Lucene search
K

1117 matches found

Cvelist
Cvelist
added 2025/09/27 6:47 a.m.8 views

CVE-2025-9898 cForms – Light speed fast Form Builder <= 3.0.0 - Cross-Site Request Forgery

The cForms – Light speed fast Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the cformsapi function. This makes it possible for unauthenticated attackers to modify...

4.3CVSS0.00124EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/27 6:47 a.m.3 views

CVE-2025-9899 Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms <= 1.0 - Cross-Site Request Forgery

The Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the feedsave function. This makes it possible for...

6.1CVSS4.9AI score0.00116EPSS
Exploits0References2
CVE
CVE
added 2025/09/27 6:47 a.m.14 views

CVE-2025-9896

CVE-2025-9896 – HidePost (WordPress) : WordPress HidePost plugin is vulnerable to Cross-Site Request Forgery due to missing or improper nonce validation on the options.php settings page. This allows an unauthenticated attacker to induce a site administrator to perform a forged action, potentially...

4.3CVSS4.9AI score0.00124EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/27 6:47 a.m.3 views

CVE-2025-9896 HidePost <= 2.3.8 - Cross-Site Request Forgery

The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.8. This is due to missing or incorrect nonce validation on the options.php settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a...

4.3CVSS4.9AI score0.00124EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/27 3:47 a.m.4 views

CVE-2025-10377

The System Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.20. This is due to missing nonce validation on the sdtogglelogs function. This makes it possible for unauthenticated attackers to toggle critical logging settings...

4.3CVSS5.2AI score0.00184EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/26 3:25 a.m.4 views

CVE-2025-10377 System Dashboard <= 2.8.20 - Cross-Site Request Forgery

The System Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.20. This is due to missing nonce validation on the sdtogglelogs function. This makes it possible for unauthenticated attackers to toggle critical logging settings...

4.3CVSS4.9AI score0.00184EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/26 3:25 a.m.10 views

CVE-2025-10377 System Dashboard <= 2.8.20 - Cross-Site Request Forgery

The System Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.20. This is due to missing nonce validation on the sdtogglelogs function. This makes it possible for unauthenticated attackers to toggle critical logging settings...

4.3CVSS0.00184EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/26 12:0 a.m.8 views

PT-2025-39486

Name of the Vulnerable Software and Affected Versions System Dashboard plugin for WordPress versions prior to 2.8.21 Description The System Dashboard plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is caused by a lack of nonce validation in the sd toggle logs function...

4.3CVSS6.1AI score0.00184EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/09/22 7:33 a.m.14 views

CVE-2025-9887

The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in the /frndzkadminclsw.php file. This makes it possible for unauthenticated attackers to change the...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/22 7:33 a.m.11 views

CVE-2025-9883

The Browser Sniff plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...

6.1CVSS5.3AI score0.00141EPSS
Exploits0References1
NVD
NVD
added 2025/09/20 7:15 a.m.3 views

CVE-2025-9887

The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in the /frndzkadminclsw.php file. This makes it possible for unauthenticated attackers to change the...

4.3CVSS0.00124EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/20 6:43 a.m.9 views

CVE-2025-9887 Custom Login And Signup Widget <= 1.0 - Cross-Site Request Forgery

The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in the /frndzkadminclsw.php file. This makes it possible for unauthenticated attackers to change the...

4.3CVSS0.00124EPSS
Exploits0References2
NVD
NVD
added 2025/09/20 5:15 a.m.4 views

CVE-2025-9949

The Internal Links Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the link deletion functionality in the processbulkaction function. This makes it possible for...

4.3CVSS0.00151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/20 12:0 a.m.5 views

PT-2025-38635

Name of the Vulnerable Software and Affected Versions Browser Sniff versions prior to 2.3 Description The Browser Sniff plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on a function. This allows unauthenticated attackers to update...

6.1CVSS6.1AI score0.00141EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/19 2:22 a.m.11 views

CVE-2025-9629

The USS Upyun plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on the usssettingpage function when processing the ussset form type. This makes it possible for unauthenticated attacker...

4.3CVSS5.4AI score0.00156EPSS
Exploits0References1
NVD
NVD
added 2025/09/17 2:15 a.m.3 views

CVE-2025-9891

The User Sync – Remote User Sync plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the mousersyncformhandler function. This makes it possible for unauthenticated attackers to...

4.3CVSS0.00186EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/13 7:25 a.m.8 views

CVE-2025-9620

The Seo Monster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.3. This is due to missing or incorrect nonce validation on the checkintegration function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS5.3AI score0.00141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/13 7:25 a.m.13 views

CVE-2025-9623

The Admin in English with Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the enableeng function. This makes it possible for unauthenticated attackers to modify administrator...

4.3CVSS5.2AI score0.00151EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/13 7:25 a.m.14 views

CVE-2025-9627

The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirlpluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings includi...

4.3CVSS5.2AI score0.00151EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/13 7:25 a.m.9 views

CVE-2025-9617

The Publish approval plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the publishsaveoption function. This makes it possible for unauthenticated attackers to modify plugin settings v...

5.3CVSS5.2AI score0.00137EPSS
Exploits0References1
Rows per page
Query Builder