CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

Cvelist•added 2026/05/20 6:46 a.m.•31 views

CVE-2026-6405 Anomify AI <= 0.3.6 - Cross-Site Request Forgery

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in versions up to and including 0.3.6. This is due to missing nonce verification on the settings page handler and insufficient output...

4.3CVSS0.00023EPSS

Exploits0References7

CVE•added 2026/05/05 2:26 a.m.•5 views

CVE-2026-6701

The WordPress addfreespace plugin (versions ≤ 0.1.3) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation, allowing unauthenticated attackers to modify settings and inject stored scripts via a forged request, by convincing an admin to perform an action. Root cause...

4.3CVSS5.7AI score0.0002EPSS

Exploits0References11

Vulnrichment•added 2026/04/22 7:45 a.m.•0 views

CVE-2026-4121 Kcaptcha <= 1.0.1 - Cross-Site Request Forgery to Settings Update

The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler admin/setting.php. The settings form does not include a wpnoncefield and the form processing code...

4.3CVSS5.7AI score0.00007EPSS

Exploits0References7

Cvelist•added 2026/03/21 3:27 a.m.•27 views

CVE-2026-1278 Mandatory Field <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Fields

The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS0.00034EPSS

Exploits0References5

Positive Technologies•added 2026/01/24 12:0 a.m.•7 views

PT-2026-4605

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

4.3CVSS5.5AI score0.0001EPSS

Exploits1References5

RedhatCVE•added 2026/01/07 9:19 a.m.•4 views

CVE-2024-2505

The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability...

8.1CVSS6.6AI score0.00634EPSS

Exploits2References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-11628

Malware in sbrugna...

5.4CVSS5.4AI score0.0018EPSS

Exploits2References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-37773