EUVD-2024-33802

Malicious code in bioql PyPI...

EUVD-2024-33052

Malicious code in bioql PyPI...

CVE-2025-6064

The WP URL Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the 'urlshortenersettings' page. This makes it possible for unauthenticated attackers to update settings and...

CVE-2025-5019 Hive Support <= 1.2.5 - Cross-Site Request Forgery via hs_update_ai_chat_settings Function

The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the hsupdateaichatsettings function. This mak...

CVE-2025-0810

The Read More & Accordion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.7. This is due to missing or incorrect nonce validation on the addNewButtons function. This makes it possible for unauthenticated attackers to include and execute...

CVE-2024-12605

CVE-2024-12605 affects the AI Scribe WordPress plugin (up to version 2.3). The vulnerability is CSRF due to missing or incorrect nonce validation on al_scribe_content_data actions, enabling unauthenticated attackers to update plugin settings by tricking an admin. The Red Hat/Wordfence documentati...

CVE-2024-9592 Easy PayPal Gift Certificate <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wpppgc_plugin_options

The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the 'wpppgcpluginoptions' function. This makes it possible for unauthenticated attackers to update the...