Lucene search
K

1117 matches found

Cvelist
Cvelist
added 2025/11/18 8:27 a.m.3 views

CVE-2025-9625 Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...

4.3CVSS0.00133EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/18 8:27 a.m.1 views

CVE-2025-9625 Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...

4.3CVSS4.9AI score0.00133EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/12 6:30 a.m.4 views

EUVD-2025-119996

The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the setsubscriptionlevel function. This makes it possible for unauthenticated attackers to modify the subscription settings of...

4.3CVSS4.9AI score0.00133EPSS
Exploits0References6
NVD
NVD
added 2025/11/12 5:15 a.m.6 views

CVE-2025-12901

The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the setsubscriptionlevel function. This makes it possible for unauthenticated attackers to modify the subscription settings of...

4.3CVSS0.00133EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/12 4:29 a.m.4 views

CVE-2025-12901 Asgaros Forum <= 3.2.1 - Cross-Site Request Forgery to Subscription Settings Update

The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the setsubscriptionlevel function. This makes it possible for unauthenticated attackers to modify the subscription settings of...

4.3CVSS5AI score0.00133EPSS
Exploits0References5
CVE
CVE
added 2025/11/12 4:29 a.m.11 views

CVE-2025-12901

The CVE-2025-12901 entry concerns the WordPress plugin Asgaros Forum. Reports across multiple sources confirm a Cross-Site Request Forgery (CSRF) vulnerability in all versions up to 3.2.1 caused by missing nonce validation in the set_subscription_level() function, enabling unauthenticated attacke...

4.3CVSS4.8AI score0.00133EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/12 3:47 a.m.17 views

CVE-2025-12590

The YSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.1. This is due to missing nonce verification on the content configuration page and insufficient input sanitization and output escaping. This makes it...

6.1CVSS4.8AI score0.00126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/12 3:46 a.m.11 views

CVE-2025-11886

The CTL Arcade Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'ctlarcadelitepagemanagegames' page. This makes it possible for unauthenticated attackers to deactivate and...

4.3CVSS5.4AI score0.00119EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/12 3:46 a.m.14 views

CVE-2025-12589

The WP-Walla plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 0.5.3.5. This is due to missing nonce verification on the settings page and insufficient input sanitization and output escaping. This makes it possibl...

6.1CVSS4.7AI score0.0013EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.5 views

PT-2025-46566

Name of the Vulnerable Software and Affected Versions Asgaros Forum plugin for WordPress versions prior to 3.2.2 Description The software is susceptible to Cross-Site Request Forgery CSRF. This is caused by a lack of nonce validation within the set subscription level function. An unauthenticated...

4.3CVSS6.5AI score0.00133EPSS
Exploits0References7
EUVD
EUVD
added 2025/11/11 6:30 a.m.5 views

EUVD-2025-60955

The WP-Walla plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 0.5.3.5. This is due to missing nonce verification on the settings page and insufficient input sanitization and output escaping. This makes it possibl...

6.1CVSS4.4AI score0.0013EPSS
Exploits0References6
EUVD
EUVD
added 2025/11/11 6:30 a.m.4 views

EUVD-2025-60963

The CTL Arcade Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'ctlarcadelitepagemanagegames' page. This makes it possible for unauthenticated attackers to deactivate and...

4.3CVSS5AI score0.00119EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.3 views

CVE-2025-12590 YSlider <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The YSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.1. This is due to missing nonce verification on the content configuration page and insufficient input sanitization and output escaping. This makes it...

6.1CVSS4.6AI score0.00126EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.6 views

CVE-2025-12590 YSlider <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The YSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.1. This is due to missing nonce verification on the content configuration page and insufficient input sanitization and output escaping. This makes it...

6.1CVSS0.00126EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.4 views

CVE-2025-12588 USB Qr Code Scanner For Woocommerce <= 1.0.0 - Cross-Site Request Forgery to Settings Update

The USB Qr Code Scanner For Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's settings...

4.3CVSS5.2AI score0.00131EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.6 views

CVE-2025-12589 WP-Walla <= 0.5.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WP-Walla plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 0.5.3.5. This is due to missing nonce verification on the settings page and insufficient input sanitization and output escaping. This makes it possibl...

6.1CVSS0.0013EPSS
Exploits0References5
CVE
CVE
added 2025/11/11 3:30 a.m.17 views

CVE-2025-12589

CVE-2025-12589 affects the WordPress plugin WP-Walla (versions up to and including 0.5.3.5). The issue is a combination of Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) due to missing nonce verification on the settings page and insufficient input sanitization/output esca...

6.1CVSS4.5AI score0.0013EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.5 views

PT-2025-46277

Name of the Vulnerable Software and Affected Versions USB Qr Code Scanner For Woocommerce plugin for WordPress versions prior to 1.0.1 Description The USB Qr Code Scanner For Woocommerce plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is a result of a lack of nonce...

4.3CVSS6.5AI score0.00131EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.5 views

PT-2025-46279

Name of the Vulnerable Software and Affected Versions YSlider versions prior to 1.2 Description The YSlider plugin for WordPress is susceptible to Cross-Site Request Forgery leading to Stored Cross-Site Scripting. This is a result of absent nonce verification on the content configuration page and...

6.1CVSS6AI score0.00126EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/05 5:8 a.m.4 views

CVE-2025-12413

The Social Media WPCF7 Stop Words plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.3. This is due to missing or incorrect nonce validation on the smWpCfSwOptions function. This makes it possible for unauthenticated attackers to update the...

5.4CVSS5.3AI score0.00105EPSS
Exploits0References1
Rows per page
Query Builder