Lucene search
K

1117 matches found

RedhatCVE
RedhatCVE
added 2025/11/05 5:8 a.m.4 views

CVE-2025-12402

The LinkedIn Resume plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.00. This is due to missing or incorrect nonce validation on the linkedinresumeprintAdminPage function. This makes it possible for unauthenticated attackers to update settin...

6.1CVSS5.3AI score0.00127EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/05 4:14 a.m.6 views

CVE-2025-12401

The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the labelpluginsoptions function. This makes it possible for unauthenticated attackers to update settings and injec...

6.1CVSS5.3AI score0.00127EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/05 12:0 a.m.8 views

WordPress Document Library Lite plugin improper authorization vulnerability

WordPress Document Library Lite plugin is a WordPress plugin for creating document libraries and download management features with support for multiple file types and responsive layouts. The WordPress Document Library Lite plugin suffers from an improper authorization vulnerability that stems fro...

5.3CVSS6.8AI score0.0028EPSS
Exploits2References1
NVD
NVD
added 2025/11/04 5:16 a.m.10 views

CVE-2025-12456

The Centangle-Team plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to modify plugin's settings via a forged reques...

6.1CVSS0.00127EPSS
Exploits0References5
NVD
NVD
added 2025/11/04 5:16 a.m.4 views

CVE-2025-12452

The Visit Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the widgets.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged...

6.1CVSS0.00101EPSS
Exploits0References2
NVD
NVD
added 2025/11/04 5:16 a.m.5 views

CVE-2025-12412

The Top Bar Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on th tbnajaxadd function. This makes it possible for unauthenticated attackers to update the plugin's setting...

6.1CVSS0.00123EPSS
Exploits0References3
NVD
NVD
added 2025/11/04 5:16 a.m.9 views

CVE-2025-12410

The SH Contextual Help plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation in the shcontextualhelpdashboardwidget function. This makes it possible for unauthenticated attackers to update...

6.1CVSS0.00127EPSS
Exploits0References4
NVD
NVD
added 2025/11/04 5:16 a.m.12 views

CVE-2025-12403

The Associados Amazon Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on the brzonadminpanel function. This makes it possible for unauthenticated attackers to update settings an...

6.1CVSS0.00127EPSS
Exploits0References4
CVE
CVE
added 2025/11/04 4:27 a.m.26 views

CVE-2025-12403

CVE-2025-12403 concerns the WordPress plugin Associados Amazon Plugin (brzon) <= 0.8. Wordfence notes a Cross-Site Request Forgery (CSRF) vulnerability that leverages missing or incorrect nonce validation in brzon_admin_panel(), enabling unauthenticated attackers to trigger settings updates an...

6.1CVSS5AI score0.00127EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/04 4:27 a.m.11 views

CVE-2025-12403 Associados Amazon Plugin <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Associados Amazon Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on the brzonadminpanel function. This makes it possible for unauthenticated attackers to update settings an...

6.1CVSS0.00127EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/04 4:27 a.m.10 views

CVE-2025-12413 Social Media WPCF7 Stop Words <= 1.1.3 - Cross-Site Request Forgery to Settings Update

The Social Media WPCF7 Stop Words plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.3. This is due to missing or incorrect nonce validation on the smWpCfSwOptions function. This makes it possible for unauthenticated attackers to update the...

5.4CVSS0.00105EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/04 4:27 a.m.37 views

CVE-2025-12416 Pagerank Tools <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Pagerank Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the prsavesettings function and insufficient input sanitization. This makes it possible for...

6.1CVSS0.00123EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/04 4:27 a.m.2 views

CVE-2025-12188 Posts Navigation Links for Sections and Headings - Free by WP Masters <= 1.0.1 - Cross-Site Request Forgery to Settings Update

The Posts Navigation Links for Sections and Headings – Free by WP Masters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'wpmnavigationlinkssettings' page. This makes it...

4.3CVSS5.3AI score0.00108EPSS
Exploits0References2
NVD
NVD
added 2025/11/04 4:15 a.m.6 views

CVE-2025-12070

The ViaAds plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing nonce validation on the ViaAdspluginHandler function. This makes it possible for unauthenticated attackers to modify the plugin's API key and cookie...

4.3CVSS0.00131EPSS
Exploits0References3
NVD
NVD
added 2025/11/04 4:15 a.m.6 views

CVE-2025-12401

The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the labelpluginsoptions function. This makes it possible for unauthenticated attackers to update settings and injec...

6.1CVSS0.00127EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/04 3:26 a.m.4 views

CVE-2025-12069 WP Global Screen Options <= 0.2 - Cross-Site Request Forgery to Screen Options Update

The WP Global Screen Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing nonce validation on the updatewpglobalscreenoptions action handler. This makes it possible for unauthenticated attackers to modify global...

4.3CVSS5.2AI score0.00108EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/04 3:26 a.m.15 views

CVE-2025-12069 WP Global Screen Options <= 0.2 - Cross-Site Request Forgery to Screen Options Update

The WP Global Screen Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing nonce validation on the updatewpglobalscreenoptions action handler. This makes it possible for unauthenticated attackers to modify global...

4.3CVSS0.00108EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/04 3:26 a.m.10 views

CVE-2025-12070 ViaAds <= 2.1.2 - Cross-Site Request Forgery to API Key Update

The ViaAds plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing nonce validation on the ViaAdspluginHandler function. This makes it possible for unauthenticated attackers to modify the plugin's API key and cookie...

4.3CVSS5.8AI score0.00131EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.5 views

PT-2025-44920

Name of the Vulnerable Software and Affected Versions Label Plugins versions prior to 0.5 Description The Label Plugins plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of, or incorrect, nonce validation within the label plugins options function. An...

6.1CVSS6.3AI score0.00127EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.5 views

PT-2025-44954

The LinkedIn Resume plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.00. This is due to missing or incorrect nonce validation on the linkedinresume printAdminPage function. This makes it possible for unauthenticated attackers to update...

6.1CVSS5.3AI score0.00127EPSS
Exploits0References5
Rows per page
Query Builder