1117 matches found
CVE-2025-10309 PayPal Forms <= 1.0.3 - Cross-Site Request Forgery
The PayPal Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the form creation and management functions. This makes it possible for unauthenticated attackers to create new PayPal forms and...
CVE-2025-10309
CVE-2025-10309 pertains to the PayPal Forms plugin for WordPress, vulnerable to Cross-Site Forgery (CSRF) in all versions up to 1.0.3 due to missing nonce validation on form creation/management. This could allow unauthenticated attackers to create PayPal forms and modify payment settings by trick...
CVE-2025-9884
The CVE-2025-9884 entry concerns the WordPress plugin Mobile Site Redirect (versions up to and including 1.2.1). The issue is a Cross-Site Request Forgery (CSRF) that, due to missing or incorrect nonce validation, can allow unauthenticated attackers to induce a site administrator to perform actio...
CVE-2025-9884 Mobile Site Redirect <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Mobile Site Redirect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious w...
CVE-2025-10311 Comment Info Detector <= 1.0.5 - Cross-Site Request Forgery to Settings Update
The Comment Info Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing nonce validation on the options.php file when handling form submissions. This makes it possible for unauthenticated attackers to modify...
PT-2025-40508
Name of the Vulnerable Software and Affected Versions Notification Bar plugin for WordPress versions prior to 2.3 Description The Notification Bar plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is caused by insufficient or incorrect nonce validation within the...
PT-2025-40506
Name of the Vulnerable Software and Affected Versions ContentMX Content Publisher plugin for WordPress versions up to and including 1.0.6 Description The software is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by a lack of, or incorrect, nonce validation in the cmx...
WordPress plugin Notification Bar 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
PT-2025-40498
Name of the Vulnerable Software and Affected Versions WP SinoType plugin for WordPress versions prior to 1.1 Description The WP SinoType plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of or incorrect nonce validation in the sinotype config function. An...
PT-2025-40509
Name of the Vulnerable Software and Affected Versions AP Background plugin for WordPress versions up to and including 3.8.2 Description The software is susceptible to Cross-Site Request Forgery CSRF. This is due to missing or incorrect nonce validation within the advParallaxBackAdminSaveSlider...
CVE-2025-9948
The Chat by Chatwee plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on the admin settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a...
PT-2025-39957
Name of the Vulnerable Software and Affected Versions LatePoint plugin for WordPress versions through 5.1.94 Description The software is susceptible to Cross-Site Request Forgery due to the absence of nonce validation. This occurs on the change password function within the customer cabinet change...
CVE-2025-9896
The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.8. This is due to missing or incorrect nonce validation on the options.php settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a...
CVE-2025-9944
The Professional Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the watchforcontactformsubmit function. This makes it possible for unauthenticated attackers to trigg...
CVE-2025-10498
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated...
CVE-2025-9944
The Professional Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the watchforcontactformsubmit function. This makes it possible for unauthenticated attackers to trigg...
CVE-2025-9898
The cForms – Light speed fast Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the cformsapi function. This makes it possible for unauthenticated attackers to modify...
CVE-2025-9893 VM Menu Reorder plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update
The VM Menu Reorder plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the vmsettodefault function. This makes it possible for unauthenticated attackers to reset all menu...
CVE-2025-9893 VM Menu Reorder plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update
The VM Menu Reorder plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the vmsettodefault function. This makes it possible for unauthenticated attackers to reset all menu...
CVE-2025-9944 Professional Contact Form <= 1.0.0 - Cross-Site Request Forgery to Test Email Sending
The Professional Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the watchforcontactformsubmit function. This makes it possible for unauthenticated attackers to trigg...