Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-51788

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00097EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2025/05/23 8:57 a.m.3 views

CVE-2024-6925

The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS6.7AI score0.0017EPSS
Exploits1References1
NVD
NVDadded 2025/05/15 8:16 p.m.4 views

CVE-2024-9450

The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack...

6.5CVSS0.00119EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/05/15 12:0 a.m.3 views

PT-2025-21381 · WordPress · The Ultimate Noindex Nofollow Tool

Name of the Vulnerable Software and Affected Versions: The Ultimate Noindex Nofollow Tool WordPress plugin versions 1.1.2 and earlier Description: The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

4.3CVSS9.2AI score0.00252EPSS
Exploits2References4
Positive Technologies
Positive Technologiesadded 2025/05/15 12:0 a.m.1 views

PT-2025-21388

Name of the Vulnerable Software and Affected Versions: TwitterPosts WordPress plugin versions 1.0.0 through 1.0.2 Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

3.5CVSS6.4AI score0.00087EPSS
Exploits1References5
Cvelist
Cvelistadded 2025/04/30 6:0 a.m.21 views

CVE-2025-3471 SureForms < 1.4.4 - Contributor+ Settings Update

The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action...

0.00223EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2024/01/08 12:0 a.m.1 views

PT-2024-14998 · Wpblog · Wp Blogs' Planetarium Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: WP Blogs' Planetarium WordPress plugin versions 1.0 and earlier Description: The issue is related to the lack of a CSRF check when updating settings in the plugin, which could allow attackers to make a logged-in admin change them via a CSRF...

8.8CVSS8.3AI score0.0022EPSS
Exploits2References7
Positive Technologies
Positive Technologiesadded 2023/09/11 12:0 a.m.2 views

PT-2023-25148 · WordPress · Ftp Access

Name of the Vulnerable Software and Affected Versions: FTP Access WordPress plugin versions 1.0 and earlier Description: The issue concerns a lack of authorization and CSRF checks when updating settings in the plugin, along with missing sanitization and escaping. This allows any authenticated use...

5.4CVSS5.7AI score0.00141EPSS
Exploits2References4
Rows per page
Query Builder