WordPress plugin JaviBola Custom Theme Test 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-42064

Name of the Vulnerable Software and Affected Versions Child Height Predictor by Ostheimer versions prior to 1.4 Description The plugin is susceptible to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a user into performing actions they did not intend to. This occurs because the...

PT-2026-42065

Name of the Vulnerable Software and Affected Versions Bottom Bar versions prior to 0.1.8 Description The Bottom Bar plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing actions they did not intend to do. The issue exists ...

WordPress plugin Amazon Scraper 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Child Height Predictor by Ostheimer 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-42115

Name of the Vulnerable Software and Affected Versions Anomify AI – Anomaly Detection and Alerting versions prior to 0.3.7 Description The plugin is subject to Cross-Site Request Forgery CSRF which can lead to Stored Cross-Site Scripting XSS. The issue stems from missing nonce verification on the...

WordPress plugin Bigfishgames Syndicate 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-42076

Name of the Vulnerable Software and Affected Versions Games Catalog versions prior to 1.2.1 Description The Games Catalog plugin for WordPress is susceptible to Cross-Site Request Forgery, a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs because...

PT-2026-42061

Name of the Vulnerable Software and Affected Versions Word 2 Cash versions prior to 0.9.3 Description The Word 2 Cash plugin for WordPress is subject to Cross-Site Request Forgery CSRF which can lead to Stored Cross-Site Scripting XSS. This occurs because the w2c admin function lacks nonce...

WordPress plugin Bottom Bar 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin Anomify AI 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-42081

Name of the Vulnerable Software and Affected Versions TypeSquare Webfonts for ConoHa versions prior to 2.0.5 Description The plugin fails to properly verify if a user is authorized to perform specific actions, leading to an authorization bypass. Authenticated attackers with subscriber-level acces...

WordPress plugin BLOGCHAT Chat System 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin Word 2 Cash 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-42079

Name of the Vulnerable Software and Affected Versions JaviBola Custom Theme Test versions prior to 2.0.6 Description The JaviBola Custom Theme Test plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw, which occurs when a web application allows an attacker to induce a user to...

WordPress plugin Remove Yellow BGBOX 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-42077

Name of the Vulnerable Software and Affected Versions Amazon Scraper versions prior to 1.2 Description The Amazon Scraper plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs because of missing or incorrect nonce validation—a security token used to ensure requests are...

PT-2026-42080

Name of the Vulnerable Software and Affected Versions Remove Yellow BGBOX versions prior to 1.1 Description The Remove Yellow BGBOX plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing actions they did not intend to do...

WordPress plugin Games Catalog 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-42060

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the import demo function accepting a user-supplied URL in the demo json file POST parameter and...