Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Customify theme for WordPress is vulnerable to Cross-Site Request Forgery in version 0.4.11. This is due to missing or incorrect nonce validation on the reset_customize_section function. This make
The Optimize More! – CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the reset
The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0. This is due to missing or incorrect nonce validation on the 'theme_editor_t
The Coding Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the settings update functiona
The Theme My Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.1.7. This is due to missing or incorrect nonce validation on the tml_admin_s
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' functio
The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it pos
The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'add_plugins_page' and 'a
The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation when processing form submissions
The WP Blast | SEO & Performance Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.6. This is due to missing or incorrect nonce validat
The Cardealer theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.4. This is due to missing nonce validation on the 'update_user_profile' function. Th
The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.8. This is due to missing or incorrect nonce validation on the options.php setti
The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the reset_db_page() functi
The SR WP Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing nonce validation on the sr_minify_html_theme()
The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect
The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePlug
The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect no
The xShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'xshare_plugin_reset()' function
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'save_settings' function
Page 1+ Next →