CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Cvelist•added 2026/06/09 3:41 a.m.•31 views

CVE-2026-8909 WpMobi <= 0.0.3 - Cross-Site Request Forgery via save_general_settings Action

The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect nonce validation on the handleSaveGeneralSettings function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS0.00128EPSS

Exploits0References4

CVE•added 2026/06/09 3:41 a.m.•12 views

CVE-2026-8909

WpMobi WordPress plugin (versions ≤ 0.0.3) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in handleSaveGeneralSettings. This allows unauthenticated attackers to modify General Settings and inject scripts into an administrator’s browser via unescaped app_name...

4.3CVSS5.5AI score0.00128EPSS

Exploits0References4

EUVD•added 2026/06/09 3:41 a.m.•8 views

EUVD-2026-35306

4.3CVSS5.5AI score0.00128EPSS

Exploits0References4

Vulnrichment•added 2026/06/09 3:41 a.m.•6 views

CVE-2026-8909 WpMobi <= 0.0.3 - Cross-Site Request Forgery via save_general_settings Action

4.3CVSS5.5AI score0.00128EPSS

Exploits0References4

CNNVD•added 2026/06/09 12:0 a.m.•5 views

WordPress plugin WpMobi 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.4AI score0.00128EPSS

Exploits0References2