Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26926 | 2025-02-25 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in NotFound Booknetic. This issue affects Booknetic: from n/a through 4.0.9.
|
|||||
| CVE-2025-0808 | 1 Wp-property-hive | 1 Houzez Property Feed | 2025-02-25 | N/A | 4.3 MEDIUM |
|
The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the "deleteexport" action. This makes it possible for unauthenticated attackers to delete property feed exports via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2024-13883 | 1 Victorfreitas | 1 Wpupper Share Buttons | 2025-02-25 | N/A | 4.3 MEDIUM |
|
The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'save_custom_css_request' function. This makes it possible for unauthenticated attackers to inject custom CSS to modify a site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2025-1644 | 2025-02-25 | 5.0 MEDIUM | 4.3 MEDIUM | ||
|
A vulnerability classified as problematic has been found in Benner ModernaNet up to 1.2.0. Affected is an unknown function of the file /DadosPessoais/SG_Gravar. The manipulation of the argument idItAg leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 1.2.1 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2025-1643 | 2025-02-25 | 5.0 MEDIUM | 4.3 MEDIUM | ||
|
A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been rated as problematic. This issue affects some unknown processing of the file /DadosPessoais/SG_AlterarSenha. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2024-57161 | 1 07fly | 1 Customer Relationship Management | 2025-02-24 | N/A | 4.3 MEDIUM |
|
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.html
|
|||||
| CVE-2024-57160 | 1 07fly | 1 Customer Relationship Management | 2025-02-24 | N/A | 4.3 MEDIUM |
|
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.
|
|||||
| CVE-2025-27357 | 2025-02-24 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Musa AVCI Önceki Yazı Link allows Cross Site Request Forgery. This issue affects Önceki Yazı Link: from n/a through 1.3.
|
|||||
| CVE-2025-27355 | 2025-02-24 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Nicolas GRILLET Woocommerce – Loi Hamon allows Stored XSS. This issue affects Woocommerce – Loi Hamon: from n/a through 1.1.0.
|
|||||
| CVE-2025-27353 | 2025-02-24 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Bob Namaste! LMS allows Cross Site Request Forgery. This issue affects Namaste! LMS: from n/a through 2.6.5.
|
|||||
| CVE-2025-27344 | 2025-02-24 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in filipstepanov Phee's LinkPreview allows Cross Site Request Forgery. This issue affects Phee's LinkPreview: from n/a through 1.6.7.
|
|||||
| CVE-2025-27342 | 2025-02-24 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in josesan WooCommerce Recargo de Equivalencia allows Cross Site Request Forgery. This issue affects WooCommerce Recargo de Equivalencia: from n/a through 1.6.24.
|
|||||
| CVE-2025-27340 | 2025-02-24 | N/A | 5.4 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Marc F12-Profiler allows Cross Site Request Forgery. This issue affects F12-Profiler: from n/a through 1.3.9.
|
|||||
| CVE-2025-27339 | 2025-02-24 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Will Anderson Minimum Password Strength allows Cross Site Request Forgery. This issue affects Minimum Password Strength: from n/a through 1.2.0.
|
|||||
| CVE-2025-27336 | 2025-02-24 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Alex Prokopenko / JustCoded Just Variables allows Cross Site Request Forgery. This issue affects Just Variables: from n/a through 1.2.3.
|
|||||
| CVE-2025-27335 | 2025-02-24 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Free plug in by SEO Roma Auto Tag Links allows Cross Site Request Forgery. This issue affects Auto Tag Links: from n/a through 1.0.13.
|
|||||
| CVE-2025-27332 | 2025-02-24 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in gmnazmul Smart Maintenance & Countdown allows Stored XSS. This issue affects Smart Maintenance & Countdown: from n/a through 1.2.
|
|||||
| CVE-2025-27328 | 2025-02-24 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in queeez WP-PostRatings Cheater allows Cross Site Request Forgery. This issue affects WP-PostRatings Cheater: from n/a through 1.5.
|
|||||
| CVE-2025-27321 | 2025-02-24 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Blighty Blightly Explorer allows Stored XSS. This issue affects Blightly Explorer: from n/a through 2.3.0.
|
|||||
| CVE-2025-27318 | 2025-02-24 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in ixiter Simple Google Sitemap allows Cross Site Request Forgery. This issue affects Simple Google Sitemap: from n/a through 1.6.
|
|||||
| CVE-2025-27317 | 2025-02-24 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in IT-RAYS RAYS Grid allows Cross Site Request Forgery. This issue affects RAYS Grid: from n/a through 1.3.1.
