Lucene search
+L

513 matches found

NVD
NVD
added 2026/02/06 9:15 a.m.17 views

CVE-2026-1785

The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...

4.3CVSS0.00191EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/03 6:38 a.m.6 views

CVE-2026-1447 Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the createorupdatenote function. This makes it possible for unauthenticated attackers to create or update contact notes via a...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/28 11:23 a.m.7 views

EUVD-2025-206487

The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/28 11:23 a.m.4 views

CVE-2025-14616 Recooty <= 1.0.6 - Cross-Site Request Forgery to Settings Update

The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.19 views

CVE-2026-1088

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...

4.3CVSS5.4AI score0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.15 views

CVE-2026-1070

The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alexusercounterfunction function. This makes it possible for unauthenticated attackers to update the plugin settings via...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.17 views

CVE-2026-1208

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

4.3CVSS5.5AI score0.0016EPSS
Exploits1References1
NVD
NVD
added 2026/01/24 9:15 a.m.7 views

CVE-2025-14630

The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation on the 'saveSettings' and 'renamePost' AJAX actions. This makes it possible for unauthenticated attackers to modify...

4.3CVSS0.0016EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/24 9:8 a.m.6 views

CVE-2026-1208

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

4.3CVSS5.8AI score0.0016EPSS
Exploits1References5
CVE
CVE
added 2026/01/24 7:26 a.m.11 views

CVE-2026-1088

CVE-2026-1088 affects the WordPress plugin Login Page Editor (≤1.2). The issue is a Cross-Site Request Forgery (CSRF) due to missing nonce validation on the devotion_loginform_process() AJAX action, enabling unauthenticated attackers to update login-page settings if a site administrator is tricke...

4.3CVSS5.4AI score0.00154EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/24 7:26 a.m.38 views

CVE-2026-1088 Login Page Editor <= 1.2 - Cross-Site Request Forgery to Settings Update

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...

4.3CVSS0.00154EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/24 7:26 a.m.7 views

CVE-2026-1081

The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/20 1:22 a.m.3 views

CVE-2026-1051 Newsletter – Send awesome emails from WordPress <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hooknewsletteraction function. This makes it possible for unauthenticated...

4.3CVSS5.5AI score0.00104EPSS
Exploits0References2
CVE
CVE
added 2026/01/14 6:40 a.m.16 views

CVE-2025-15376

The CVE-2025-15376 entry concerns the WordPress plugin Stopwords for comments, versions up to 1.1. It is a Cross-Site Request Forgery (CSRF) vulnerability caused by missing nonce validation in set_stopwords_for_comments and delete_stopwords_for_comments. This allows unauthenticated attackers to a...

4.3CVSS5AI score0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/14 6:40 a.m.34 views

CVE-2025-14846 SocialChamp with WordPress <= 1.3.5 - Cross-Site Request Forgery to Plugin Settings Update

The SocialChamp with WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.5. This is due to missing nonce validation on the wpscsettingstabmenu function. This makes it possible for unauthenticated attackers to modify plugin settings...

4.3CVSS0.00124EPSS
Exploits0References3
CVE
CVE
added 2026/01/14 5:28 a.m.19 views

CVE-2025-15377

The CVE-2025-15377 entry describes a Cross-Site Request Forgery in the WordPress plugin Sosh Share Buttons (versions up to and including 1.1.0). The root cause is missing nonce validation in the admin_page_content function, enabling unauthenticated attackers to modify plugin settings via a forged...

4.3CVSS4.9AI score0.0014EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.15 views

PT-2026-2836

The SocialChamp with WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing nonce validation on the wpsc settings tab menu function. This makes it possible for unauthenticated attackers to modify plugin settin...

4.3CVSS5.2AI score0.00124EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.7 views

CVE-2025-14976

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce...

5.4CVSS5.5AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.7 views

CVE-2023-4923

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobebulkoperationsdelete function. This makes it possible for unauthenticated attackers to delete products via a forged reques...

5.4CVSS5.3AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.8 views

CVE-2023-4935

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the createprofile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted th...

4.3CVSS5.3AI score0.0028EPSS
Exploits0References1
Rows per page
Query Builder