10 matches found
EUVD-2026-24664
The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler admin/setting.php. The settings form does not include a wpnoncefield and the form processing code...
CVE-2026-2294
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uipsaveglobalsettings' function in all versions up to, and including, 3.5.09. This makes it possible for...
EUVD-2022-34790
Malicious code in bioql PyPI...
EUVD-2022-44377
Malicious code in bioql PyPI...
CVE-2025-7040 Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Settings Modification via set_organization_settings Action
The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setorganizationsettings' action of the cssohandleactions function in all versions up to, and including, 1.0.19. The handler reads client-supplied POST parameters fo...
CVE-2020-5641
Cross-site request forgery CSRF vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors...
CVE-2025-0935
The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to...
CVE-2025-0935
CVE-2025-0935 concerns the WordPress plugin Media Library Folders (versions up to and including 8.3.0). The issue is a missing capability check on several AJAX actions, allowing authenticated attackers with Author-level access or higher to change plugin settings (e.g., IP-blocking). Impact is una...
CVE-2023-2352
The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.4. This is due to missing or incorrect nonce validation on the chpabdaction function. This makes it possible for unauthenticated attackers to update or reset plugin...
WordPress Transposh WordPress Translation plugin <= 1.0.8.1 - Unauthorized Settings Change vulnerability
Unauthorized Settings Change vulnerability discovered by Julien Ahrens in WordPress Transposh WordPress Translation plugin versions = 1.0.8.1. Solution Deactivate and delete. This plugin has been closed as of February 7, 2022 and is not available for download. Reason: Security Issue...