CVE-2026-8708

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...

EUVD-2026-32090

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...

CVE-2026-8708 Genzel breadcrumbs <= 1.2 - Cross-Site Request Forgery to Settings Update via Plugin Settings Page

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...

CVE-2026-9014

The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetstats function in versions up to, and including, 1.3. The function is hooked to both the wpajaxwpp-resetstats and wpajaxnoprivwpp-resetstats actions and contains n...

EUVD-2026-32085

The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPHoptions function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2026-7614

The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPHoptions function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2026-7614 Old Posts Highlighter <= 1.0.3 - Cross-Site Request Forgery to Settings Update

The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPHoptions function. This makes it possible for unauthenticated attackers to update the plugin's...

EUVD-2026-32073

The Two-factor authentication formerly IP Vault plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the ipvsavechanges function. This makes it possible for unauthenticated attackers to...

EUVD-2026-32071

The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...

CVE-2026-8941 CDN Linker lite <= 1.3.1 - Cross-Site Request Forgery to Plugin Settings Update

The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdloffoptions function. This makes it possible for unauthenticated attackers to update the plugin's settings ...

CVE-2026-8943

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostatsmanage function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2026-8941 CDN Linker lite <= 1.3.1 - Cross-Site Request Forgery to Plugin Settings Update

The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdloffoptions function. This makes it possible for unauthenticated attackers to update the plugin's settings ...

EUVD-2026-32068

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostatsmanage function. This makes it possible for unauthenticated attackers to update the plugin's...

EUVD-2026-32067

The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdloffoptions function. This makes it possible for unauthenticated attackers to update the plugin's settings ...

CVE-2026-8941

The CVE concerns the WordPress plugin CDN Linker lite (

CVE-2026-8943

GoStats for WordPress plugin for WordPress is vulnerable to Cross‑Site Request Forgery in all versions up to 1.4 due to missing or incorrect nonce validation in gostats_manage(). This allows unauthenticated attackers to modify settings (gostats_siteid, gostats_server) via forged requests if a sit...

EUVD-2026-32060

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

EUVD-2026-32059

The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the searchsimplefieldsoptions function in functionsadmin.php. This makes it possible for unauthenticated attacke...

CVE-2026-8939 Search Simple Fields <= 0.2 - Cross-Site Request Forgery to Plugin Settings Update

The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the searchsimplefieldsoptions function in functionsadmin.php. This makes it possible for unauthenticated attacke...

CVE-2026-8938 auto making JSON-LD <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings via Nonce Validation Bypass

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...