EUVD-2026-34190

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

CVE-2026-5693

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

CVE-2025-14167

The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to incorrect nonce validation logic that uses OR || instead of AND &&, causing the validation to fail when the nonce field is not empty OR when...

CVE-2025-14468

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the ampthemeajaxcomments AJAX handler, which rejects requests with VALID nonces and accepts...

CVE-2025-14468

CVE-2025-14468 : The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery up to and including version 1.1.9 due to inverted nonce verification in the amp_theme_ajaxcomments AJAX handler, allowing unauthenticated attackers to submit comments on beh...

CSRF Bypass in Multiple Plugins

Multiple plugins are affected by CSRF bypass as they do not properly check for the nonce due to a logic flaw. This could allow attackers to make logged in users do unwanted actions...