Lucene search
K

1117 matches found

Cvelist
Cvelist
added 2025/08/21 5:28 a.m.9 views

CVE-2025-8592 Inspiro <= 2.1.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation

The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on the inspiroinstallplugin function. This makes it possible for unauthenticated attackers to install plugins from the...

8.1CVSS0.00199EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.7 views

PT-2025-34189

Name of the Vulnerable Software and Affected Versions: Inspiro theme for WordPress versions prior to 2.1.3 Description: The Inspiro theme for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the inspiro install plugin function. This allows...

8.1CVSS6AI score0.00199EPSS
Exploits0References15
NVD
NVD
added 2025/08/20 12:15 p.m.6 views

CVE-2025-8102

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the eddsendwpdisconnect and eddsendwpremoteinstall functions. This makes it possible for unauthenticated attackers t...

5.4CVSS0.00151EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/20 11:26 a.m.9 views

CVE-2025-8102 Easy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the eddsendwpdisconnect and eddsendwpremoteinstall functions. This makes it possible for unauthenticated attackers t...

5.4CVSS0.00151EPSS
Exploits0References4
CVE
CVE
added 2025/08/20 11:26 a.m.24 views

CVE-2025-8102

CVE-2025-8102: Easy Digital Downloads for WordPress (versions ≤ 3.5.0) is vulnerable to Cross-Site Forgery via missing nonce checks in edd_sendwp_disconnect and edd_sendwp_remote_install. This CSRF allows unauthenticated attackers to deactivate or trigger activation/deactivation of the SendWP plu...

5.4CVSS6.7AI score0.00151EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.7 views

PT-2025-34039 · WordPress · Sendwp +1

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads versions prior to 3.5.1 Description: The Easy Digital Downloads plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing nonce validations in the edd sendwp disconnect and edd sendwp remote insta...

5.4CVSS6.6AI score0.00151EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/08/18 4:31 a.m.12 views

CVE-2025-7684

The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...

6.1CVSS6.7AI score0.00159EPSS
Exploits0References1
NVD
NVD
added 2025/08/16 4:16 a.m.7 views

CVE-2025-7684

The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...

6.1CVSS0.00159EPSS
Exploits0References3
NVD
NVD
added 2025/08/16 4:16 a.m.6 views

CVE-2025-7668

The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'inux-promotional-plugin.php' page. This makes it possible for unauthenticated attackers to update...

6.1CVSS0.00159EPSS
Exploits0References3
CVE
CVE
added 2025/08/16 3:38 a.m.26 views

CVE-2025-7686

CVE-2025-7686 refers to a CSRF-to-Stored XSS vulnerability in the WordPress plugin weichuncai(WP伪春菜) up to version 1.5, caused by missing or incorrect nonce validation on sm-options.php. Exploitation requires social engineering to persuade an admin to perform an action (e.g., clicking a forged li...

6.1CVSS6.5AI score0.00127EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/16 3:38 a.m.4 views

CVE-2025-7686 weichuncai(WP伪春菜) <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The weichuncaiWP伪春菜 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the sm-options.php page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS6.7AI score0.00127EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/16 3:38 a.m.8 views

CVE-2025-7683 LatestCheckins <= 1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation on the 'LatestCheckins' page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS0.00159EPSS
Exploits0References3
CVE
CVE
added 2025/08/16 3:38 a.m.22 views

CVE-2025-7668

CVE-2025-7668 — Linux Promotional Plugin for WordPress is a CSRF to Stored XSS vulnerability affecting all versions up to 1.4. The issue arises from missing or incorrect nonce validation on the plugin’s linux-promotional-plugin.php page, enabling unauthenticated attackers to update settings and i...

6.1CVSS6.6AI score0.00159EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/16 3:38 a.m.3 views

CVE-2025-7668 Linux Promotional Plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'inux-promotional-plugin.php' page. This makes it possible for unauthenticated attackers to update...

6.1CVSS6.6AI score0.00159EPSS
Exploits0References3
CVE
CVE
added 2025/08/16 3:38 a.m.24 views

CVE-2025-7684

The CVE-2025-7684 issue is confirmed for the WordPress plugin Last.fm Recent Album Artwork (versions up to and including 1.0.2). The root cause is missing/incorrect nonce validation on lastfm_albums_artwork.php, enabling Cross‑Site Request Forgery that can lead to a Stored Cross‑Site Scripting co...

6.1CVSS6.5AI score0.00159EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/16 12:0 a.m.5 views

PT-2025-33532 · WordPress · Latestcheckins

Name of the Vulnerable Software and Affected Versions: LatestCheckins plugin for WordPress version 1 Description: The LatestCheckins plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'LatestCheckins' page. This allows...

6.1CVSS6.3AI score0.00159EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/08/16 12:0 a.m.7 views

PT-2025-33534 · WordPress · Weichuncai

Name of the Vulnerable Software and Affected Versions: weichuncaiWP伪春菜 plugin for WordPress versions up to and including 1.5 Description: The weichuncaiWP伪春菜 plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the sm-options.php page...

6.1CVSS6.3AI score0.00127EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/16 12:0 a.m.5 views

PT-2025-33533 · WordPress · Last.Fm Recent Album Artwork

Name of the Vulnerable Software and Affected Versions: Last.fm Recent Album Artwork plugin for WordPress versions up to and including 1.0.2 Description: The Last.fm Recent Album Artwork plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation ...

6.1CVSS6.3AI score0.00159EPSS
Exploits0References7
NVD
NVD
added 2025/08/15 9:15 a.m.5 views

CVE-2025-7688

The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'add-user-meta' page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS0.00141EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/15 8:25 a.m.6 views

CVE-2025-7688 Add User Meta <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'add-user-meta' page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS0.00141EPSS
Exploits0References3
Rows per page
Query Builder