Lucene search
+L

152 matches found

CVE
CVE
added 2025/12/05 5:31 a.m.14 views

CVE-2025-13360

CVE-2025-13360 relates to the WordPress plugin Quantic Social Image Hover (versions up to and including 1.0.8). The vulnerability is a Cross-Site Request Forgery (CSRF) due to missing nonce validation on the plugin’s settings update function. Exploitation requires tricking a site administrator in...

4.3CVSS5.1AI score0.00129EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.5 views

PT-2025-49193

The Norby AI plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings and inject...

4.3CVSS5.5AI score0.00129EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/04 4:27 a.m.11 views

CVE-2025-12350 DominoKit <= 1.1.0 - Missing Authorization to Unauthenticated Settings Update

The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpajaxnoprivdominokitoptionadminaction AJAX endpoint in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update plugin settings...

5.3CVSS0.00219EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-6782

Malware in sbrugna...

4.3CVSS5.2AI score0.00889EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-24668

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.00124EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-24125

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/14 3:25 a.m.13 views

CVE-2025-9880

The Side Slide Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

6.1CVSS5.3AI score0.00148EPSS
Exploits0References1
NVD
NVD
added 2025/08/30 2:15 a.m.6 views

CVE-2025-9618

The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify plugin...

4.3CVSS0.00124EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/30 1:45 a.m.3 views

CVE-2025-9618 Related Posts Lite <= 1.12 - Cross-Site Request Forgery

The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify plugin...

4.3CVSS4.8AI score0.00124EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/16 6:11 a.m.12 views

CVE-2025-6790

The Quiz and Survey Master QSM WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS7AI score0.00124EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 6:0 a.m.16 views

CVE-2025-6790

The CVE concerns WordPress plugin Quiz and Survey Master (QSM) versions before 10.2.3. The root cause is lack of CSRF protection when updating plugin settings, which could allow a logged-in admin to have settings modified via CSRF. The vulnerability is identified across multiple sources with a CV...

4.3CVSS7AI score0.00124EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.6 views

PT-2025-33126 · WordPress · Quiz/Survey Master

Name of the Vulnerable Software and Affected Versions: Quiz and Survey Master WordPress plugin versions prior to 10.2.3 Description: The Quiz and Survey Master QSM WordPress plugin does not have Cross-Site Request Forgery CSRF checks in place when updating its settings. This could allow attackers...

4.3CVSS6.3AI score0.00124EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/08/13 6:27 a.m.9 views

CVE-2025-7965

The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS7AI score0.00147EPSS
Exploits0References1
NVD
NVD
added 2025/08/11 6:15 a.m.5 views

CVE-2025-7965

The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS0.00147EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/11 12:0 a.m.5 views

PT-2025-32522 · WordPress · Cbx Restaurant Booking

Name of the Vulnerable Software and Affected Versions: CBX Restaurant Booking WordPress plugin versions through 1.2.1 Description: The plugin lacks CSRF Cross-Site Request Forgery protection when updating settings. This could allow attackers to make a logged-in administrator change settings via a...

4.3CVSS7.1AI score0.00147EPSS
Exploits0References5
NVD
NVD
added 2025/06/04 6:15 a.m.13 views

CVE-2025-4580

The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS0.00145EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/27 12:0 a.m.6 views

NetAlertX 访问控制错误漏洞

NetAlertX is a network intruder and presence detector from the jokob-sk individual developer. An access control error vulnerability exists in NetAlertX versions prior to 25.4.14 that stems from a bypass of the authentication mechanism and could lead to an unauthorized update of settings...

10CVSS6.7AI score0.00527EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.6 views

CVE-2024-10726

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to inject malicious w...

6.1CVSS7.2AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:35 a.m.9 views

CVE-2023-5348

The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users...

6.1CVSS5.9AI score0.00531EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 11:32 p.m.6 views

CVE-2022-1760

The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS6.6AI score0.00285EPSS
Exploits2References1
Rows per page
Query Builder