CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21686 matches found

EUVD-2026-35315

The FastPicker, an order picker and order management system oms for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the settingsPage function. This makes i...

4.3CVSS5.4AI score

Exploits0References4

EUVD•added 2 hours ago•4 views

EUVD-2026-35308

The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rcoptionspage function. This makes it possible for unauthenticated attackers to modify plugin settings...

4.3CVSS5.4AI score

Exploits0References4

EUVD•added 2 hours ago•3 views

EUVD-2026-35306

The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect nonce validation on the handleSaveGeneralSettings function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS5.5AI score

Exploits0References5

EUVD•added 2 hours ago•3 views

EUVD-2026-35304

The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation on the processinit function hooked to admininit, which saves plugin settings zoom-level, focus-lat, focus-lng, selplaces, selroutes v...

6.1CVSS5.5AI score

Exploits0References5

EUVD•added 2 hours ago•3 views

EUVD-2026-35313

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

6.1CVSS5.4AI score

Exploits0References8

NVD•added 3 hours ago•6 views

CVE-2026-8902

4.3CVSS

Exploits0References3

NVD•added 3 hours ago•5 views

CVE-2026-8910

6.1CVSS

Exploits0References7

NVD•added 3 hours ago•4 views

CVE-2026-8909

4.3CVSS

Exploits0References4

NVD•added 3 hours ago•5 views

CVE-2026-8940

The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-level included script in msp-options.php. This makes it possible for unauthenticated attackers to chan...

4.3CVSS

Exploits0References5

NVD•added 3 hours ago•3 views

CVE-2026-8907

6.1CVSS

Exploits0References4

NVD•added 3 hours ago•2 views

CVE-2026-10553

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFootnotesoptionssubpanel function. This makes it possible for unauthenticated attackers to update th...

4.3CVSS

Exploits0References4

CVE•added 5 hours ago•7 views

CVE-2026-8904

The CVE-2026-8904 entry concerns the WordPress plugin FastPicker, up to version 1.0.2. The underlying issue is missing or incorrect nonce validation in the settingsPage function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to modify plugin settings (e.g., webhook in...

4.3CVSS5.4AI score

Exploits0References3

Cvelist•added 5 hours ago•4 views

CVE-2026-8904 FastPicker, an order picker and order management system (oms) for WooCommerce on steroids <= 1.0.2 - Cross-Site Request Forgery via Settings Save

4.3CVSS

Exploits0References3

CVE•added 5 hours ago•6 views

CVE-2026-10553

CVE-2026-10553 affects the WordPress plugin jquery-hover-footnotes (≤ 1.4) . The root cause is missing/incorrect nonce validation in the jqFootnotes_options_subpanel function, enabling unauthenticated actors to update the plugin’s settings. Updated option values (e.g., jqfoot_anchor_open, jqfoot_...

4.3CVSS5.5AI score

Exploits0References4

Cvelist•added 5 hours ago•3 views

CVE-2026-8910 WP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' Parameter

6.1CVSS

Exploits0References7

Cvelist•added 5 hours ago•4 views

CVE-2026-8902 AJAX Report Comments <= 2.0.4 - Cross-Site Request Forgery to Settings Update

4.3CVSS

Exploits0References3

CVE•added 5 hours ago•6 views

CVE-2026-8909

WpMobi WordPress plugin (versions ≤ 0.0.3) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in handleSaveGeneralSettings. This allows unauthenticated attackers to modify General Settings and inject scripts into an administrator’s browser via unescaped app_name...

4.3CVSS5.5AI score

Exploits0References4

CVE•added 5 hours ago•6 views

CVE-2026-8902

CVE-2026-8902 affects the WordPress plugin “AJAX Report Comments” (versions ≤ 2.0.4). The vulnerability stems from missing or incorrect nonce validation on the rc_options_page function, enabling Cross‑Site Request Forgery. This allows unauthenticated attackers to forge requests and modify plugin ...

4.3CVSS5.4AI score

Exploits0References3

CVE•added 5 hours ago•5 views

CVE-2026-8907

CVE-2026-8907 affects the WordPress plugin WP-Ultimate-Map (versions ≤ 1.1). The root cause is missing nonce validation on the process_init() handler (hooked to admin_init), which saves settings (zoom-level, focus-lat, focus-lng, sel_places, sel_routes) based solely on a save-setting POST paramet...

6.1CVSS5.5AI score

Exploits0References4

Cvelist•added 5 hours ago•3 views

CVE-2026-8907 WP-Ultimate-Map <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'zoom-level' Parameter

6.1CVSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by