Lucene search
K

1117 matches found

Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.6 views

PT-2025-44953

The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage page function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS5.3AI score0.00127EPSS
Exploits0References5
CVE
CVE
added 2025/10/31 8:25 a.m.10 views

CVE-2025-8383

CVE-2025-8383: Depicter for WordPress suffers a Cross-Site Request Forgery in versions

4.3CVSS5.3AI score0.00156EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/10/31 8:25 a.m.11 views

CVE-2025-8383 Depicter <= 4.0.4 - Cross-Site Request Forgery

The Depicter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 4.0.4. This is due to missing or incorrect nonce validation on the depicter-document-rules-store function. This makes it possible for unauthenticated attackers to modify document rule...

4.3CVSS0.00156EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.5 views

PT-2025-44593

Name of the Vulnerable Software and Affected Versions The Depicter plugin for WordPress versions prior to 4.0.5 Description The Depicter plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation within the depicter-document-rules-store...

4.3CVSS6.1AI score0.00156EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/29 6:31 a.m.5 views

EUVD-2025-36602

The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action installextension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin...

6.5CVSS6.2AI score0.00203EPSS
Exploits0References3
NVD
NVD
added 2025/10/29 6:15 a.m.4 views

CVE-2025-9544

The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action installextension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin...

6.5CVSS0.00203EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/26 7:16 a.m.15 views

CVE-2025-11976

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...

4.3CVSS5.2AI score0.00124EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/25 9:32 a.m.4 views

EUVD-2025-35919

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...

4.3CVSS4.8AI score0.00124EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/25 8:29 a.m.9 views

CVE-2025-12072

The Disable Content Editor For Specific Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing nonce validation on template configuration updates. This makes it possible for unauthenticated attackers to add or...

4.3CVSS5.5AI score0.00122EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/25 8:29 a.m.13 views

CVE-2025-11992

The Multi Item Responsive Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'mioptions.php' page. This makes it possible for unauthenticated attackers to update settings an...

6.1CVSS5.4AI score0.00191EPSS
Exploits0References1
NVD
NVD
added 2025/10/24 9:15 a.m.9 views

CVE-2025-12028

The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4. This is due to missing nonce verification on the loginformindieauth function and the authorization endpoint at wp-login.php?action=indieauth. This makes it possible for...

8.8CVSS0.00194EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/10/24 8:23 a.m.11 views

CVE-2025-12028 IndieAuth <= 4.5.4 - Cross-Site Request Forgery to Account Takeover via Stolen OAuth Tokens

The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4. This is due to missing nonce verification on the loginformindieauth function and the authorization endpoint at wp-login.php?action=indieauth. This makes it possible for...

8.8CVSS0.00194EPSS
Exploits0References5
CVE
CVE
added 2025/10/24 8:23 a.m.22 views

CVE-2025-12028

CVE-2025-12028 (IndieAuth WordPress plugin) : The IndieAuth plugin (versions ≤ 4.5.4) is vulnerable to Cross-Site Request Forgery due to missing nonce verification in login_form_indieauth() and the wp-login.php?action=indieauth endpoint. This enables an unauthenticated attacker to induce a logged...

8.8CVSS5.3AI score0.00194EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/24 8:23 a.m.6 views

EUVD-2025-35817

The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4. This is due to missing nonce verification on the loginformindieauth function and the authorization endpoint at wp-login.php?action=indieauth. This makes it possible for...

8.8CVSS5.2AI score0.00194EPSS
Exploits0References5
CVE
CVE
added 2025/10/24 8:23 a.m.10 views

CVE-2025-12072

CVE-2025-12072 concerns the WordPress plugin Disable Content Editor For Specific Template (≤ 2.0). Root cause is missing nonce validation on template configuration updates, enabling CSRF. Impact: unauthenticated attackers can induce administrators to add or delete template configurations via forg...

4.3CVSS5.1AI score0.00122EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/24 8:23 a.m.3 views

CVE-2025-12072 Disable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration Update

The Disable Content Editor For Specific Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing nonce validation on template configuration updates. This makes it possible for unauthenticated attackers to add or...

4.3CVSS5.1AI score0.00122EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/24 8:23 a.m.5 views

CVE-2025-11992 Multi Item Responsive Slider <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Multi Item Responsive Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'mioptions.php' page. This makes it possible for unauthenticated attackers to update settings an...

6.1CVSS5.1AI score0.00191EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/24 8:23 a.m.9 views

EUVD-2025-35822

The Multi Item Responsive Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'mioptions.php' page. This makes it possible for unauthenticated attackers to update settings an...

6.1CVSS5AI score0.00191EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.6 views

PT-2025-43600

Name of the Vulnerable Software and Affected Versions WordPress IndieAuth plugin versions prior to 4.5.4 Description The software is susceptible to Cross-Site Request Forgery CSRF due to missing nonce verification. Specifically, the login form indieauth function and the authorization endpoint at...

8.8CVSS6.5AI score0.00194EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/10/19 8:26 a.m.9 views

CVE-2025-9890

The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0. This is due to missing or incorrect nonce validation on the 'themeeditortheme' page. This makes it possible for unauthenticated attackers to achieve remote code execution v...

8.8CVSS6.6AI score0.00366EPSS
Exploits0References1
Rows per page
Query Builder