1117 matches found
CVE-2025-8592 Inspiro <= 2.1.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation
The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on the inspiroinstallplugin function. This makes it possible for unauthenticated attackers to install plugins from the...
PT-2025-34189
Name of the Vulnerable Software and Affected Versions: Inspiro theme for WordPress versions prior to 2.1.3 Description: The Inspiro theme for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the inspiro install plugin function. This allows...
CVE-2025-8102
The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the eddsendwpdisconnect and eddsendwpremoteinstall functions. This makes it possible for unauthenticated attackers t...
CVE-2025-8102 Easy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions
The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the eddsendwpdisconnect and eddsendwpremoteinstall functions. This makes it possible for unauthenticated attackers t...
CVE-2025-8102
CVE-2025-8102: Easy Digital Downloads for WordPress (versions ≤ 3.5.0) is vulnerable to Cross-Site Forgery via missing nonce checks in edd_sendwp_disconnect and edd_sendwp_remote_install. This CSRF allows unauthenticated attackers to deactivate or trigger activation/deactivation of the SendWP plu...
PT-2025-34039 · WordPress · Sendwp +1
Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads versions prior to 3.5.1 Description: The Easy Digital Downloads plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing nonce validations in the edd sendwp disconnect and edd sendwp remote insta...
CVE-2025-7684
The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...
CVE-2025-7684
The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...
CVE-2025-7668
The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'inux-promotional-plugin.php' page. This makes it possible for unauthenticated attackers to update...
CVE-2025-7686
CVE-2025-7686 refers to a CSRF-to-Stored XSS vulnerability in the WordPress plugin weichuncai(WP伪春菜) up to version 1.5, caused by missing or incorrect nonce validation on sm-options.php. Exploitation requires social engineering to persuade an admin to perform an action (e.g., clicking a forged li...
CVE-2025-7686 weichuncai(WP伪春菜) <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The weichuncaiWP伪春菜 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the sm-options.php page. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2025-7683 LatestCheckins <= 1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation on the 'LatestCheckins' page. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2025-7668
CVE-2025-7668 — Linux Promotional Plugin for WordPress is a CSRF to Stored XSS vulnerability affecting all versions up to 1.4. The issue arises from missing or incorrect nonce validation on the plugin’s linux-promotional-plugin.php page, enabling unauthenticated attackers to update settings and i...
CVE-2025-7668 Linux Promotional Plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'inux-promotional-plugin.php' page. This makes it possible for unauthenticated attackers to update...
CVE-2025-7684
The CVE-2025-7684 issue is confirmed for the WordPress plugin Last.fm Recent Album Artwork (versions up to and including 1.0.2). The root cause is missing/incorrect nonce validation on lastfm_albums_artwork.php, enabling Cross‑Site Request Forgery that can lead to a Stored Cross‑Site Scripting co...
PT-2025-33532 · WordPress · Latestcheckins
Name of the Vulnerable Software and Affected Versions: LatestCheckins plugin for WordPress version 1 Description: The LatestCheckins plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'LatestCheckins' page. This allows...
PT-2025-33534 · WordPress · Weichuncai
Name of the Vulnerable Software and Affected Versions: weichuncaiWP伪春菜 plugin for WordPress versions up to and including 1.5 Description: The weichuncaiWP伪春菜 plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the sm-options.php page...
PT-2025-33533 · WordPress · Last.Fm Recent Album Artwork
Name of the Vulnerable Software and Affected Versions: Last.fm Recent Album Artwork plugin for WordPress versions up to and including 1.0.2 Description: The Last.fm Recent Album Artwork plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation ...
CVE-2025-7688
The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'add-user-meta' page. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2025-7688 Add User Meta <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'add-user-meta' page. This makes it possible for unauthenticated attackers to update settings and inject...