91 matches found
EUVD-2026-26496
The Ultimate Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.14. This is due to a flawed nonce validation conditional in the 'handlemoduleactions' function. This makes it possible for unauthenticated attackers to toggle plugin...
CVE-2016-20053
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields...
CVE-2016-20053 Redaxo CMS 5.2 Cross-Site Request Forgery via users endpoint
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields...
EUVD-2026-16171
The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...
EUVD-2026-14004
The Redirect countdown plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the countdownsettingscontent function. This makes it possible for unauthenticated attackers to update the plugin settings...
CVE-2016-20028
ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling...
CVE-2016-20028
CVE-2016-20028 affects ZKTeco ZKBioSecurity 3.0. The issue is a Cross-Site Request Forgery (CSRF) that lets an attacker cause administrative actions by coaxing an authenticated user to visit a malicious page. Attacks can craft HTTP requests that add superadmin accounts without validity checks, po...
CVE-2026-2112
The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pendi...
EUVD-2026-1857
The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce...
PT-2026-1441
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...
EUVD-2025-199854
The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...
PT-2025-47256
Name of the Vulnerable Software and Affected Versions Like-it plugin for WordPress versions prior to 2.3 Description The Like-it plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is caused by insufficient or incorrect nonce validation within the likeit conf function. An...
EUVD-2018-15729
Malware in sbrugna...
EUVD-2020-5794
Malware in sbrugna...
EUVD-2020-30076
Malware in sbrugna...
EUVD-2019-14830
Malware in sbrugna...
EUVD-2018-8144
Malware in sbrugna...
EUVD-2009-1718
Malware in sbrugna...
EUVD-2021-8403
Malicious code in bioql PyPI...
EUVD-2022-34602
Malicious code in bioql PyPI...