CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

92 matches found

RedhatCVE•added 2026/06/10 8:59 a.m.•10 views

CVE-2026-8910

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

6.1CVSS5.4AI score0.0012EPSS

Exploits0References1

EUVD•added 2026/05/01 11:18 a.m.•3 views

EUVD-2026-26496

The Ultimate Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.14. This is due to a flawed nonce validation conditional in the 'handlemoduleactions' function. This makes it possible for unauthenticated attackers to toggle plugin...

4.3CVSS5.7AI score0.00151EPSS

Exploits0References3

ATTACKERKB•added 2026/04/04 1:50 p.m.•2 views

CVE-2016-20053

Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields...

6.9CVSS5.9AI score0.00146EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/04/04 1:50 p.m.•2 views

CVE-2016-20053 Redaxo CMS 5.2 Cross-Site Request Forgery via users endpoint

6.9CVSS5.9AI score0.00146EPSS

Exploits1References2

EUVD•added 2026/03/26 3:30 p.m.•3 views

EUVD-2026-16171

The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...

4.3CVSS5.7AI score0.00156EPSS

Exploits0References5

EUVD•added 2026/03/21 6:30 a.m.•3 views

EUVD-2026-14004

The Redirect countdown plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the countdownsettingscontent function. This makes it possible for unauthenticated attackers to update the plugin settings...

4.3CVSS5.7AI score0.0014EPSS

Exploits0References4

NVD•added 2026/03/16 2:17 p.m.•5 views

CVE-2016-20028

ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling...

5.3CVSS0.00207EPSS

Exploits1References6

CVE•added 2026/03/15 1:35 p.m.•7 views

CVE-2016-20028

CVE-2016-20028 affects ZKTeco ZKBioSecurity 3.0. The issue is a Cross-Site Request Forgery (CSRF) that lets an attacker cause administrative actions by coaxing an authenticated user to visit a malicious page. Attacks can craft HTTP requests that add superadmin accounts without validity checks, po...

5.3CVSS5.7AI score0.00207EPSS

Exploits1References6

NVD•added 2026/02/18 8:16 a.m.•3 views

CVE-2026-2112

The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pendi...

4.3CVSS0.00165EPSS

Exploits0References5

EUVD•added 2026/01/10 8:22 a.m.•4 views

EUVD-2026-1857

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce...

5.4CVSS5AI score0.00123EPSS

Exploits0References4

Positive Technologies•added 2026/01/06 12:0 a.m.•7 views

PT-2026-1441

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

5.3CVSS6.7AI score0.00142EPSS

Exploits1References8

EUVD•added 2025/11/28 3:27 a.m.•4 views

EUVD-2025-199854

The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...

4.3CVSS4.8AI score0.00124EPSS

Exploits0References4

Positive Technologies•added 2025/11/18 12:0 a.m.•4 views

PT-2025-47256

Name of the Vulnerable Software and Affected Versions Like-it plugin for WordPress versions prior to 2.3 Description The Like-it plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is caused by insufficient or incorrect nonce validation within the likeit conf function. An...

6.1CVSS6.2AI score0.00124EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-14830

Malware in sbrugna...

7.8CVSS7.6AI score0.00828EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-30076

Malware in sbrugna...

7.8CVSS7.6AI score0.00794EPSS

Exploits0References2