Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/01/07 8:21 a.m.21 views

CVE-2025-13527 xShare <= 1.0.1 - Cross-Site Request Forgery to 'rs_plugin_reset' Parameter

The xShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'xsharepluginreset' function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged...

4.3CVSS0.0014EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/06 10:32 p.m.4 views

WordPress xShare plugin <= 1.0.1 - Cross-Site Request Forgery to 'rs_plugin_reset' Parameter vulnerability

Cross-Site Request Forgery to 'rspluginreset' Parameter vulnerability discovered by dayea song - Ahnlab in WordPress Plugin xShare versions = 1.0.1...

4.3CVSS6.8AI score0.0014EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/07/13 6:0 a.m.35 views

CVE-2024-5028 CM WordPress Search And Replace Plugin < 1.3.9 - Plugin Reset via CSRF

The CM WordPress Search And Replace Plugin WordPress plugin before 1.3.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

0.00224EPSS
Exploits1References1
wpexploit
wpexploit
added 2024/05/24 12:0 a.m.160 views

Similarity <= 3.0 - Plugin Reset via CSRF

Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack Make a logged in admin open an HTML file containing:...

9.4AI score0.002EPSS
Exploits2
Rows per page
Query Builder