WordPress rognone plugin <= 0.6.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin rognone versions = 0.6.2...

WordPress rognone plugin <= 0.6.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin rognone versions = 0.6.2...

CVE-2026-5191 Tiled Gallery Carousel Without JetPack <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-image-title'

The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

CVE-2026-5191

The CVE-2026-5191 entry concerns the WordPress plugin “Tiled Gallery Carousel Without JetPack.” The vulnerability is a stored cross-site scripting flaw in the data-image-title parameter, present in all versions up to and including 3.1, caused by insufficient input sanitization and output escaping...

CVE-2026-5191

The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

EUVD-2026-33901

The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

WordPress GEO my WP plugin <= 4.5.5 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin GEO my WordPress versions = 4.5.5...

CVE-2026-9722 Laiser Tag <= 1.2.5 - Cross-Site Request Forgery to Plugin Settings Update via Settings Form

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2026-9722 Laiser Tag <= 1.2.5 - Cross-Site Request Forgery to Plugin Settings Update via Settings Form

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2026-9722

The CVE-2026-9722 entry concerns the WordPress plugin Laiser Tag, affected versions ≤ 1.2.5. The root cause is missing or incorrect nonce validation in the addOptionsPageFields function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to modify plugin settings (API key,...

EUVD-2026-33899

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2026-9722

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2026-1451

Product/Component: WordPress plugin rognone (versions up to and including 0.6.2). Vulnerability: Reflected Cross-Site Scripting via the 'a' parameter caused by insufficient input sanitization and output escaping. Impact (as stated): unauthenticated attackers can inject arbitrary web scripts into ...

CVE-2026-9730 Remove NoFollow Commenter URL <= 1.0 - Cross-Site Request Forgery to Settings Update

The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the gmzcommentsettingssave function. This makes it possible for unauthenticated attackers to modify...

CVE-2026-8422 Remove meta boxes per user role <= 1.01 - Cross-Site Request Forgery to Settings Update

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

CVE-2026-9730

The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.0 due to missing/incorrect nonce validation on gmz_comment_settings_save, allowing unauthenticated attackers to modify the plugin’s comment-display setting via a forged reque...

CVE-2026-8422 Remove meta boxes per user role <= 1.01 - Cross-Site Request Forgery to Settings Update

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

CVE-2026-9730

The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the gmzcommentsettingssave function. This makes it possible for unauthenticated attackers to modify...

EUVD-2026-33898

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

EUVD-2026-33897

The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...