Lucene search
K

369 matches found

NVD
NVD
added 3 days ago5 views

CVE-2026-15070

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...

8.8CVSS0.00259EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42784

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...

8.8CVSS6.7AI score0.00259EPSS
Exploits0References6
CVE
CVE
added 4 days ago10 views

CVE-2026-11359

The CVE-2026-11359 entry relates to the Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress. Affected versions up to 3.4 are vulnerable due to missing capability checks and nonce validation in the pg_install_profilegrid() AJAX handler (wp_ajax_...

4.3CVSS5.9AI score0.00246EPSS
Exploits0References5
CVE
CVE
added 5 days ago11 views

CVE-2026-12002

The CVE-2026-12002 entry concerns the Smash Balloon Social Photo Feed – Easy Social Feeds Plugin for WordPress. A CSRF vulnerability exists in all versions up to and including 6.11.1 due to missing/incorrect nonce validation in the maybe_connection_data function. This allows unauthenticated attac...

4.7CVSS5.8AI score0.00102EPSS
Exploits0References2
CVE
CVE
added 5 days ago14 views

CVE-2026-9731

The CVE concerns the WordPress plugin Wp Js Detect (versions up to 1.0.9). Affected component: plugin_settings in the plugin, where missing/incorrect nonce validation enables a Cross-Site Request Forgery (CSRF) . Unauthenticated attackers could forge requests to update the plugin’s settings (wp_n...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/01 7:53 a.m.7 views

EUVD-2026-40924

The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the processrequest function. This makes it possible for unauthenticated...

8.8CVSS5.8AI score0.00205EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 7:16 a.m.13 views

CVE-2026-8617

The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to a missing capability check and missing nonce validation on the searchplussavetokenactioncallback and searchplusresettokenactioncallback...

5.3CVSS0.00228EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/09 3:41 a.m.10 views

EUVD-2026-35307

The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserInfo and...

7.5CVSS5.5AI score0.00403EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/09 3:41 a.m.14 views

EUVD-2026-35306

The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect nonce validation on the handleSaveGeneralSettings function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS5.5AI score0.00128EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.37 views

CVE-2026-8909 WpMobi <= 0.0.3 - Cross-Site Request Forgery via save_general_settings Action

The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect nonce validation on the handleSaveGeneralSettings function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS0.00128EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

WordPress plugin jQuery Hover Footnotes 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.2AI score0.00145EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.15 views

CVE-2026-7047

The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funpajaxmodifynotes function. This makes it possible for unauthenticated attackers to trick a logged-in...

4.3CVSS5.3AI score0.00132EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/06 12:31 a.m.14 views

EUVD-2026-34926

The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funpajaxmodifynotes function. This makes it possible for unauthenticated attackers to trick a logged-in...

4.3CVSS5.4AI score0.00132EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.11 views

CVE-2026-9732

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

4.3CVSS5.4AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.12 views

CVE-2026-6452

The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bigfishgamessyndicatesubmenu function. This makes it possible for unauthenticated attackers to reset...

4.3CVSS5.4AI score0.00158EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 12:16 a.m.18 views

CVE-2026-9732

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

4.3CVSS0.00128EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/02 11:27 p.m.8 views

CVE-2026-9732 EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/02 7:48 a.m.12 views

CVE-2026-8422 Remove meta boxes per user role <= 1.01 - Cross-Site Request Forgery to Settings Update

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

4.3CVSS5.7AI score0.00132EPSS
Exploits0References7
CVE
CVE
added 2026/06/02 7:48 a.m.21 views

CVE-2026-9730

The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.0 due to missing/incorrect nonce validation on gmz_comment_settings_save, allowing unauthenticated attackers to modify the plugin’s comment-display setting via a forged reque...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/02 7:48 a.m.10 views

CVE-2026-9599 Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
Rows per page
Query Builder