Lucene search
K

511 matches found

Cvelist
Cvelist
added 2026/03/07 7:22 a.m.29 views

CVE-2026-1087 The Guardian News Feed <= 1.2 - Cross-Site Request Forgery to Settings Update

The Guardian News Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS0.00126EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/07 7:22 a.m.3 views

CVE-2026-1085 True Ranker <= 2.2.9 - Cross-Site Request Forgery to Unauthorized True Ranker Disconnection

The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action. This makes it possible for unauthenticated attackers to disconnect the administrator's True...

4.3CVSS5.6AI score0.00124EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/07 7:22 a.m.3 views

CVE-2026-1073 Purchase Button For Affiliate Link <= 1.0.2 - Cross-Site Request Forgery to Settings Update

The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing nonce validation on the settings page form handler in inc/purchase-btn-options-page.php. This makes it possible for...

4.3CVSS5.6AI score0.00126EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/06 11:22 p.m.8 views

CVE-2026-1644

The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...

4.3CVSS5.8AI score0.0016EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/03 12:0 a.m.4 views

CVE-2021-35486

A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...

8.1CVSS6AI score0.00187EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.14 views

CVE-2025-12172

The Mailchimp List Subscribe Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on the mailchimpsfchangelistifnecessary function. This makes it possible for unauthenticated attacke...

4.3CVSS5.4AI score0.00135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.7 views

CVE-2025-13413

The Country Blocker for AdSense plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the CBFAguardarcbfa function. This makes it possible for unauthenticated attackers to update the plugin's settings...

4.3CVSS5.4AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/19 7:28 a.m.7 views

CVE-2026-1072

The Keybase.io Verification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.5. This is due to missing nonce validation when updating plugin settings. This makes it possible for unauthenticated attackers to update the Keybase verification...

4.3CVSS5.3AI score0.00156EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 7:17 a.m.10 views

CVE-2026-1455

The Whatsiplus Scheduled Notification for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'wsnfwsaveuserssettings' AJAX action. This makes it possible for unauthenticated...

4.3CVSS0.00124EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.3 views

CVE-2026-1455 Whatsiplus Scheduled Notification for Woocommerce <= 1.0.1 - Cross-Site Request Forgery to 'wsnfw_save_users_settings' AJAX Action

The Whatsiplus Scheduled Notification for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'wsnfwsaveuserssettings' AJAX action. This makes it possible for unauthenticated...

4.3CVSS5.4AI score0.00124EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 4:36 a.m.9 views

CVE-2025-13438

The CVE CVE-2025-13438 concerns the WordPress plugin Page Title, Description & Open Graph Updater. Affected versions: all up to and including 1.02. Root cause: missing nonce validation on multiple AJAX actions (e.g., dieno_update_page_title) leading to Cross-Site Request Forgery. Impact as stated...

4.3CVSS5.3AI score0.00173EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.9 views

PT-2026-20598

Name of the Vulnerable Software and Affected Versions Country Blocker for AdSense plugin for WordPress versions prior to 1.1 Description The software is susceptible to Cross-Site Request Forgery CSRF due to the absence of nonce validation in the CBFA guardar cbfa function. This allows...

4.3CVSS5.1AI score0.00173EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/18 5:29 a.m.37 views

CVE-2026-1072 Keybase.io Verification <= 1.4.5 - Cross-Site Request Forgery to Settings Update

The Keybase.io Verification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.5. This is due to missing nonce validation when updating plugin settings. This makes it possible for unauthenticated attackers to update the Keybase verification...

4.3CVSS0.00156EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/18 5:29 a.m.2 views

CVE-2026-2023 WP Plugin Info Card <= 6.2.0 - Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation

The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajaxsavecustomplugin function, which is disabled by prefixing the check with 'false &&'. This makes it possible for...

4.3CVSS5.4AI score0.00156EPSS
Exploits0References5
CVE
CVE
added 2026/02/18 5:29 a.m.21 views

CVE-2026-2023

CVE-2026-2023: WP Plugin Info Card for WordPress was affected by a CSRF vulnerability up to version 6.2.0 due to missing nonce validation in ajax_save_custom_plugin(), allowing unauthenticated attackers to forge requests that create or modify custom plugin entries if a site admin is enticed to pe...

4.3CVSS5.4AI score0.00156EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/14 4:35 a.m.6 views

CVE-2026-1983 SEATT: Simple Event Attendance <= 1.5.0 - Cross-Site Request Forgery to Arbitrary Event Deletion

The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing nonce validation on the event deletion functionality. This makes it possible for unauthenticated attackers to delete arbitrary...

4.3CVSS5.7AI score0.00124EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.11 views

PT-2026-7496

The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configuration on the mma call tracking menu admin page. This makes it possible for unauthenticated...

4.3CVSS5.4AI score0.0016EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/07 8:26 a.m.6 views

CVE-2026-1082

The TITLE ANIMATOR plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings page form handler in inc/settings-page.php. This makes it possible for unauthenticated attackers to modify plugin...

4.3CVSS5.3AI score0.00151EPSS
Exploits0References4
NVD
NVD
added 2026/02/06 9:15 a.m.15 views

CVE-2026-1785

The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...

4.3CVSS0.00191EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/03 6:38 a.m.6 views

CVE-2026-1447 Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the createorupdatenote function. This makes it possible for unauthenticated attackers to create or update contact notes via a...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References6
Rows per page
Query Builder