Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-60111 | 2025-09-26 | N/A | 8.8 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in javothemes Javo Core allows Authentication Bypass. This issue affects Javo Core: from n/a through 3.0.0.266.
|
|||||
| CVE-2025-60171 | 2025-09-26 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com allows Stored XSS. This issue affects Conditional Cart Messages for WooCommerce – YourPlugins.com: from n/a through 1.2.10.
|
|||||
| CVE-2025-58914 | 2025-09-26 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Di Themes Di Themes Demo Site Importer allows Cross Site Request Forgery. This issue affects Di Themes Demo Site Importer: from n/a through 1.2.
|
|||||
| CVE-2025-10377 | 2025-09-26 | N/A | 4.3 MEDIUM | ||
|
The System Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.20. This is due to missing nonce validation on the sd_toggle_logs() function. This makes it possible for unauthenticated attackers to toggle critical logging settings including Page Access Logs, Error Logs, and Email Delivery Logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2025-60113 | 2025-09-26 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in grooni Groovy Menu allows Cross Site Request Forgery. This issue affects Groovy Menu: from n/a through 1.4.3.
|
|||||
| CVE-2025-60164 | 2025-09-26 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN NewsmanApp allows Stored XSS. This issue affects NewsmanApp: from n/a through 2.7.7.
|
|||||
| CVE-2025-60115 | 2025-09-26 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in instapagedev Instapage Plugin allows Cross Site Request Forgery. This issue affects Instapage Plugin: from n/a through 3.5.12.
|
|||||
| CVE-2025-60172 | 2025-09-26 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in flytedesk Flytedesk Digital allows Stored XSS. This issue affects Flytedesk Digital: from n/a through 20181101.
|
|||||
| CVE-2025-60170 | 2025-09-26 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Taraprasad Swain HTACCESS IP Blocker allows Stored XSS. This issue affects HTACCESS IP Blocker: from n/a through 1.0.
|
|||||
| CVE-2025-8711 | 1 Ivanti | 4 Connect Secure, Neurons For Secure Access, Policy Secure and 1 more | 2025-09-24 | N/A | 5.4 MEDIUM |
|
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute limited actions on behalf of the victim user. User interaction is required.
|
|||||
| CVE-2025-55147 | 1 Ivanti | 4 Connect Secure, Neurons For Secure Access, Policy Secure and 1 more | 2025-09-24 | N/A | 8.8 HIGH |
|
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute sensitive actions on behalf of the victim user. User interaction is required
|
|||||
| CVE-2022-2355 | 1 Easy Username Updater Project | 1 Easy Username Updater | 2025-09-24 | N/A | 6.5 MEDIUM |
|
The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin
|
|||||
| CVE-2024-41795 | 1 Siemens | 2 7kt Pac1260 Data Manager, 7kt Pac1260 Data Manager Firmware | 2025-09-23 | N/A | 6.5 MEDIUM |
|
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device administrator to click on a malicious link.
|
|||||
| CVE-2025-9949 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
|
The Internal Links Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the link deletion functionality in the process_bulk_action() function. This makes it possible for unauthenticated attackers to delete SEO links via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2025-9883 | 2025-09-22 | N/A | 6.1 MEDIUM | ||
|
The Browser Sniff plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2025-9887 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
|
The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in the /frndzk_adminclsw.php file. This makes it possible for unauthenticated attackers to change the email and username settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2025-9882 | 2025-09-22 | N/A | 6.1 MEDIUM | ||
|
The osTicket WP Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2025-53451 | 2025-09-22 | N/A | 5.4 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in mihdan Mihdan: No External Links allows Cross Site Request Forgery. This issue affects Mihdan: No External Links: from n/a through 5.1.4.
|
|||||
| CVE-2025-57927 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Dashboard Notepad allows Cross Site Request Forgery. This issue affects Dashboard Notepad: from n/a through 1.42.
|
|||||
| CVE-2025-57946 | 2025-09-22 | N/A | 5.4 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Loc Bui payOS allows Cross Site Request Forgery. This issue affects payOS: from n/a through 1.0.61.
