Lucene search
K

1117 matches found

Vulnrichment
Vulnrichment
added 2025/09/04 9:22 a.m.2 views

CVE-2025-9616 PopAd <= 1.0.4 - Cross-Site Request Forgery to Settings Update

The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAdresetcookietime function. This makes it possible for unauthenticated attackers to reset cookie time settings via...

5.3CVSS4.7AI score0.0015EPSS
Exploits0References2
NVD
NVD
added 2025/08/30 2:15 a.m.5 views

CVE-2025-9618

The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify plugin...

4.3CVSS0.00124EPSS
Exploits0References2
CVE
CVE
added 2025/08/29 4:25 a.m.14 views

CVE-2025-9374

CVE-2025-9374 affects the WordPress plugin Ultimate Tag Warrior Importer (UTW Importer). It is a Cross-Site Request Forgery vulnerability caused by missing or incorrect nonce validation on a function, making unauthenticated attackers able to trigger actions by convincing a site administrator to c...

4.3CVSS4.9AI score0.00124EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/28 1:46 a.m.3 views

CVE-2025-7812 Video Share VOD – Turnkey Video Site Builder Script <= 2.7.6 - Cross-Site Request Forgery to Command Injection

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.6. This is due to missing or incorrect nonce validation on the adminExport function. This makes it possible for unauthenticated...

8.8CVSS7.7AI score0.00234EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.4 views

PT-2025-34956

Name of the Vulnerable Software and Affected Versions: Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress versions through 2.7.6 Description: The plugin is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation in the adminExport function...

8.8CVSS7.3AI score0.00234EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/08/26 9:6 a.m.2 views

CVE-2025-6247 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update campaigns and...

4.7CVSS6.1AI score0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.4 views

PT-2025-34750 · WordPress · Wordpress Automatic Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Automatic Plugin versions prior to 3.118.0 Description: The WordPress Automatic Plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in one of its functions. This allows...

4.7CVSS7AI score0.00175EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/08/25 5:32 a.m.4 views

CVE-2025-7839

The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rpdpodpaajaxdpdeletedata function. This makes it possible for unauthenticated...

4.3CVSS6.7AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/25 5:32 a.m.5 views

CVE-2025-7842

The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...

4.3CVSS6.7AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/23 5:35 a.m.6 views

CVE-2025-8592

The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on the inspiroinstallplugin function. This makes it possible for unauthenticated attackers to install plugins from the...

8.1CVSS6.7AI score0.00199EPSS
Exploits0References1
NVD
NVD
added 2025/08/23 5:15 a.m.4 views

CVE-2025-7842

The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...

4.3CVSS0.00124EPSS
Exploits0References2
NVD
NVD
added 2025/08/23 5:15 a.m.16 views

CVE-2025-7841

The Sertifier Certificate & Badge Maker for WordPress – Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19. This is due to missing or incorrect nonce validation on the 'sertifiersettings' page. This makes it possible for...

4.3CVSS0.00103EPSS
Exploits0References3
NVD
NVD
added 2025/08/23 5:15 a.m.5 views

CVE-2025-7839

The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rpdpodpaajaxdpdeletedata function. This makes it possible for unauthenticated...

4.3CVSS0.00124EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/23 4:25 a.m.3 views

CVE-2025-7842 Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion

The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...

4.3CVSS6.7AI score0.00124EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/23 4:25 a.m.3 views

CVE-2025-7839 Restore Permanently delete Post or Page Data <= 1.0 - Cross-Site Request Forgery

The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rpdpodpaajaxdpdeletedata function. This makes it possible for unauthenticated...

4.3CVSS5.9AI score0.00124EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/23 4:25 a.m.8 views

CVE-2025-7842 Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion

The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...

4.3CVSS0.00124EPSS
Exploits0References2
CVE
CVE
added 2025/08/23 4:25 a.m.21 views

CVE-2025-7842

CVE-2025-7842 – Silencesoft RSS Reader (WordPress)

4.3CVSS6.3AI score0.00124EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/23 12:0 a.m.7 views

PT-2025-34511 · WordPress · Restore Permanently Delete Post/Page Data

Name of the Vulnerable Software and Affected Versions: Restore Permanently delete Post or Page Data plugin for WordPress version 1.0 Description: The Restore Permanently delete Post or Page Data plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce...

4.3CVSS6.4AI score0.00124EPSS
Exploits0References6
CVE
CVE
added 2025/08/21 5:28 a.m.24 views

CVE-2025-8592

CVE-2025-8592 affects the Inspiro WordPress theme (versions up to 2.1.2). It is a Cross-Site Request Forgery defect due to missing/incorrect nonce validation in inspiro_install_plugin(), enabling unauthenticated attackers to trigger plugin installations via forged requests if a site admin clicks ...

8.1CVSS6.5AI score0.00199EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/21 5:28 a.m.3 views

CVE-2025-8592 Inspiro <= 2.1.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation

The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on the inspiroinstallplugin function. This makes it possible for unauthenticated attackers to install plugins from the...

8.1CVSS6.6AI score0.00199EPSS
Exploits0References5
Rows per page
Query Builder