Plugin

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-6451 MEDIUM This Month

Cross-Site Request Forgery (CSRF) in the cms-fuer-motorrad-werkstaetten WordPress plugin version 1.0.0 and earlier allows unauthenticated attackers to delete arbitrary vehicles, contacts, suppliers, receipts, positions, catalog articles, stock items, and supplier catalogs by tricking logged-in users into clicking a malicious link. Eight AJAX handlers lack nonce validation and capability checks, enabling direct data destruction without authentication or authorization verification. User interaction is required (UI:R), limiting the attack to social engineering scenarios rather than direct network exploitation.

CSRF WordPress Plugin
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-6451
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) in the cms-fuer-motorrad-werkstaetten WordPress plugin version 1.0.0 and earlier allows unauthenticated attackers to delete arbitrary vehicles, contacts, suppliers, receipts, positions, catalog articles, stock items, and supplier catalogs by tricking logged-in users into clicking a malicious link. Eight AJAX handlers lack nonce validation and capability checks, enabling direct data destruction without authentication or authorization verification. User interaction is required (UI:R), limiting the attack to social engineering scenarios rather than direct network exploitation.

CSRF WordPress Plugin
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy