1117 matches found
CVE-2025-9616 PopAd <= 1.0.4 - Cross-Site Request Forgery to Settings Update
The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAdresetcookietime function. This makes it possible for unauthenticated attackers to reset cookie time settings via...
CVE-2025-9618
The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify plugin...
CVE-2025-9374
CVE-2025-9374 affects the WordPress plugin Ultimate Tag Warrior Importer (UTW Importer). It is a Cross-Site Request Forgery vulnerability caused by missing or incorrect nonce validation on a function, making unauthenticated attackers able to trigger actions by convincing a site administrator to c...
CVE-2025-7812 Video Share VOD – Turnkey Video Site Builder Script <= 2.7.6 - Cross-Site Request Forgery to Command Injection
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.6. This is due to missing or incorrect nonce validation on the adminExport function. This makes it possible for unauthenticated...
PT-2025-34956
Name of the Vulnerable Software and Affected Versions: Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress versions through 2.7.6 Description: The plugin is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation in the adminExport function...
CVE-2025-6247 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update campaigns and...
PT-2025-34750 · WordPress · Wordpress Automatic Plugin
Name of the Vulnerable Software and Affected Versions: WordPress Automatic Plugin versions prior to 3.118.0 Description: The WordPress Automatic Plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in one of its functions. This allows...
CVE-2025-7839
The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rpdpodpaajaxdpdeletedata function. This makes it possible for unauthenticated...
CVE-2025-7842
The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...
CVE-2025-8592
The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on the inspiroinstallplugin function. This makes it possible for unauthenticated attackers to install plugins from the...
CVE-2025-7842
The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...
CVE-2025-7841
The Sertifier Certificate & Badge Maker for WordPress – Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19. This is due to missing or incorrect nonce validation on the 'sertifiersettings' page. This makes it possible for...
CVE-2025-7839
The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rpdpodpaajaxdpdeletedata function. This makes it possible for unauthenticated...
CVE-2025-7842 Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion
The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...
CVE-2025-7839 Restore Permanently delete Post or Page Data <= 1.0 - Cross-Site Request Forgery
The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rpdpodpaajaxdpdeletedata function. This makes it possible for unauthenticated...
CVE-2025-7842 Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion
The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...
CVE-2025-7842
CVE-2025-7842 – Silencesoft RSS Reader (WordPress)
PT-2025-34511 · WordPress · Restore Permanently Delete Post/Page Data
Name of the Vulnerable Software and Affected Versions: Restore Permanently delete Post or Page Data plugin for WordPress version 1.0 Description: The Restore Permanently delete Post or Page Data plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce...
CVE-2025-8592
CVE-2025-8592 affects the Inspiro WordPress theme (versions up to 2.1.2). It is a Cross-Site Request Forgery defect due to missing/incorrect nonce validation in inspiro_install_plugin(), enabling unauthenticated attackers to trigger plugin installations via forged requests if a site admin clicks ...
CVE-2025-8592 Inspiro <= 2.1.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation
The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on the inspiroinstallplugin function. This makes it possible for unauthenticated attackers to install plugins from the...