PT-2026-34292

Name of the Vulnerable Software and Affected Versions WP Responsive Popup + Optin versions prior to 1.5 Description The WP Responsive Popup + Optin plugin for WordPress is susceptible to Cross-Site Request Forgery. The settings form on the admin page 'wpo admin page.php' fails to implement nonce...

PT-2026-34284

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rd ic settings page function when processing settings form submissions. This makes it possible for unauthenticated...

PT-2026-34310

Name of the Vulnerable Software and Affected Versions Fast & Fancy Filter – 3F plugin for WordPress versions prior to 1.2.3 Description Cross-Site Request Forgery occurs due to missing nonce verification in the saveFields function, which handles the 'fff save settins' AJAX action. This allows...

PT-2026-34295

Name of the Vulnerable Software and Affected Versions DX Unanswered Comments versions prior to 1.8 Description The DX Unanswered Comments plugin for WordPress is susceptible to Cross-Site Request Forgery. This issue occurs because of missing nonce validation on the settings form within the...

PT-2026-34297

Name of the Vulnerable Software and Affected Versions Ni WooCommerce Order Export versions prior to 3.1.7 Description An issue exists where missing nonce validation in the ni order export action AJAX handler function allows unauthenticated attackers to modify plugin settings via a forged request...

PT-2026-34286

Name of the Vulnerable Software and Affected Versions Call To Action Plugin versions prior to 3.1.4 Description The plugin is susceptible to Cross-Site Request Forgery due to missing nonce validation in the cbox options page function, which manages the saving, creation, and deletion of plugin...

PT-2026-34309

Name of the Vulnerable Software and Affected Versions Google PageRank Display versions prior to 1.5 Description Cross-Site Request Forgery occurs due to missing nonce validation in the gpdisplay option function, which manages the plugin settings page. The settings form lacks a wp nonce field, and...

PT-2026-34294

Name of the Vulnerable Software and Affected Versions TextP2P Texting Widget versions prior to 1.8 Description The TextP2P Texting Widget plugin for WordPress is susceptible to Cross-Site Request Forgery. This occurs because the imTextP2POptionPage function, which handles settings updates, lacks...

PT-2026-34291

The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The delete term function, which handles the 'tpmcattt delete term' AJAX action, does not perform any capability check e.g., current user can to verify...

EUVD-2026-23537

Auth0 Next.js SDK has Improper Proxy Cache Lookup...

Auth0 Next.js SDK has Improper Proxy Cache Lookup

Description In affected versions of the Next.js SDK, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Which Projects are Affected? Users are affected if they meet all of the following preconditions: -...

GHSA-XQ8M-7C5P-C2R6 Auth0 Next.js SDK has Improper Proxy Cache Lookup

Description In affected versions of the Next.js SDK, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Which Projects are Affected? Users are affected if they meet all of the following preconditions: -...

CVE-2026-4666

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...

CVE-2026-40155

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...

CVE-2026-40155 Auth0 Next.js SDK has Improper Proxy Cache Lookup

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...

CVE-2026-40155 Auth0 Next.js SDK has Improper Proxy Cache Lookup

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...

CVE-2026-40155

The CVE concerns the Auth0 Next.js SDK. Affected versions: 4.12.0–4.17.1. Issue: when multiple simultaneous requests trigger a nonce retry, the proxy cache fetcher may perform improper lookups for token request results. Impact: affects projects using both the vulnerable SDK versions and the proxy...

EUVD-2026-23390

The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX deletion handlers: vehiclescfmwdvehicle, contactscfmwdcontact, supplierscfmwdsupplier,...

CVE-2026-6451

The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX deletion handlers: vehiclescfmwdvehicle, contactscfmwdcontact, supplierscfmwdsupplier,...

CVE-2026-6451 CMS für Motorrad Werkstätten <= 1.0.0 - Cross-Site Request Forgery

The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX deletion handlers: vehiclescfmwdvehicle, contactscfmwdcontact, supplierscfmwdsupplier,...