Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.10 views

CVE-2026-4650

The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing authorization and nonce verification in the donateactionstatus AJAX handler, which is registered to be accessible to unauthenticated users vi...

5.3CVSS5.9AI score0.00402EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.7 views

PT-2025-44236

Name of the Vulnerable Software and Affected Versions Doppler Forms WordPress plugin versions through 2.5.1 Description The Doppler Forms WordPress plugin registers an AJAX action, install extension, without proper verification of user capabilities or the use of a nonce. This allows any...

6.5CVSS6.4AI score0.00203EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 11:31 p.m.6 views

CVE-2022-1630

The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack...

6.5CVSS6.6AI score0.00513EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:13 p.m.6 views

CVE-2022-36968

In Progress WSFTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery CSRF attacks...

4.3CVSS7AI score0.00217EPSS
Exploits0References1
CVE
CVE
added 2025/05/15 8:9 p.m.46 views

CVE-2024-4665

EventPrime WordPress plugin before 3.5.0 contains a permissions validation flaw in the booking update flow, allowing a user to modify or cancel bookings for other users. The issue is compounded by the absence of a nonce to protect the operation. Impact, as documented, is limited to unauthorized c...

6.4CVSS5.2AI score0.00257EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/21 12:0 a.m.5 views

PT-2022-24015 · WordPress +1 · Ask Me

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue allows for the deletion of a post without using a nonce or prompting for confirmation, which is a result of a CSRF vulnerability. Recommendations: At the moment, there is no...

4.7CVSS4.6AI score0.00355EPSS
Exploits1References4
Rows per page
Query Builder