1117 matches found
CVE-2025-8479
The Zoho Flow plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.14.1. This is due to missing or incorrect nonce validation on the zohoflowdeactivateplugin function. This makes it possible for unauthenticated attackers to modify typography setting...
CVE-2025-9888
The Maspik – Ultimate Spam Protection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.6. This is due to missing or incorrect nonce validation on the clearlog function. This makes it possible for unauthenticated attackers to clear all spam...
CVE-2025-9881
The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...
CVE-2025-9632
The PhpList Subber plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the bulkactionhandler function. This makes it possible for unauthenticated attackers to trigger bulk synchronizati...
CVE-2025-9623
The Admin in English with Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the enableeng function. This makes it possible for unauthenticated attackers to modify administrator...
CVE-2025-9628
The The integration of the AMO.CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the settingspage function. This makes it possible for unauthenticated attackers to modify critic...
CVE-2025-9632 PhpList Subber <= 1.1 - Cross-Site Request Forgery
The PhpList Subber plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the bulkactionhandler function. This makes it possible for unauthenticated attackers to trigger bulk synchronizati...
CVE-2025-9632 PhpList Subber <= 1.1 - Cross-Site Request Forgery
The PhpList Subber plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the bulkactionhandler function. This makes it possible for unauthenticated attackers to trigger bulk synchronizati...
CVE-2025-9623
CVE-2025-9623 affects the WordPress plugin Admin in English with Switch . The vulnerability is a Cross-Site Request Forgery (CSRF) in all versions up to and including 1.1, caused by missing or incorrect nonce validation on the enable_eng function. This allows unauthenticated attackers to modify a...
CVE-2025-9627 Run Log <= 1.7.10 - Cross-Site Request Forgery to Settings Update
The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirlpluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings includi...
CVE-2025-9627
CVE-2025-9627 describes a CSRF vulnerability in the WordPress Run Log plugin (versions up to and including 1.7.10). The issue stems from missing/incorrect nonce validation in the oirl_plugin_options function, allowing unauthenticated attackers to modify plugin settings (e.g., distance units, pace...
CVE-2025-9634
CVE-2025-9634 concerns the WordPress plugin “Plugin updates blocker” (versions up to and including 0.2). The flaw is a CSRF vulnerability caused by missing or incorrect nonce validation on the pub_save action, enabling unauthenticated attackers to toggle plugin updates (disable/enable) by luring ...
CVE-2025-9634 Plugin updates blocker <= 0.2 - Cross-Site Request Forgery
The Plugin updates blocker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the pubsave action handler. This makes it possible for unauthenticated attackers to disable or enable plug...
CVE-2025-9628
The AMO.CRM WordPress plugin vulnerability (CVE-2025-9628) is a CSRF issue in versions
CVE-2025-9628 The integration of the AMO.CRM <= 1.0.1 - Cross-Site Request Forgery
The The integration of the AMO.CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the settingspage function. This makes it possible for unauthenticated attackers to modify critic...
CVE-2025-9631 AutoCatSet <= 2.1.4 - Cross-Site Request Forgery
The AutoCatSet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.4. This is due to missing or incorrect nonce validation on the autocatsetajax function. This makes it possible for unauthenticated attackers to trigger automatic...
CVE-2025-8479 Zoho Flow <= 2.14.1 - Cross-Site Request Forgery
The Zoho Flow plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.14.1. This is due to missing or incorrect nonce validation on the zohoflowdeactivateplugin function. This makes it possible for unauthenticated attackers to modify typography setting...
CVE-2025-9888
The Maspik – Ultimate Spam Protection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.6. This is due to missing or incorrect nonce validation on the clearlog function. This makes it possible for unauthenticated attackers to clear all spam...
CVE-2025-9616
The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAdresetcookietime function. This makes it possible for unauthenticated attackers to reset cookie time settings via...
CVE-2025-9616 PopAd <= 1.0.4 - Cross-Site Request Forgery to Settings Update
The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAdresetcookietime function. This makes it possible for unauthenticated attackers to reset cookie time settings via...