Lucene search
K

1116 matches found

OSV
OSV
added 2025/03/01 5:15 a.m.5 views

CVE-2024-13518

The Simple:Press Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.10.11. This is due to missing or incorrect nonce validation on the 'spsaveeditedpost' function. This makes it possible for unauthenticated attackers to modify a forum po...

4.3CVSS5.6AI score0.00188EPSS
Exploits0References2
OSV
OSV
added 2025/02/28 6:15 a.m.3 views

CVE-2025-1506

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.0. This is due to missing or incorrect nonce validation on the counteraccesskeysetup function. This makes it possible for unauthenticated...

4.3CVSS7.2AI score0.00188EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/27 11:22 p.m.16 views

CVE-2025-1687 Cardealer <= 1.6.4 - Cross-Site Request Forgery to User Update via update_user_profile

The Cardealer theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.4. This is due to missing nonce validation on the 'updateuserprofile' function. This makes it possible for unauthenticated attackers to update the user email and password via a forg...

8.8CVSS0.00262EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/25 12:0 a.m.7 views

PT-2025-7819 · WordPress · Wordpress File Upload

Name of the Vulnerable Software and Affected Versions: WordPress File Upload plugin versions up to 4.25.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the wfu file details function. This allows unauthenticated attackers to modify...

4.3CVSS9.3AI score0.00154EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/20 5:29 a.m.8 views

CVE-2024-13315

The Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. This is due to missing or incorrect nonce validation on the savesetting function. This makes it possible for unauthenticated...

8.8CVSS6.8AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2025/02/19 9:15 a.m.4 views

CVE-2024-13336

The Disable Auto Updates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'disable-auto-updates' page. This makes it possible for unauthenticated attackers to disable all auto...

4.3CVSS5.6AI score0.00154EPSS
Exploits0References2
OSV
OSV
added 2025/02/19 9:15 a.m.4 views

CVE-2024-13339

The DeBounce Email Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.6. This is due to missing or incorrect nonce validation on the 'debounceemailvalidator' page. This makes it possible for unauthenticated attackers to update...

5.4CVSS7.2AI score0.00141EPSS
Exploits0References2
OSV
OSV
added 2025/02/18 5:15 a.m.4 views

CVE-2024-13522

The magayo Lottery Results plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.12. This is due to missing or incorrect nonce validation on the 'magayo-lottery-results' page. This makes it possible for unauthenticated attackers to update...

5.4CVSS7.2AI score0.00158EPSS
Exploits0References2
OSV
OSV
added 2025/02/15 12:15 p.m.5 views

CVE-2024-10581

The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfllistingStatusChange function. This makes it possible for unauthenticated attackers to update...

4.3CVSS5.6AI score0.00154EPSS
Exploits0References2
OSV
OSV
added 2025/02/12 12:15 p.m.5 views

CVE-2024-12386

The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.3. This is due to missing nonce validation on multiple functions. This makes it possible for unauthenticated attackers to delete arbitrary accounts via a forged request...

5.4CVSS7.3AI score0.00204EPSS
Exploits0References3
OSV
OSV
added 2025/02/12 4:15 a.m.3 views

CVE-2025-0808

The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the "deleteexport" action. This makes it possible for unauthenticated attackers to delete property feed...

5.4CVSS7.2AI score0.00151EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 9:26 p.m.7 views

CVE-2022-2001

The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the dxssadminpage function found in the /dx-share-selection.php file. This makes it possible for unauthenticated attackers to...

8.8CVSS6.5AI score0.0053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:30 a.m.5 views

CVE-2024-12293

The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. This is due to missing or incorrect nonce validation on the updateroles function. This makes it possible for unauthenticated attackers to add or remove roles for...

8.8CVSS9.1AI score0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:9 p.m.7 views

CVE-2024-0203

The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digitssavesettings' function. This makes it possible for unauthenticated attackers to modify the default role of registered users to...

8.8CVSS6.4AI score0.00273EPSS
Exploits0References1
OSV
OSV
added 2025/02/04 10:15 a.m.4 views

CVE-2024-13356

The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6. This is due to missing or incorrect nonce validation in the userremoveform.php file. This makes it possible for unauthenticated attackers to delete admin user...

6.5CVSS5.6AI score0.00215EPSS
Exploits0References3
OSV
OSV
added 2025/01/28 8:15 a.m.2 views

CVE-2024-13521

The MailUp Auto Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the masoptions function. This makes it possible for unauthenticated attackers to update settings and...

5.4CVSS7.2AI score0.00134EPSS
Exploits0References2
OSV
OSV
added 2025/01/24 7:15 a.m.5 views

CVE-2024-13683

The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.0. This is due to missing or incorrect nonce validation on the 'automatehub' page. This makes it possible for unauthenticated attackers to update an...

4.3CVSS7.2AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/16 3:27 a.m.6 views

CVE-2024-10789 WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update

The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupauseradmin function. This makes it possible for unauthenticated attackers to update the plugins...

4.3CVSS6.5AI score0.00166EPSS
Exploits0References2
OSV
OSV
added 2025/01/14 9:15 a.m.2 views

CVE-2025-0393

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce validation on the wprfiltergridposts function. This makes it possible for unauthenticated attackers t...

6.1CVSS5.6AI score0.00223EPSS
Exploits0References5
CVE
CVE
added 2025/01/07 3:21 a.m.45 views

CVE-2024-12557

CVE-2024-12557 affects the Transporters.io WordPress plugin. The issue is a Cross‑Site Request Forgery due to missing nonce validation in a function, enabling unauthenticated attackers to trigger actions via forged requests when an admin clicks a link. Affected versions are up to 2.0.84. The Word...

6.1CVSS7.1AI score0.00189EPSS
Exploits0References3
Rows per page
Query Builder