EUVD-2019-6320

Malware in sbrugna...

EUVD-2024-33802

Malicious code in bioql PyPI...

EUVD-2024-33052

Malicious code in bioql PyPI...

CVE-2025-7686

The weichuncaiWP伪春菜 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the sm-options.php page. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2025-6064

The WP URL Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the 'urlshortenersettings' page. This makes it possible for unauthenticated attackers to update settings and...

CVE-2025-5019 Hive Support <= 1.2.5 - Cross-Site Request Forgery via hs_update_ai_chat_settings Function

The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the hsupdateaichatsettings function. This mak...

CVE-2021-24278

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7rgetnonce AJAX action to retrieve a valid nonce for any WordPress action/function...

CVE-2019-15770

The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks...

CVE-2025-3766

The Login Lockdown & Protection plugin for WordPress is vulnerable to unauthorized nonce access due to a missing capability check on the ajaxruntool function in all versions up to, and including, 2.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2025-0810

The Read More & Accordion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.7. This is due to missing or incorrect nonce validation on the addNewButtons function. This makes it possible for unauthenticated attackers to include and execute...

CVE-2024-12365

CVE-2024-12365 affects the W3 Total Cache WordPress plugin (versions up to and including 2.8.1). The vulnerability arises from a missing capability check in is_w3tc_admin_page, enabling authenticated attackers with Subscriber-level access or higher to obtain the plugin nonce, perform unauthorized...

CVE-2024-12605

CVE-2024-12605 affects the AI Scribe WordPress plugin (up to version 2.3). The vulnerability is CSRF due to missing or incorrect nonce validation on al_scribe_content_data actions, enabling unauthenticated attackers to update plugin settings by tricking an admin. The Red Hat/Wordfence documentati...

CVE-2024-9592 Easy PayPal Gift Certificate <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wpppgc_plugin_options

The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the 'wpppgcpluginoptions' function. This makes it possible for unauthenticated attackers to update the...