Lucene search
K

1117 matches found

Vulnrichment
Vulnrichment
added 2025/10/03 11:17 a.m.5 views

CVE-2025-10309 PayPal Forms <= 1.0.3 - Cross-Site Request Forgery

The PayPal Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the form creation and management functions. This makes it possible for unauthenticated attackers to create new PayPal forms and...

4.3CVSS5AI score0.00136EPSS
Exploits0References2
CVE
CVE
added 2025/10/03 11:17 a.m.15 views

CVE-2025-10309

CVE-2025-10309 pertains to the PayPal Forms plugin for WordPress, vulnerable to Cross-Site Forgery (CSRF) in all versions up to 1.0.3 due to missing nonce validation on form creation/management. This could allow unauthenticated attackers to create PayPal forms and modify payment settings by trick...

4.3CVSS5AI score0.00136EPSS
Exploits0References2
CVE
CVE
added 2025/10/03 11:17 a.m.18 views

CVE-2025-9884

The CVE-2025-9884 entry concerns the WordPress plugin Mobile Site Redirect (versions up to and including 1.2.1). The issue is a Cross-Site Request Forgery (CSRF) that, due to missing or incorrect nonce validation, can allow unauthenticated attackers to induce a site administrator to perform actio...

6.1CVSS4.9AI score0.00149EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/03 11:17 a.m.3 views

CVE-2025-9884 Mobile Site Redirect <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Mobile Site Redirect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious w...

6.1CVSS4.9AI score0.00149EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/03 11:17 a.m.10 views

CVE-2025-10311 Comment Info Detector <= 1.0.5 - Cross-Site Request Forgery to Settings Update

The Comment Info Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing nonce validation on the options.php file when handling form submissions. This makes it possible for unauthenticated attackers to modify...

4.3CVSS0.00136EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.7 views

PT-2025-40508

Name of the Vulnerable Software and Affected Versions Notification Bar plugin for WordPress versions prior to 2.3 Description The Notification Bar plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is caused by insufficient or incorrect nonce validation within the...

4.3CVSS6.2AI score0.00124EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.7 views

PT-2025-40506

Name of the Vulnerable Software and Affected Versions ContentMX Content Publisher plugin for WordPress versions up to and including 1.0.6 Description The software is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by a lack of, or incorrect, nonce validation in the cmx...

4.3CVSS6.2AI score0.0016EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.9 views

WordPress plugin Notification Bar 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.4AI score0.00124EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.7 views

PT-2025-40498

Name of the Vulnerable Software and Affected Versions WP SinoType plugin for WordPress versions prior to 1.1 Description The WP SinoType plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of or incorrect nonce validation in the sinotype config function. An...

4.3CVSS6.1AI score0.00151EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.10 views

PT-2025-40509

Name of the Vulnerable Software and Affected Versions AP Background plugin for WordPress versions up to and including 3.8.2 Description The software is susceptible to Cross-Site Request Forgery CSRF. This is due to missing or incorrect nonce validation within the advParallaxBackAdminSaveSlider...

4.3CVSS6AI score0.00124EPSS
Exploits0References5
NVD
NVD
added 2025/09/30 11:37 a.m.9 views

CVE-2025-9948

The Chat by Chatwee plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on the admin settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a...

4.3CVSS0.00151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.4 views

PT-2025-39957

Name of the Vulnerable Software and Affected Versions LatePoint plugin for WordPress versions through 5.1.94 Description The software is susceptible to Cross-Site Request Forgery due to the absence of nonce validation. This occurs on the change password function within the customer cabinet change...

8.8CVSS6.6AI score0.00204EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/09/28 6:52 a.m.11 views

CVE-2025-9896

The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.8. This is due to missing or incorrect nonce validation on the options.php settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/28 6:52 a.m.8 views

CVE-2025-9944

The Professional Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the watchforcontactformsubmit function. This makes it possible for unauthenticated attackers to trigg...

4.3CVSS5.2AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/28 2:41 a.m.7 views

CVE-2025-10498

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated...

5.4CVSS5.6AI score0.00151EPSS
Exploits0References1
NVD
NVD
added 2025/09/27 7:15 a.m.4 views

CVE-2025-9944

The Professional Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the watchforcontactformsubmit function. This makes it possible for unauthenticated attackers to trigg...

4.3CVSS0.00124EPSS
Exploits0References2
NVD
NVD
added 2025/09/27 7:15 a.m.3 views

CVE-2025-9898

The cForms – Light speed fast Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the cformsapi function. This makes it possible for unauthenticated attackers to modify...

4.3CVSS0.00124EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/27 6:47 a.m.17 views

CVE-2025-9893 VM Menu Reorder plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update

The VM Menu Reorder plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the vmsettodefault function. This makes it possible for unauthenticated attackers to reset all menu...

4.3CVSS0.00124EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/27 6:47 a.m.1 views

CVE-2025-9893 VM Menu Reorder plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update

The VM Menu Reorder plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the vmsettodefault function. This makes it possible for unauthenticated attackers to reset all menu...

4.3CVSS4.9AI score0.00124EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/27 6:47 a.m.13 views

CVE-2025-9944 Professional Contact Form <= 1.0.0 - Cross-Site Request Forgery to Test Email Sending

The Professional Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the watchforcontactformsubmit function. This makes it possible for unauthenticated attackers to trigg...

4.3CVSS0.00124EPSS
Exploits0References2
Rows per page
Query Builder