CVE-2026-6701

The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

CVE-2026-6391 Sentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page Parameters

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the createadminpage function. This makes it possible for unauthenticated attackers...

PT-2026-1588

Name of the Vulnerable Software and Affected Versions The Latest Registered Users plugin for WordPress versions prior to 1.5 Description The Latest Registered Users plugin for WordPress is susceptible to unauthorized user data export. This is a result of a lack of authorization and nonce validati...

EUVD-2021-0951

Malware in sbrugna...

EUVD-2020-24189

Malware in sbrugna...

EUVD-2024-3603

Malicious code in bioql PyPI...

EUVD-2023-59235

Malicious code in bioql PyPI...

EUVD-2024-50739

Malicious code in bioql PyPI...

CVE-2025-7687

The Latest Post Accordian Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the 'lpaccordian' page. This makes it possible for unauthenticated attackers to update settings and...

CVE-2025-7669

The Avishi WP PayPal Payment Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'avishi-wp-paypal-payment-button/index.php' page. This makes it possible for unauthenticated...

CVE-2025-4188

CVE-2025-4188 affects the WordPress plugin Advanced Reorder Image Text Slider up to version 1.0. The vulnerability is a Cross-Site Request Forgery that occurs due to missing or incorrect nonce validation on the reorder-simple-image-text-slider-setting page. This allows unauthenticated attackers t...

PT-2025-6545 · WordPress · Speedsize Image & Video Ai-Optimizer

Name of the Vulnerable Software and Affected Versions: SpeedSize Image & Video AI-Optimizer plugin for WordPress versions up to, and including, 1.5.1 Description: The issue is due to missing or incorrect nonce validation on the speedsize clear css cache action function, making it possible for...

CVE-2024-13437

The Book a Room plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9. This is due to missing or incorrect nonce validation on the 'bookaroomSettings' page. This makes it possible for unauthenticated attackers to update the plugin's settings vi...

CVE-2021-4386

The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a...

CVE-2024-12004

The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on the ajaxupdateordernote function. This makes it possible for unauthenticated attackers to injec...

CVE-2023-4276 Absolute Privacy <= 2.1 - Cross-Site Request Forgery to User Email/Password Change

The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abprprofileShortcode' function. This makes it possible for unauthenticated attackers to change user email and password via a...

CVE-2023-3055

The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azhsave' function. This makes it possible for unauthenticated attackers to update the post content an...

PT-2021-24067 · WordPress · Post Smtp Mailer

Name of the Vulnerable Software and Affected Versions: POST SMTP Mailer plugin for WordPress versions up to, and including, 2.0.20 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the handleCsvExport function. This allows...