CVE-2026-6452

The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bigfishgamessyndicatesubmenu function. This makes it possible for unauthenticated attackers to reset...

WordPress Aruba HiSpeed Cache plugin <= 3.0.4 - Cross-Site Request Forgery to Plugin Settings Reset vulnerability

Cross-Site Request Forgery to Plugin Settings Reset vulnerability discovered by Legion Hunter in WordPress Plugin Aruba HiSpeed Cache versions = 3.0.4...

CVE-2026-3570

The CVE-2026-3570 entry concerns the Smarter Analytics plugin for WordPress. Affected: all versions up to and including 2.0. Root cause: missing authentication and capability checks on the configuration reset function in smarter-analytics.php, in the global scope. Impact: unauthenticated attacker...

CVE-2026-3570 Smarter Analytics <= 2.0 - Missing Authorization to Unauthenticated Plugin Settings Reset via 'reset' Parameter

The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configuration reset functionality in the global scope of smarter-analytics.php. This makes it possible for...

CVE-2025-14799

The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of loose comparison == instead of strict comparison === when validating the installation ID in the...

CVE-2025-9945

CVE-2025-9945 affects the WordPress plugin “Optimize More! – CSS” (versions up to 1.0.3). The issue is a Cross-Site Request Forgery caused by missing/incorrect nonce validation in the reset_plugin function, allowing unauthenticated attackers to trigger a site administrator action to reset plugin ...

CVE-2025-9945 Optimize More! – CSS <= 1.0.3 - Cross-Site Request Forgery to Plugin Settings Reset

The Optimize More! – CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the resetplugin function. This makes it possible for unauthenticated attackers to reset the plugin's...

CVE-2025-9945 Optimize More! – CSS <= 1.0.3 - Cross-Site Request Forgery to Plugin Settings Reset

The Optimize More! – CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the resetplugin function. This makes it possible for unauthenticated attackers to reset the plugin's...

CVE-2024-3216

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wtpklistresetsettings function in all versions up to, and including, 4.4.2. This makes it possible for...

CVE-2024-1760

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is due to missing or incorrect nonce validation on the ssafactoryreset function. This makes it...

CVE-2024-5804

The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.13. This is due to missing or incorrect nonce validation on the wpcf7cfadmininit function. This makes it possible for unauthenticated attackers to reset...

CVE-2024-32951 WordPress Max Addons Pro for Bricks plugin <= 1.6.1 - Unauthenticated Plugin Settings Reset vulnerability

Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1...

CVE-2023-1865

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrcnuke GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to delete YouTube channels...

CVE-2023-1865 YourChannel <= 1.2.3 - Missing Authorization to Plugin Settings Reset

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrcnuke GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to delete YouTube channels...

WordPress Manage Notification E-mails plugin <= 1.8.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Reset discovered by Muhammad Daffa Patchstack Alliance in WordPress Manage Notification E-mails plugin versions = 1.8.2. Solution Update the WordPress Manage Notification E-mails plugin to the latest available version at lea...

WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Reset vulnerability

Unauthenticated Plugin Settings Reset vulnerability discovered by Rasi Afeef Patchstack Alliance in WordPress TH Advance Product Search plugin versions = 1.1.4. Solution No patched version is available. Ignored by the vendor since Aug 2, 2022...

WP-Matomo Integration (WP-Piwik) < 1.0.27 - Plugin Settings Reset via CSRF

The plugin does not have CSRF when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack https://example.com/wp-admin/options-general.php?page=wp-piwik%2Fclasses%2FWPPiwik.php&clear=2...