29 matches found
EUVD-2026-32085
The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPHoptions function. This makes it possible for unauthenticated attackers to update the plugin's...
CVE-2026-7614
The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPHoptions function. This makes it possible for unauthenticated attackers to update the plugin's...
PT-2026-43535
The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the search simple fields options function in functions admin.php. This makes it possible for unauthenticated...
WordPress plugin Child Height Predictor by Ostheimer 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
EUVD-2026-23382
The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOptions function, which is exposed via two AJAX hooks: wpajaxupdateOptions class-canto.php line 231 an...
CVE-2026-1032 Conditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update
The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...
CVE-2026-0572
The CVE-2026-0572 entry concerns the WebPurify Profanity Filter plugin for WordPress. A missing capability check on the webpurify_save_options function affects all versions up to and including 4.0.2, allowing unauthenticated attackers to modify plugin settings and thus perform data modification. ...
EUVD-2020-16306
Malware in sbrugna...
EUVD-2025-32244
Malicious code in bioql PyPI...
EUVD-2025-25475
Malicious code in bioql PyPI...
CVE-2025-10302
The Ultimate Viral Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on thesaveoptions function. This makes it possible for unauthenticated attackers to update the plugin's settings...
CVE-2025-10302
CVE-2025-10302 affects the WordPress plugin Ultimate Viral Quiz (versions ≤ 1.0). The vulnerability is a Cross-Site Request Forgery due to missing/incorrect nonce validation in the save_options() function, allowing unauthenticated attackers to update plugin settings if a site administrator is tri...
WordPress plugin The Ultimate Viral Quiz 跨站请求伪造漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an applicatio...
PT-2025-40470
Name of the Vulnerable Software and Affected Versions The Ultimate Viral Quiz plugin for WordPress versions prior to 1.0 Description The Ultimate Viral Quiz plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation within the save options function. This...
PT-2025-37151
The LH Signing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.83. This is due to missing or incorrect nonce validation on the plugin options function. This makes it possible for unauthenticated attackers to modify plugin settings via a...
CVE-2024-13908
The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveoptions' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to...
CVE-2024-13654
CVE-2024-13654 concerns the WordPress theme ZoxPress (
PT-2025-2205 · WordPress · Mailup Auto Subscription
Name of the Vulnerable Software and Affected Versions: MailUp Auto Subscription plugin for WordPress version 1.1.0 and earlier Description: The issue is due to missing or incorrect nonce validation on the mas options function, making it possible for unauthenticated attackers to update settings an...
WordPress plugin Facebook Chat 访问控制错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control...
CVE-2024-1468
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaximportoptions function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers, with...