Lucene search
+L

1244 matches found

cve
cve
added 2026/06/09 3:41 a.m.23 views

CVE-2026-8902

CVE-2026-8902 affects the WordPress plugin “AJAX Report Comments” (versions ≤ 2.0.4). The vulnerability stems from missing or incorrect nonce validation on the rc_options_page function, enabling Cross‑Site Request Forgery. This allows unauthenticated attackers to forge requests and modify plugin ...

4.3CVSS5.4AI score0.00124EPSS
Exploits0References3
patchstack
patchstack
added 2026/06/08 3:5 p.m.11 views

WordPress AJAX Report Comments plugin <= 2.0.4 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin AJAX Report Comments versions = 2.0.4...

4.3CVSS5.5AI score0.00124EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/06/05 7:33 p.m.12 views

CVE-2026-9722

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.4AI score0.00131EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:31 p.m.10 views

CVE-2026-6400

The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options function, which handles plugin settings updates. The form template does not include a...

4.3CVSS5.3AI score0.00163EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:28 p.m.10 views

CVE-2026-4140

The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the niorderexportaction AJAX handler function. The handler processes settings updates when the 'page' parameter is...

4.3CVSS5.3AI score0.00156EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:24 p.m.11 views

CVE-2026-8906

The WP Promoter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts...

6.1CVSS5.4AI score0.00119EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/02 11:27 p.m.47 views

CVE-2026-9732 EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

4.3CVSS0.00128EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/02 11:27 p.m.8 views

CVE-2026-9732 EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
euvd
euvd
added 2026/06/02 7:48 a.m.13 views

EUVD-2026-33899

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/02 7:48 a.m.12 views

CVE-2026-9722 Laiser Tag <= 1.2.5 - Cross-Site Request Forgery to Plugin Settings Update via Settings Form

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/02 7:48 a.m.42 views

CVE-2026-9722 Laiser Tag <= 1.2.5 - Cross-Site Request Forgery to Plugin Settings Update via Settings Form

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00131EPSS
Exploits0References4
cve
cve
added 2026/06/02 7:48 a.m.23 views

CVE-2026-9730

The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.0 due to missing/incorrect nonce validation on gmz_comment_settings_save, allowing unauthenticated attackers to modify the plugin’s comment-display setting via a forged reque...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References4
cve
cve
added 2026/06/02 7:48 a.m.21 views

CVE-2026-9599

The CVE-2026-9599 entry describes a CSRF vulnerability in the WordPress Tectite Forms plugin (versions up to and including 1.3) caused by missing or incorrect nonce validation in admin_init. This allows unauthenticated attackers to modify plugin settings (e.g., tectite_forms_button) through forge...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/02 7:48 a.m.10 views

CVE-2026-9599 Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/02 7:48 a.m.44 views

CVE-2026-9599 Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS0.00128EPSS
Exploits0References4
patchstack
patchstack
added 2026/06/01 7:43 p.m.15 views

WordPress Google Plus One Bottom plugin <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by swat in WordPress Plugin Google Plus One Bottom versions = 0.0.2...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2026/06/01 7:43 p.m.13 views

WordPress Tectite Forms plugin <= 1.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Tectite Forms versions = 1.3...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/05/27 7:45 a.m.36 views

CVE-2026-8942 MetaMagic SEO Plugin <= 1.6 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page

The MetaMagic SEO Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the metamagicupdateoptions function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS0.00124EPSS
Exploits0References3
cve
cve
added 2026/05/27 7:45 a.m.27 views

CVE-2026-8942

CVE-2026-8942 affects the WordPress MetaMagic SEO Plugin (versions up to 1.6). The issue is a Cross-Site Request Forgery due to missing or incorrect nonce validation in the metamagic_update_options function, allowing unauthenticated attackers to modify SEO settings (e.g., enable/disable the plugi...

4.3CVSS5.7AI score0.00124EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/27 7:45 a.m.16 views

CVE-2026-8906 WP Promoter <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'popup_width' Parameter

The WP Promoter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts...

6.1CVSS5.7AI score0.00119EPSS
Exploits0References5
Rows per page
Query Builder