Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24546 | 1 Rstheme | 1 Ultimate Coming Soon \& Maintenance | 2025-06-09 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9.
|
|||||
| CVE-2025-24543 | 1 Rstheme | 1 Ultimate Coming Soon \& Maintenance | 2025-06-09 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9.
|
|||||
| CVE-2024-12750 | 1 Raiserweb | 1 Competition Form | 2025-06-09 | N/A | 4.3 MEDIUM |
|
The Competition Form WordPress plugin through 2.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|
|||||
| CVE-2025-24715 | 1 Wow-company | 1 Counter Box | 2025-06-09 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Counter Box allows Cross Site Request Forgery. This issue affects Counter Box: from n/a through 2.0.5.
|
|||||
| CVE-2025-24698 | 1 G5plus | 1 Essential Real Estate | 2025-06-09 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in G5Theme Essential Real Estate allows Cross Site Request Forgery. This issue affects Essential Real Estate: from n/a through 5.1.8.
|
|||||
| CVE-2024-11373 | 1 Floriansimunek | 1 Connexion Logs | 2025-06-09 | N/A | 4.3 MEDIUM |
|
The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|
|||||
| CVE-2024-11719 | 1 Couleurcitron | 1 Tarteaucitron-wp | 2025-06-09 | N/A | 6.1 MEDIUM |
|
The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
|
|||||
| CVE-2024-12301 | 1 Joomlaserviceprovider | 1 Jsp Store Locator | 2025-06-09 | N/A | 6.5 MEDIUM |
|
The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.
|
|||||
| CVE-2024-12282 | 1 Smyx | 1 Wp-connect | 2025-06-09 | N/A | 6.1 MEDIUM |
|
The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
|
|||||
| CVE-2024-10634 | 1 Nokautpl | 1 Nokaut Offers Box | 2025-06-09 | N/A | 4.3 MEDIUM |
|
The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack
|
|||||
| CVE-2025-47543 | 1 Themetechmount | 1 Truebooker | 2025-06-09 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker allows Cross Site Request Forgery. This issue affects TrueBooker: from n/a through 1.0.7.
|
|||||
| CVE-2025-47542 | 1 Migaweb | 1 Simple Calendar For Elementor | 2025-06-09 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.5.
|
|||||
| CVE-2025-47517 | 1 Wpplugin | 1 Accept Donations With Paypal | 2025-06-09 | N/A | 7.1 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Accept Donations with PayPal allows Stored XSS. This issue affects Accept Donations with PayPal: from n/a through 1.4.5.
|
|||||
| CVE-2025-5521 | 1 5kcrm | 1 Wukongcrm | 2025-06-09 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-48146 | 1 Lupsonline | 1 Seo Flow | 2025-06-06 | N/A | 7.1 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in Michael Lups SEO Flow by LupsOnline allows Stored XSS. This issue affects SEO Flow by LupsOnline: from n/a through 2.2.0.
|
|||||
| CVE-2024-5155 | 1 Ravster | 1 Inquiry Cart | 2025-06-06 | N/A | 6.1 MEDIUM |
|
The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
|
|||||
| CVE-2024-50858 | 1 Gestioip | 1 Gestioip | 2025-06-06 | N/A | 8.8 HIGH |
|
Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration.
|
|||||
| CVE-2024-28158 | 1 Jenkins | 1 Subversion Partial Release Manager | 2025-06-06 | N/A | 4.3 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build.
|
|||||
| CVE-2025-24398 | 1 Jenkins | 1 Bitbucket Server Integration | 2025-06-06 | N/A | 8.8 HIGH |
|
Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
|
|||||
| CVE-2025-5019 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
|
The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the hs_update_ai_chat_settings() function. This makes it possible for unauthenticated attackers to reconfigure the plugin’s AI/chat settings (including API keys) and to potentially redirect notifications or leak data to attacker-controlled endpoint ...
Show More |
|||||
| CVE-2025-36513 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd.. If a user views a crafted page while logged in to the affected product, unintended operations may be performed.
|
|||||
| CVE-2025-2935 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
|
The Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.7. This is due to missing or incorrect nonce validation in the 'ss_option_maint.php' and 'ss_user_filter_list' files. This makes it possible for unauthenticated attackers to delete pending comments, and re-enable a previously blocked user via a forged request granted they can trick a site administrator into performing an ac ...
Show More |
|||||
| CVE-2025-30632 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in pozzad Global Translator allows Cross Site Request Forgery. This issue affects Global Translator: from n/a through 2.0.2.
|
|||||
| CVE-2025-26593 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook allows Cross Site Request Forgery. This issue affects FastBook: from n/a through 1.1.
|
|||||
| CVE-2025-28958 | 2025-06-06 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Vadim Bogaiskov Bg Orthodox Calendar allows Stored XSS. This issue affects Bg Orthodox Calendar: from n/a through 0.13.10.
|
|||||
| CVE-2025-27360 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar allows Cross Site Request Forgery. This issue affects Quick Event Calendar: from n/a through 1.4.9.
|
|||||
| CVE-2025-49239 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce allows Cross Site Request Forgery. This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 5.5.0.
|
|||||
| CVE-2025-28966 | 2025-06-06 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive allows Stored XSS. This issue affects Recent Posts Slider Responsive: from n/a through 1.0.1.
|
|||||
| CVE-2025-49317 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in NTC WP Page Loading allows Cross Site Request Forgery. This issue affects WP Page Loading: from n/a through 1.0.6.
|
|||||
| CVE-2025-49446 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in minhlaobao Admin Notes allows Cross Site Request Forgery. This issue affects Admin Notes: from n/a through 1.1.
|
|||||
| CVE-2025-28964 | 2025-06-06 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon allows Stored XSS. This issue affects Personal Favicon: from n/a through 2.0.
|
|||||
| CVE-2025-49286 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in WP Table Builder WP Table Builder allows Cross Site Request Forgery. This issue affects WP Table Builder: from n/a through 2.0.6.
|
|||||
| CVE-2025-30994 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Emraan Cheema CubeWP – All-in-One Dynamic Content Framework allows Cross Site Request Forgery. This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.23.
|
|||||
| CVE-2025-30986 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in _CreativeMedia_ Elite Video Player allows Cross Site Request Forgery. This issue affects Elite Video Player: from n/a through 10.0.5.
|
|||||
| CVE-2025-30629 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Codehaveli Bitly URL Shortener allows Cross Site Request Forgery. This issue affects Bitly URL Shortener: from n/a through 1.3.3.
|
|||||
| CVE-2025-49284 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Maintenance Mode & Site Under Construction allows Cross Site Request Forgery. This issue affects WP Maintenance Mode & Site Under Construction: from n/a through 4.3.
|
|||||
| CVE-2025-30981 | 2025-06-06 | N/A | 6.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in tggfref WP-Recall allows Privilege Escalation. This issue affects WP-Recall: from n/a through 16.26.14.
|
|||||
| CVE-2025-28986 | 2025-06-06 | N/A | 8.2 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwin Plugin allows SQL Injection. This issue affects Epicwin Plugin: from n/a through 1.5.
|
|||||
| CVE-2025-28948 | 2025-06-06 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in codedraft Mediabay - WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4.
|
|||||
| CVE-2025-28974 | 2025-06-06 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP allows Stored XSS. This issue affects Free WP Mail SMTP: from n/a through 1.0.
|
|||||