php' file. This makes it possib...

8.8CVSS6.6AI score0.00211EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/21 8:29 p.m.9 views

CVE-2025-11087 Zegen Core <= 2.0.1 - Cross-Site Request Forgery to Arbitrary File Upload

The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.0.1. This is due to missing nonce validation and missing file type validation in the '/custom-font-code/custom-fonts-uploads.php' file. This makes it possib...

8.8CVSS6.7AI score0.00211EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/21 8:29 p.m.12 views

CVE-2025-11087 Zegen Core <= 2.0.1 - Cross-Site Request Forgery to Arbitrary File Upload

The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.0.1. This is due to missing nonce validation and missing file type validation in the '/custom-font-code/custom-fonts-uploads.php' file. This makes it possib...

8.8CVSS0.00211EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/21 9:30 a.m.3 views

EUVD-2025-198391

The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete custom post types...

4.3CVSS4.9AI score0.00106EPSS
Exploits0References3
NVD
NVD
added 2025/11/21 8:15 a.m.6 views

CVE-2025-13134

The AuthorSure plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the 'authorsure' page. This makes it possible for unauthenticated attackers to update settings and inject malicious we...

6.1CVSS0.00099EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/21 7:31 a.m.5 views

CVE-2025-13134 AuthorSure <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The AuthorSure plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the 'authorsure' page. This makes it possible for unauthenticated attackers to update settings and inject malicious we...

6.1CVSS0.00099EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/21 7:31 a.m.3 views

CVE-2025-13142 Custom Post Type <= 1.0 - Cross-Site Request Forgery to Custom Post Type Deletion

The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete custom post types...

4.3CVSS5AI score0.00106EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/19 9:9 a.m.14 views

CVE-2025-12173

The WP Admin Microblog plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'wp-admin-microblog' page. This makes it possible for unauthenticated attackers to send messages on beha...

4.3CVSS5.3AI score0.00106EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 9:9 a.m.11 views

CVE-2025-12404

The Like-it plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the likeitconf function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

6.1CVSS5.3AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 9:9 a.m.7 views

CVE-2025-9625

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...

4.3CVSS5.3AI score0.00133EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/18 9:30 a.m.3 views

EUVD-2025-197934

The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the printAdminPage function. This makes it possible for unauthenticated attackers to update setting...

6.1CVSS4.9AI score0.00124EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/18 8:27 a.m.7 views

CVE-2025-12173 WP Admin Microblog <= 3.1.1 - Cross-Site Request Forgery to Message Creation

The WP Admin Microblog plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'wp-admin-microblog' page. This makes it possible for unauthenticated attackers to send messages on beha...

4.3CVSS0.00106EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/18 8:27 a.m.4 views

EUVD-2025-197943

The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing nonce validation on the topfriendsoptionssubpanel function. This makes it possible for unauthenticated attackers to modify plugin settings via a forge...

4.3CVSS4.8AI score0.00106EPSS
Exploits0References3
CVE
CVE
added 2025/11/18 8:27 a.m.14 views

CVE-2025-9625

Affected software: WordPress Coil Web Monetization plugin. Vulnerability: Cross-Site Request Forgery due to missing/incorrect nonce validation on the coil-get-css-selector handling in the maybe_restrict_content function. Impact: Unauthenticated attackers can trigger CSS selector detection functio...

4.3CVSS4.9AI score0.00133EPSS
Exploits0References4
Rows per page
Query Builder