5 matches found
PT-2026-51670
Name of the Vulnerable Software and Affected Versions Bulk SEO Image versions prior to 1.2 Description The Bulk SEO Image plugin for WordPress is subject to Cross-Site Request Forgery. This occurs because the settings page handler BulkSeoImage lacks proper nonce validation—a security token used t...
CVE-2026-6293
The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in version 1.0. This is due to missing nonce validation on the plugin settings update handler, combined with insufficient input sanitization on all...
CVE-2024-1504
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupressblackholebanip function. This makes it possible for unauthenticated attacker...
CVE-2023-1343
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attachrule function. This makes it possible for unauthenticated attackers to modify the...
PT-2023-16734 · WordPress · Download Read More Excerpt Link
Name of the Vulnerable Software and Affected Versions: Download Read More Excerpt Link plugin for WordPress versions up to, and including, 1.6.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the read more excerpt link menu options...