26 matches found
EUVD-2019-5834
Malware in sbrugna...
EUVD-2019-6752
Malware in sbrugna...
EUVD-2015-9234
Malware in sbrugna...
EUVD-2025-10543
Malicious code in bioql PyPI...
EUVD-2022-24888
Malicious code in bioql PyPI...
CVE-2025-54042 WordPress WP Post Hide plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in xfinitysoft WP Post Hide allows Cross Site Request Forgery. This issue affects WP Post Hide: from n/a through 1.0.9...
CVE-2025-54022 WordPress Coupon Affiliates plugin <= 6.4.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Cross Site Request Forgery. This issue affects Coupon Affiliates: from n/a through 6.4.0...
CVE-2025-53272
CVE-2025-53272 : CSRF vulnerability in WordPress Image Cleanup plugin affecting versions up to 1.9.2. CVSS v3.1 base score 4.3 (Medium). Public details indicate a CSRF flaw but no exploitation status is provided in the available documents. Remediation specifics (e.g., fixed version) are not expli...
CVE-2024-3643
The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack...
CVE-2024-7892
The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2022-1793
The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public...
CVE-2022-1791
The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check...
CVE-2021-24776
The WP Performance Score Booster WordPress plugin before 2.1 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2021-24766
The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin before 3.0.9 does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delete all of them via a CSRF attack...
CVE-2021-24466
The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSRF checks in place, allowing attackers to make logged in administrators do unwanted actions, such as add/edit/delete arbitrary verses and change the settings. Due to the lack of sanitisation in the settings and verses, this coul...
CVE-2019-15113
The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF...
CVE-2018-21006
The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF...
CVE-2015-9322
The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF...
WordPress QuickCal plugin <= 1.0.15 - CSRF to Privilege Escalation vulnerability
CSRF to Privilege Escalation vulnerability discovered by Bonds in WordPress Plugin QuickCal - Appointment Booking Calendar for WordPress versions = 1.0.15...
CVE-2023-7229
The illi Link Party! WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...