|
|||||
| CVE-2025-57915 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in César Martín TOCHAT.BE allows Cross Site Request Forgery. This issue affects TOCHAT.BE: from n/a through 1.3.4.
|
|||||
| CVE-2025-57934 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Aurélien LWS LWS Affiliation allows Cross Site Request Forgery. This issue affects LWS Affiliation: from n/a through 2.3.6.
|
|||||
| CVE-2025-57905 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Amin Y AgreeMe Checkboxes For WooCommerce allows Cross Site Request Forgery. This issue affects AgreeMe Checkboxes For WooCommerce: from n/a through 1.1.3.
|
|||||
| CVE-2025-57978 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in themespride Advanced Appointment Booking & Scheduling allows Cross Site Request Forgery. This issue affects Advanced Appointment Booking & Scheduling: from n/a through 1.9.
|
|||||
| CVE-2025-57977 | 2025-09-22 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible PDF Invoices for WooCommerce & WordPress allows Cross Site Request Forgery. This issue affects Flexible PDF Invoices for WooCommerce & WordPress: from n/a through 6.0.13.
|
|||||
| CVE-2025-57930 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in kanwei_doublethedonation Double the Donation allows Cross Site Request Forgery. This issue affects Double the Donation: from n/a through 2.0.0.
|
|||||
| CVE-2025-57902 | 2025-09-22 | N/A | 6.5 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Md Taufiqur Rahman RIS Version Switcher – Downgrade or Upgrade WP Versions Easily allows Cross Site Request Forgery. This issue affects RIS Version Switcher – Downgrade or Upgrade WP Versions Easily: from n/a through 1.0.
|
|||||
| CVE-2025-57918 | 2025-09-22 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in ERA404 LinkedInclude allows Stored XSS. This issue affects LinkedInclude: from n/a through 3.0.4.
|
|||||
| CVE-2025-57914 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Matat Technologies Deliver via Shipos for WooCommerce allows Cross Site Request Forgery. This issue affects Deliver via Shipos for WooCommerce: from n/a through 3.0.2.
|
|||||
| CVE-2025-53456 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in activewebsight SEO Backlink Monitor allows Cross Site Request Forgery. This issue affects SEO Backlink Monitor: from n/a through 1.6.0.
|
|||||
| CVE-2025-57933 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in piotnetdotcom Piotnet Forms allows Cross Site Request Forgery. This issue affects Piotnet Forms: from n/a through 1.0.30.
|
|||||
| CVE-2025-57983 | 2025-09-22 | N/A | 6.5 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Damian BP Disable Activation Reloaded allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects BP Disable Activation Reloaded: from n/a through 1.2.1.
|
|||||
| CVE-2025-57960 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in TravelMap Travel Map allows Cross Site Request Forgery. This issue affects Travel Map: from n/a through 1.0.3.
|
|||||
| CVE-2025-57942 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 9.0.
|
|||||
| CVE-2025-57924 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6.
|
|||||
| CVE-2025-58224 | 2025-09-22 | N/A | 5.4 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Printeers Printeers Print & Ship allows Cross Site Request Forgery. This issue affects Printeers Print & Ship: from n/a through 1.17.0.
|
|||||
| CVE-2025-59572 | 2025-09-22 | N/A | 8.8 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core allows Cross Site Request Forgery. This issue affects WorkScout-Core: from n/a through n/a.
|
|||||
| CVE-2025-58010 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in straightvisions GmbH SV Proven Expert allows Cross Site Request Forgery. This issue affects SV Proven Expert: from n/a through 2.0.06.
|
|||||
| CVE-2025-58200 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Bage Flexible FAQ allows Cross Site Request Forgery. This issue affects Flexible FAQ: from n/a through 0.2.
|
|||||
| CVE-2025-58032 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Bytes.co WP Compiler allows Cross Site Request Forgery. This issue affects WP Compiler: from n/a through 1.0.0.
|
|||||