Lucene search
K

6 matches found

CVE
CVE
added 2026/05/27 7:45 a.m.23 views

CVE-2026-8942

CVE-2026-8942 affects the WordPress MetaMagic SEO Plugin (versions up to 1.6). The issue is a Cross-Site Request Forgery due to missing or incorrect nonce validation in the metamagic_update_options function, allowing unauthenticated attackers to modify SEO settings (e.g., enable/disable the plugi...

4.3CVSS5.7AI score0.00124EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 5:31 a.m.21 views

CVE-2026-8708

CVE-2026-8708 affects the Genzel breadcrumbs WordPress plugin (versions up to 1.2). The issue is a Cross-Site Request Forgery due to missing or incorrect nonce validation in the _options_page function, allowing unauthenticated attackers to modify plugin settings (templates, delimiter, home label/...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/20 6:46 a.m.9 views

CVE-2026-6405 Anomify AI <= 0.3.6 - Cross-Site Request Forgery

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in versions up to and including 0.3.6. This is due to missing nonce verification on the settings page handler and insufficient output...

4.3CVSS6AI score0.00168EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/05 2:26 a.m.6 views

CVE-2026-6701 addfreespace <= 0.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page

The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS5.7AI score0.00158EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/05/22 7:44 p.m.6 views

CVE-2021-24283

The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue...

5.4CVSS5.8AI score0.00624EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/04/09 12:0 a.m.4 views

WordPress Plugin BestWebSoft Contact Form 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS5.7AI score0.00361EPSS
Exploits0References4
Rows per page
Query Builder