
CVE-2025-47551 – WordPress Wiki Embed plugin <= 1.4.6 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
https://notcve.org/view.php?id=CVE-2025-47551
07 May 2025 — Cross-Site Request Forgery (CSRF) vulnerability in ctltwp Wiki Embed allows Cross Site Request Forgery. This issue affects Wiki Embed: from n/a through 1.4.6. The Wiki Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.6. This is due to missing or incorrect nonce validation on the wikiembed_settings_page() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site ... • https://patchstack.com/database/wordpress/plugin/wiki-embed/vulnerability/wordpress-wiki-embed-plugin-1-4-6-cross-site-request-forgery-csrf-to-settings-change-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2025-32262 – WordPress RDP Wiki Embed plugin <= 1.2.20 - Cross Site Request Forgery (CSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2025-32262
04 Apr 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Robert D Payne RDP Wiki Embed allows Cross Site Request Forgery. This issue affects RDP Wiki Embed: from n/a through 1.2.20. The RDP Wiki Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.20. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into pe... • https://patchstack.com/database/wordpress/plugin/rdp-wiki-embed/vulnerability/wordpress-rdp-wiki-embed-plugin-1-2-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2024-49320 – WordPress Encyclopedia / Glossary / Wiki plugin <= 1.7.60 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49320
15 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dennis Hoppe Encyclopedia / Glossary / Wiki allows Reflected XSS.This issue affects Encyclopedia / Glossary / Wiki: from n/a through 1.7.60. The Encyclopedia / Glossary / Wiki plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.7.60 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ... • https://patchstack.com/database/vulnerability/encyclopedia-lexicon-glossary-wiki-dictionary/wordpress-encyclopedia-glossary-wiki-plugin-1-7-60-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-28865 – django-wiki denial of service via regular expression
https://notcve.org/view.php?id=CVE-2024-28865
18 Mar 2024 — django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users. django-wiki es un sistema wiki para Django. Las instalaciones de django-wiki anteriores a la versión 0.10.1 son vulnerables al contenido de artículos creados con fines malint... • https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c • CWE-1333: Inefficient Regular Expression Complexity •

CVE-2020-19277
https://notcve.org/view.php?id=CVE-2020-19277
04 Apr 2023 — Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via javascript code in the markdown editor. • https://github.com/phachon/mm-wiki/issues/68 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2020-19278
https://notcve.org/view.php?id=CVE-2020-19278
04 Apr 2023 — Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter. • https://github.com/phachon/mm-wiki/issues/68 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2022-42985
https://notcve.org/view.php?id=CVE-2022-42985
17 Nov 2022 — The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS). La extensión ScratchLogin hasta la versión 1.1 para MediaWiki no escapa a los mensajes de error de verificación, lo que permite a los usuarios con privilegios de administrador realizar cross-site scripting (XSS). • https://github.com/InternationalScratchWiki/mediawiki-scratch-login/blob/4d2c1229b558b9cd685961274f20b621d114f4db/ScratchLogin.common.php#L104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2021-39394
https://notcve.org/view.php?id=CVE-2021-39394
26 Aug 2022 — mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information. Se ha detectado que mm-wiki versión v0.2.1, contiene una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) que permite a atacantes añadir arbitrariamente cuentas de usuario y modificar la información del usuario. • https://github.com/phachon/mm-wiki/issues/316 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2021-39393
https://notcve.org/view.php?id=CVE-2021-39393
26 Aug 2022 — mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor. Se ha detectado que mm-wiki versión v0.2.1, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del editor markdown. • https://github.com/phachon/mm-wiki/issues/315 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2021-46252
https://notcve.org/view.php?id=CVE-2021-46252
15 Feb 2022 — A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch-confirmaccount-v3 allows attackers to modify account request requirement bypasses. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el archivo RequirementsBypassPage.php de Scratch Wiki scratch-confirmaccount-v3, permite a atacantes modificar los requisitos de petición de cuentas • https://github.com/InternationalScratchWiki/scratch-confirmaccount-v3/commit/5ed5479de0a279377aa9f64362481efb4e75d8f9 • CWE-352: Cross-Site Request Forgery (CSRF) •