Lucene search
K

1117 matches found

RedhatCVE
RedhatCVE
added 2025/09/13 7:25 a.m.5 views

CVE-2025-8479

The Zoho Flow plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.14.1. This is due to missing or incorrect nonce validation on the zohoflowdeactivateplugin function. This makes it possible for unauthenticated attackers to modify typography setting...

4.3CVSS5.2AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/12 7:11 a.m.5 views

CVE-2025-9888

The Maspik – Ultimate Spam Protection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.6. This is due to missing or incorrect nonce validation on the clearlog function. This makes it possible for unauthenticated attackers to clear all spam...

4.3CVSS5.2AI score0.00156EPSS
Exploits0References1
NVD
NVD
added 2025/09/12 4:16 a.m.3 views

CVE-2025-9881

The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

6.1CVSS0.00141EPSS
Exploits0References3
NVD
NVD
added 2025/09/11 8:15 a.m.16 views

CVE-2025-9632

The PhpList Subber plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the bulkactionhandler function. This makes it possible for unauthenticated attackers to trigger bulk synchronizati...

4.3CVSS0.00149EPSS
Exploits0References3
NVD
NVD
added 2025/09/11 8:15 a.m.17 views

CVE-2025-9623

The Admin in English with Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the enableeng function. This makes it possible for unauthenticated attackers to modify administrator...

4.3CVSS0.00151EPSS
Exploits0References3
NVD
NVD
added 2025/09/11 8:15 a.m.19 views

CVE-2025-9628

The The integration of the AMO.CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the settingspage function. This makes it possible for unauthenticated attackers to modify critic...

4.3CVSS0.00151EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/11 7:25 a.m.2 views

CVE-2025-9632 PhpList Subber <= 1.1 - Cross-Site Request Forgery

The PhpList Subber plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the bulkactionhandler function. This makes it possible for unauthenticated attackers to trigger bulk synchronizati...

4.3CVSS4.9AI score0.00149EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/11 7:25 a.m.7 views

CVE-2025-9632 PhpList Subber <= 1.1 - Cross-Site Request Forgery

The PhpList Subber plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the bulkactionhandler function. This makes it possible for unauthenticated attackers to trigger bulk synchronizati...

4.3CVSS0.00149EPSS
Exploits0References3
CVE
CVE
added 2025/09/11 7:24 a.m.18 views

CVE-2025-9623

CVE-2025-9623 affects the WordPress plugin Admin in English with Switch . The vulnerability is a Cross-Site Request Forgery (CSRF) in all versions up to and including 1.1, caused by missing or incorrect nonce validation on the enable_eng function. This allows unauthenticated attackers to modify a...

4.3CVSS4.8AI score0.00151EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/11 7:24 a.m.3 views

CVE-2025-9627 Run Log <= 1.7.10 - Cross-Site Request Forgery to Settings Update

The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirlpluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings includi...

4.3CVSS4.9AI score0.00151EPSS
Exploits0References2
CVE
CVE
added 2025/09/11 7:24 a.m.15 views

CVE-2025-9627

CVE-2025-9627 describes a CSRF vulnerability in the WordPress Run Log plugin (versions up to and including 1.7.10). The issue stems from missing/incorrect nonce validation in the oirl_plugin_options function, allowing unauthenticated attackers to modify plugin settings (e.g., distance units, pace...

4.3CVSS4.9AI score0.00151EPSS
Exploits0References3
CVE
CVE
added 2025/09/11 7:24 a.m.15 views

CVE-2025-9634

CVE-2025-9634 concerns the WordPress plugin “Plugin updates blocker” (versions up to and including 0.2). The flaw is a CSRF vulnerability caused by missing or incorrect nonce validation on the pub_save action, enabling unauthenticated attackers to toggle plugin updates (disable/enable) by luring ...

4.3CVSS5AI score0.00124EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/11 7:24 a.m.3 views

CVE-2025-9634 Plugin updates blocker <= 0.2 - Cross-Site Request Forgery

The Plugin updates blocker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the pubsave action handler. This makes it possible for unauthenticated attackers to disable or enable plug...

4.3CVSS5AI score0.00124EPSS
Exploits0References2
CVE
CVE
added 2025/09/11 7:24 a.m.11 views

CVE-2025-9628

The AMO.CRM WordPress plugin vulnerability (CVE-2025-9628) is a CSRF issue in versions

4.3CVSS5AI score0.00151EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/11 7:24 a.m.3 views

CVE-2025-9628 The integration of the AMO.CRM <= 1.0.1 - Cross-Site Request Forgery

The The integration of the AMO.CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the settingspage function. This makes it possible for unauthenticated attackers to modify critic...

4.3CVSS5AI score0.00151EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/11 7:24 a.m.11 views

CVE-2025-9631 AutoCatSet <= 2.1.4 - Cross-Site Request Forgery

The AutoCatSet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.4. This is due to missing or incorrect nonce validation on the autocatsetajax function. This makes it possible for unauthenticated attackers to trigger automatic...

4.3CVSS0.00151EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/11 6:43 a.m.9 views

CVE-2025-8479 Zoho Flow <= 2.14.1 - Cross-Site Request Forgery

The Zoho Flow plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.14.1. This is due to missing or incorrect nonce validation on the zohoflowdeactivateplugin function. This makes it possible for unauthenticated attackers to modify typography setting...

4.3CVSS0.00176EPSS
Exploits0References4
NVD
NVD
added 2025/09/10 7:15 a.m.7 views

CVE-2025-9888

The Maspik – Ultimate Spam Protection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.6. This is due to missing or incorrect nonce validation on the clearlog function. This makes it possible for unauthenticated attackers to clear all spam...

4.3CVSS0.00156EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/06 9:27 a.m.11 views

CVE-2025-9616

The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAdresetcookietime function. This makes it possible for unauthenticated attackers to reset cookie time settings via...

5.3CVSS5.2AI score0.0015EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/04 9:22 a.m.20 views

CVE-2025-9616 PopAd <= 1.0.4 - Cross-Site Request Forgery to Settings Update

The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAdresetcookietime function. This makes it possible for unauthenticated attackers to reset cookie time settings via...

5.3CVSS0.0015EPSS
Exploits0References2
Rows per page
Query Builder