WordPress Neos Connector for Fakturama plugin <= 0.0.14 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Neos Connector for Fakturama versions = 0.0.14...

EUVD-2026-14158

The Neos Connector for Fakturama plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.0.14. This is due to missing nonce validation in the ncffaddpluginpage function which handles settings updates. This makes it possible for unauthenticated...

CVE-2026-4143

The Neos Connector for Fakturama plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.0.14. This is due to missing nonce validation in the ncffaddpluginpage function which handles settings updates. This makes it possible for unauthenticated...

CVE-2026-4143 Neos Connector for Fakturama <= 0.0.14 - Cross-Site Request Forgery to Settings Update

The Neos Connector for Fakturama plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.0.14. This is due to missing nonce validation in the ncffaddpluginpage function which handles settings updates. This makes it possible for unauthenticated...

CVE-2026-4143

The CVE concerns the Neos Connector for Fakturama WordPress plugin. A CSRF flaw exists in all versions up to and including 0.0.14 due to missing nonce validation in the ncff_add_plugin_page() function that handles settings updates. As a result, unauthenticated attackers could modify plugin settin...

CVE-2026-4143

The Neos Connector for Fakturama plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.0.14. This is due to missing nonce validation in the ncffaddpluginpage function which handles settings updates. This makes it possible for unauthenticated...

PT-2026-26878

The Neos Connector for Fakturama plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.0.14. This is due to missing nonce validation in the ncff add plugin page function which handles settings updates. This makes it possible for unauthenticated...

WordPress plugin Neos Connector for Fakturama 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

EUVD-2015-2909

Malware in sbrugna...

EUVD-2022-5982

Malicious code in bioql PyPI...

Malicious code in neos-theme (npm)

The package neos-theme was found to contain malicious code...

MAL-2025-27279 Malicious code in neos-theme (npm)

The package neos-theme was found to contain malicious code...

CVE-2023-37611

Cross Site Scripting XSS vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component...

CVE-2022-30429

Multiple cross-site scripting XSS vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also ...

CVE-2021-32697

neos/forms is an open source framework to build web forms. By crafting a special GET request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form...

Cross-site Scripting (XSS)

Typo3/Neos is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of user input, allowing attackers to tamper with page rendering, redirect victims, capture credentials, and potentially upload backdoors...

Sensitive Information Disclosure

Typo3/Neos is vulnerable to Sensitive Information Disclosure. The vulnerability is due to internal workspaces being accessible without authentication, which was mistakenly assumed to be a feature...

GHSA-G4XV-R3QW-V3Q2 typo3 Information Disclosure Security Note

Due to reports it has been validated that internal workspaces in Neos are accessible without authentication. Some users assumed this is a planned feature but it is not. A workspace preview should be an additional feature with respective security measures in place. Note that this only allows readi...

typo3 Information Disclosure Security Note

Due to reports it has been validated that internal workspaces in Neos are accessible without authentication. Some users assumed this is a planned feature but it is not. A workspace preview should be an additional feature with respective security measures in place. Note that this only allows readi...

Privilege Escalation in TYPO3 Neos

It has been discovered that TYPO3 Neos is vulnerable to Privilege Escalation. Logged in editors could access, create and modify content nodes that exist in the workspace of other editors...