1117 matches found
CVE-2025-9625 Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery
The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...
CVE-2025-9625 Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery
The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...
EUVD-2025-119996
The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the setsubscriptionlevel function. This makes it possible for unauthenticated attackers to modify the subscription settings of...
CVE-2025-12901
The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the setsubscriptionlevel function. This makes it possible for unauthenticated attackers to modify the subscription settings of...
CVE-2025-12901 Asgaros Forum <= 3.2.1 - Cross-Site Request Forgery to Subscription Settings Update
The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the setsubscriptionlevel function. This makes it possible for unauthenticated attackers to modify the subscription settings of...
CVE-2025-12901
The CVE-2025-12901 entry concerns the WordPress plugin Asgaros Forum. Reports across multiple sources confirm a Cross-Site Request Forgery (CSRF) vulnerability in all versions up to 3.2.1 caused by missing nonce validation in the set_subscription_level() function, enabling unauthenticated attacke...
CVE-2025-12590
The YSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.1. This is due to missing nonce verification on the content configuration page and insufficient input sanitization and output escaping. This makes it...
CVE-2025-11886
The CTL Arcade Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'ctlarcadelitepagemanagegames' page. This makes it possible for unauthenticated attackers to deactivate and...
CVE-2025-12589
The WP-Walla plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 0.5.3.5. This is due to missing nonce verification on the settings page and insufficient input sanitization and output escaping. This makes it possibl...
PT-2025-46566
Name of the Vulnerable Software and Affected Versions Asgaros Forum plugin for WordPress versions prior to 3.2.2 Description The software is susceptible to Cross-Site Request Forgery CSRF. This is caused by a lack of nonce validation within the set subscription level function. An unauthenticated...
EUVD-2025-60955
The WP-Walla plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 0.5.3.5. This is due to missing nonce verification on the settings page and insufficient input sanitization and output escaping. This makes it possibl...
EUVD-2025-60963
The CTL Arcade Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'ctlarcadelitepagemanagegames' page. This makes it possible for unauthenticated attackers to deactivate and...
CVE-2025-12590 YSlider <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The YSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.1. This is due to missing nonce verification on the content configuration page and insufficient input sanitization and output escaping. This makes it...
CVE-2025-12590 YSlider <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The YSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.1. This is due to missing nonce verification on the content configuration page and insufficient input sanitization and output escaping. This makes it...
CVE-2025-12588 USB Qr Code Scanner For Woocommerce <= 1.0.0 - Cross-Site Request Forgery to Settings Update
The USB Qr Code Scanner For Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's settings...
CVE-2025-12589 WP-Walla <= 0.5.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The WP-Walla plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 0.5.3.5. This is due to missing nonce verification on the settings page and insufficient input sanitization and output escaping. This makes it possibl...
CVE-2025-12589
CVE-2025-12589 affects the WordPress plugin WP-Walla (versions up to and including 0.5.3.5). The issue is a combination of Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) due to missing nonce verification on the settings page and insufficient input sanitization/output esca...
PT-2025-46277
Name of the Vulnerable Software and Affected Versions USB Qr Code Scanner For Woocommerce plugin for WordPress versions prior to 1.0.1 Description The USB Qr Code Scanner For Woocommerce plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is a result of a lack of nonce...
PT-2025-46279
Name of the Vulnerable Software and Affected Versions YSlider versions prior to 1.2 Description The YSlider plugin for WordPress is susceptible to Cross-Site Request Forgery leading to Stored Cross-Site Scripting. This is a result of absent nonce verification on the content configuration page and...
CVE-2025-12413
The Social Media WPCF7 Stop Words plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.3. This is due to missing or incorrect nonce validation on the smWpCfSwOptions function. This makes it possible for unauthenticated attackers to update the...