Lucene search
K

1117 matches found

RedhatCVE
RedhatCVE
added 2025/10/16 8:33 a.m.5 views

CVE-2025-10300

The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the fmenbtopbarsavesettings function. This makes it possible for unauthenticated attackers to update the plugin's settin...

4.3CVSS5.2AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/16 8:33 a.m.6 views

CVE-2025-10301

The FunKItools plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the saveFields function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...

4.3CVSS5.2AI score0.00122EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/16 8:33 a.m.5 views

CVE-2025-10312

The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation when processing form submissions in the theme-importer.php file. This makes it possible for unauthenticated attackers to trigger...

4.3CVSS5.7AI score0.00122EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/16 2:25 a.m.9 views

CVE-2025-10700 Ally - Web Accessibility & Usability <= 3.8.0 - Cross-Site Request Forgery to Plugin Settings Update

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the enableunfilteredfilesupload function. This makes it possible for unauthenticated...

4.3CVSS0.0018EPSS
Exploits0References3
NVD
NVD
added 2025/10/15 9:15 a.m.8 views

CVE-2025-10301

The FunKItools plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the saveFields function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...

4.3CVSS0.00122EPSS
Exploits0References2
CVE
CVE
added 2025/10/15 8:25 a.m.16 views

CVE-2025-10312

CVE-2025-10312 : WordPress Theme Importer plugin

4.3CVSS5.4AI score0.00122EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/15 8:25 a.m.3 views

CVE-2025-10312 Theme Importer <= 1.0 - Cross-Site Request Forgery

The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation when processing form submissions in the theme-importer.php file. This makes it possible for unauthenticated attackers to trigger...

4.3CVSS5.4AI score0.00122EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/15 8:25 a.m.10 views

CVE-2025-10312 Theme Importer <= 1.0 - Cross-Site Request Forgery

The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation when processing form submissions in the theme-importer.php file. This makes it possible for unauthenticated attackers to trigger...

4.3CVSS0.00122EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/15 8:25 a.m.3 views

EUVD-2025-34551

The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the fmenbtopbarsavesettings function. This makes it possible for unauthenticated attackers to update the plugin's settin...

4.3CVSS4.8AI score0.00152EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/10/15 8:25 a.m.4 views

CVE-2025-10300 TopBar <= 1.0.0 - Cross-Site Request Forgery to Settings Update

The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the fmenbtopbarsavesettings function. This makes it possible for unauthenticated attackers to update the plugin's settin...

4.3CVSS4.9AI score0.00152EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/15 8:25 a.m.4 views

CVE-2025-10301 FunKItools <= 1.0.2 - Cross-Site Request Forgery to Settings Update

The FunKItools plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the saveFields function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...

4.3CVSS4.9AI score0.00122EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.4 views

WordPress plugin FunKItools 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress FunKItools plugin has a cross-site request forgery vulnerability that stems from a missing or incorrect random number validation of the saveFields function, which can ...

4.3CVSS6.7AI score0.00122EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/12 10:5 a.m.15 views

CVE-2025-10375

The Web Accessibility By accessiBe plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10. This is due to missing nonce validation on multiple AJAX actions including accessibesignup, accessibelogin, accessibelicensetrial, accessibemodifyconfig,...

4.3CVSS5.4AI score0.00147EPSS
Exploits0References1
NVD
NVD
added 2025/10/11 10:15 a.m.7 views

CVE-2025-8606

The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activateplugin and deactivateplugin functions. This makes it possible for attackers to tri...

2.4CVSS0.00141EPSS
Exploits0References4
NVD
NVD
added 2025/10/11 10:15 a.m.5 views

CVE-2025-10376

The Course Redirects for Learndash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4. This is due to missing nonce validation when processing form submissions on the settings page. This makes it possible for unauthenticated attackers to...

4.3CVSS0.00122EPSS
Exploits0References2
NVD
NVD
added 2025/10/11 10:15 a.m.10 views

CVE-2025-10375

The Web Accessibility By accessiBe plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10. This is due to missing nonce validation on multiple AJAX actions including accessibesignup, accessibelogin, accessibelicensetrial, accessibemodifyconfig,...

4.3CVSS0.00147EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/11 9:28 a.m.1 views

CVE-2025-10376 Course Redirects for Learndash Plugin <= 0.4 - Cross-Site Request Forgery

The Course Redirects for Learndash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4. This is due to missing nonce validation when processing form submissions on the settings page. This makes it possible for unauthenticated attackers to...

4.3CVSS5AI score0.00122EPSS
Exploits0References2
CVE
CVE
added 2025/10/11 9:28 a.m.21 views

CVE-2025-10375

The WordPress plugin Web Accessibility by accessiBe (plugins: accessibe) is affected by CVE-2025-10375. A CSRF vulnerability exists in all versions up to 2.10 due to missing nonce validation on multiple AJAX actions (accessibe_signup, accessibe_login, accessibe_license_trial, accessibe_modify_con...

4.3CVSS5AI score0.00147EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/11 9:28 a.m.8 views

CVE-2025-9621 WidgetPack Comment System <= 1.6.1 - Cross-Site Request Forgery

The WidgetPack Comment System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation on the wpcmtsync action in the wpcmtrequesthandler function. This makes it possible for unauthenticated...

4.3CVSS0.00147EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/05 3:37 a.m.14 views

CVE-2025-9886

The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.20.2. This is due to missing or incorrect nonce validation in the '/admin/inc/post-management.php' file. This...

4.3CVSS5.3AI score0.00184EPSS
Exploits0References1
Rows per page
Query Builder