|
|||||
| CVE-2025-27316 | 2025-02-24 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in hosting.io JPG, PNG Compression and Optimization allows Cross Site Request Forgery. This issue affects JPG, PNG Compression and Optimization: from n/a through 1.7.35.
|
|||||
| CVE-2025-27315 | 2025-02-24 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in wptom All-In-One Cufon allows Cross Site Request Forgery. This issue affects All-In-One Cufon: from n/a through 1.3.0.
|
|||||
| CVE-2025-27311 | 2025-02-24 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in luk3thomas Bulk Content Creator allows Cross Site Request Forgery. This issue affects Bulk Content Creator: from n/a through 1.2.1.
|
|||||
| CVE-2025-27298 | 2025-02-24 | N/A | 8.3 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in cmstactics WP Video Posts allows OS Command Injection. This issue affects WP Video Posts: from n/a through 3.5.1.
|
|||||
| CVE-2025-27290 | 2025-02-24 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in seyyed-amir Erima Zarinpal Donate allows Cross Site Request Forgery. This issue affects Erima Zarinpal Donate: from n/a through 1.0.
|
|||||
| CVE-2025-27277 | 2025-02-24 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in tiefpunkt Add Linked Images To Gallery allows Cross Site Request Forgery. This issue affects Add Linked Images To Gallery: from n/a through 1.4.
|
|||||
| CVE-2025-27276 | 2025-02-24 | N/A | 8.8 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Photo Gallery ( Responsive ) allows Privilege Escalation. This issue affects Photo Gallery ( Responsive ): from n/a through 4.0.
|
|||||
| CVE-2024-13555 | 1 1clickmigration | 1 1 Click Migration | 2025-02-24 | N/A | 5.3 MEDIUM |
|
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the cancel_actions() function. This makes it possible for unauthenticated attackers to cancel a triggered backup via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2024-13522 | 1 Magayo | 1 Magayo Lottery Results | 2025-02-24 | N/A | 6.1 MEDIUM |
|
The magayo Lottery Results plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.12. This is due to missing or incorrect nonce validation on the 'magayo-lottery-results' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2024-10581 | 1 Designinvento | 1 Directorypress | 2025-02-24 | N/A | 4.3 MEDIUM |
|
The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it possible for unauthenticated attackers to update listing statuses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2025-27012 | 2025-02-22 | N/A | 8.8 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows Privilege Escalation. This issue affects A1POST.BG Shipping for Woo: from n/a through 1.5.1.
|
|||||
| CVE-2024-13684 | 1 Smartzminds | 1 Reset | 2025-02-21 | N/A | 8.1 HIGH |
|
The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the reset_db_page() function. This makes it possible for unauthenticated attackers to reset several tables in the database like comments, themes, plugins, and more via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2024-13852 | 1 Backie | 1 Option Editor | 2025-02-21 | N/A | 8.8 HIGH |
|
The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the plugin_page() function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to update the default role for registration to administrator and enable user registra ...
Show More |
|||||
| CVE-2025-0796 | 1 Kevinbrent | 1 Wprequal | 2025-02-21 | N/A | 4.3 MEDIUM |
|
The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10. This is due to missing or incorrect nonce validation on the 'wprequal_reset_defaults' action. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2024-13315 | 1 Shopwarden | 1 Shopwarden | 2025-02-21 | N/A | 8.8 HIGH |
|
The Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. This is due to missing or incorrect nonce validation on the save_setting() function. This makes it possible for unauthenticated attackers to update arbitrary options and achieve privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2024-13438 | 1 Speedsize | 1 Speedsize Image \& Video Ai-optimizer | 2025-02-21 | N/A | 4.3 MEDIUM |
|
The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the 'speedsize_clear_css_cache_action' function. This makes it possible for unauthenticated attackers to clear the plugins cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2024-13523 | 1 Shenyanzhi | 1 Memorialday | 2025-02-21 | N/A | 6.1 MEDIUM |
|
The MemorialDay plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2024-13795 | 1 Lightspeedhq | 1 Ecwid Ecommerce Shopping Cart | 2025-02-21 | N/A | 4.3 MEDIUM |
|
The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwid_deactivate_feedback() function. This makes it possible for unauthenticated attackers to send deactivation messages on behalf of a site owner via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2024-13718 | 1 Wpdesk | 1 Flexible Wishlist For Woocommerce | 2025-02-21 | N/A | 4.3 MEDIUM |
|
The Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.26. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to modify/update/create other user's wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||