6 matches found
CVE-2026-8942
CVE-2026-8942 affects the WordPress MetaMagic SEO Plugin (versions up to 1.6). The issue is a Cross-Site Request Forgery due to missing or incorrect nonce validation in the metamagic_update_options function, allowing unauthenticated attackers to modify SEO settings (e.g., enable/disable the plugi...
CVE-2026-8708
CVE-2026-8708 affects the Genzel breadcrumbs WordPress plugin (versions up to 1.2). The issue is a Cross-Site Request Forgery due to missing or incorrect nonce validation in the _options_page function, allowing unauthenticated attackers to modify plugin settings (templates, delimiter, home label/...
CVE-2026-6405 Anomify AI <= 0.3.6 - Cross-Site Request Forgery
The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in versions up to and including 0.3.6. This is due to missing nonce verification on the settings page handler and insufficient output...
CVE-2026-6701 addfreespace <= 0.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page
The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...
CVE-2021-24283
The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue...
WordPress Plugin BestWebSoft Contact Form 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...