Skip to main content
CVE-2025-13438 MEDIUM This Month

The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dieno_update_page_title. [CVSS 4.3 MEDIUM]

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13413 MEDIUM This Month

Country Blocker for AdSense (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-26326 MEDIUM PATCH This Month

OpenClaw versions prior to 2026.2.14 expose sensitive configuration secrets through the skills.status endpoint to clients with operator.read privileges, allowing authenticated attackers to retrieve raw credential values including Discord tokens. The vulnerability affects AI/ML deployments where read-scoped access is intended to be non-sensitive; affected users should upgrade to version 2026.2.14 or later and rotate any exposed Discord tokens.

Information Disclosure AI / ML Openclaw
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 6 of 6

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy