CVE-2025-9627

CVE-2025-9627 describes a CSRF vulnerability in the WordPress Run Log plugin (versions up to and including 1.7.10). The issue stems from missing/incorrect nonce validation in the oirl_plugin_options function, allowing unauthenticated attackers to modify plugin settings (e.g., distance units, pace...

WordPress OceanWP Theme < 4.1.2 is vulnerable to Settings Change

Software OceanWP Type Theme Vulnerable versions 4.1.2 Fixed in 4.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Settings Change CVE CVE-2025-8944 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e2cdad6661d0 Credits Hamit Cibo Required...

CVE-2025-48318 WordPress 多说社会化评论框 plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in shen2 多说社会化评论框 duoshuo allows Cross Site Request Forgery.This issue affects 多说社会化评论框: from n/a through = 1.2...

CVE-2025-54025 WordPress Coupon Affiliates Plugin <= 6.4.0 - Settings Change Vulnerability

Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Coupon Affiliates: from n/a through 6.4.0...

CVE-2025-43983

KuWFi CPF908-CP5 WEB5.0LCD20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goformsetcmdprocess and goform/goformgetcmdprocess. These allow an unauthenticated attacker to retrieve sensitive information including the device admin username and password,...

CVE-2025-54717 WordPress WP Membership Plugin <= 1.6.3 - Settings Change Vulnerability

Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through = 1.6.3...

KuWFi CPF908-CP5 安全漏洞

KuWFi CPF908-CP5 is a WiFi router from KuWFi China. A security vulnerability exists in the KuWFi CPF908-CP5 WEB5.0LCD20210125 version, which stems from an unauthenticated access control vulnerability that could lead to the disclosure of sensitive information, modification of device settings, and...

CVE-2025-43983

CVE-2025-43983 affects KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices. The vulnerability set involves unauthenticated access to goform/goform_set_cmd_process and goform/goform_get_cmd_process, enabling an attacker to retrieve sensitive information (including the admin username/password), modify cri...

CVE-2024-10294

The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21singlesignonsaveapisettings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings...

CVE-2024-6579

The Web and WooCommerce Addons for WPBakery Builder plugin for WordPress is vulnerable to unauthorized plugin settings modification due to a missing capability check on several plugin functions in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with...

CVE-2019-13344

An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains function in wplikebutton.php did not check if the current request is made by an authorized user, thus allowing any...

WordPress plugin Offload Videos 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

WordPress plugin Book a Room 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

The vulnerability in the web-based interface for managing software for network deployment and security management in HPE Aruba Networking Fabric Composer allows a malicious actor to escalate their privileges, gain access to protected information, and modify system settings.

The vulnerability of the web-based interface for managing software for network deployment and security management in HPE Aruba Networking Fabric Composer is related to access control errors. Exploiting this vulnerability can allow an attacker to enhance their privileges, gain access to protected...

WordPress Indeed API Plugin <= 0.5 - CSRF to Settings Change vulnerability

CSRF to Settings Change vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Indeed API versions = 0.5...

CVE-2024-48846

Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

Announcing The Wordfence Audit Log: Off-Site Real-Time Security Event Logging for WordPress

Today the Wordfence team is proud to announce an exciting new feature: The Wordfence Audit Log, included in the Wordfence 8.0 release. The audit log captures and stores security-related events on your website as they happen, and sends them securely to an off-site location to protect them from...

CVE-2024-5823

A CVE-2024-5823 entry concerns a file overwrite vulnerability in gaizhenbiao/chuanhuchatgpt versions &lt;= 20240410. The root cause: an insecure file handling path enables an attacker to overwrite critical configuration files, which can lead to unauthorized changes in system behavior or security ...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the redirect parameter in Commerce Catalogs. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a malicious link. Remediatio...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the redirect parameter in Commerce Catalogs. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a malicious link. Remediatio...