152 matches found
CVE-2025-13360
CVE-2025-13360 relates to the WordPress plugin Quantic Social Image Hover (versions up to and including 1.0.8). The vulnerability is a Cross-Site Request Forgery (CSRF) due to missing nonce validation on the plugin’s settings update function. Exploitation requires tricking a site administrator in...
PT-2025-49193
The Norby AI plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings and inject...
CVE-2025-12350 DominoKit <= 1.1.0 - Missing Authorization to Unauthenticated Settings Update
The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpajaxnoprivdominokitoptionadminaction AJAX endpoint in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update plugin settings...
EUVD-2019-6782
Malware in sbrugna...
EUVD-2025-24668
Malicious code in bioql PyPI...
EUVD-2025-24125
Malicious code in bioql PyPI...
CVE-2025-9880
The Side Slide Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicio...
CVE-2025-9618
The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify plugin...
CVE-2025-9618 Related Posts Lite <= 1.12 - Cross-Site Request Forgery
The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify plugin...
CVE-2025-6790
The Quiz and Survey Master QSM WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2025-6790
The CVE concerns WordPress plugin Quiz and Survey Master (QSM) versions before 10.2.3. The root cause is lack of CSRF protection when updating plugin settings, which could allow a logged-in admin to have settings modified via CSRF. The vulnerability is identified across multiple sources with a CV...
PT-2025-33126 · WordPress · Quiz/Survey Master
Name of the Vulnerable Software and Affected Versions: Quiz and Survey Master WordPress plugin versions prior to 10.2.3 Description: The Quiz and Survey Master QSM WordPress plugin does not have Cross-Site Request Forgery CSRF checks in place when updating its settings. This could allow attackers...
CVE-2025-7965
The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2025-7965
The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
PT-2025-32522 · WordPress · Cbx Restaurant Booking
Name of the Vulnerable Software and Affected Versions: CBX Restaurant Booking WordPress plugin versions through 1.2.1 Description: The plugin lacks CSRF Cross-Site Request Forgery protection when updating settings. This could allow attackers to make a logged-in administrator change settings via a...
CVE-2025-4580
The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
NetAlertX 访问控制错误漏洞
NetAlertX is a network intruder and presence detector from the jokob-sk individual developer. An access control error vulnerability exists in NetAlertX versions prior to 25.4.14 that stems from a bypass of the authentication mechanism and could lead to an unauthorized update of settings...
CVE-2024-10726
The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to inject malicious w...
CVE-2023-5348
The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users...
CVE-2022-1760
The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...