Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39438 | 2025-04-17 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer allows Cross Site Request Forgery. This issue affects Theme Changer: from n/a through 1.3.
|
|||||
| CVE-2025-39437 | 2025-04-17 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize allows Cross Site Request Forgery. This issue affects Anthologize: from n/a through 0.8.3.
|
|||||
| CVE-2025-39430 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Alexander Rauscha mLanguage allows Stored XSS. This issue affects mLanguage: from n/a through 1.6.1.
|
|||||
| CVE-2025-39455 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in ip2location IP2Location Variables allows Reflected XSS. This issue affects IP2Location Variables: from n/a through 2.9.5.
|
|||||
| CVE-2025-39418 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in ajayver RSS Manager allows Stored XSS. This issue affects RSS Manager: from n/a through 0.06.
|
|||||
| CVE-2025-39415 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links allows Stored XSS. This issue affects Social Media Links: from n/a through 1.0.3.
|
|||||
| CVE-2025-39423 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Jenst Add to Header allows Stored XSS. This issue affects Add to Header: from n/a through 1.0.
|
|||||
| CVE-2025-39417 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Eslam Mahmoud Redirect wordpress to welcome or landing page allows Stored XSS. This issue affects Redirect wordpress to welcome or landing page: from n/a through 2.0.
|
|||||
| CVE-2025-39453 | 2025-04-17 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in algol.plus Advanced Dynamic Pricing for WooCommerce allows Cross Site Request Forgery. This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.9.3.
|
|||||
| CVE-2025-39440 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover allows Stored XSS. This issue affects Broken Links Remover: from n/a through 1.2.2.
|
|||||
| CVE-2025-32546 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP allows Reflected XSS. This issue affects All push notification for WP: from n/a through 1.5.3.
|
|||||
| CVE-2025-39424 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in simplemaps Simple Maps allows Stored XSS. This issue affects Simple Maps: from n/a through 0.98.
|
|||||
| CVE-2025-39442 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in MessageMetric Review Wave – Google Places Reviews allows Stored XSS. This issue affects Review Wave – Google Places Reviews: from n/a through 1.4.7.
|
|||||
| CVE-2025-32606 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Listings for Buildium allows Stored XSS. This issue affects Listings for Buildium: from n/a through 0.1.4.
|
|||||
| CVE-2025-39419 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in David Miller Revision Diet allows Stored XSS. This issue affects Revision Diet: from n/a through 1.0.1.
|
|||||
| CVE-2025-32655 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in DevriX Restrict User Registration allows Stored XSS. This issue affects Restrict User Registration: from n/a through 1.0.1.
|
|||||
| CVE-2023-52072 | 1 Flycms Project | 1 Flycms | 2025-04-17 | N/A | 8.8 HIGH |
|
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte.
|
|||||
| CVE-2023-42234 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | N/A | 5.4 MEDIUM |
|
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function.
|
|||||
| CVE-2022-4024 | 1 Genetechsolutions | 1 Pie Register | 2025-04-17 | N/A | 6.5 MEDIUM |
|
The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)
|
|||||
| CVE-2025-31723 | 1 Jenkins | 1 Simple Queue | 2025-04-17 | N/A | 4.3 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order.
|
|||||
| CVE-2025-1762 | 1 Vollstart | 1 Event Tickets With Ticket Scanner | 2025-04-17 | N/A | 4.3 MEDIUM |
|
The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|
|||||
| CVE-2024-55088 | 1 Getsimple-ce | 1 Getsimple Cms | 2025-04-17 | N/A | 8.8 HIGH |
|
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module.
|
|||||
| CVE-2024-27694 | 1 Flycms Project | 1 Flycms | 2025-04-16 | N/A | 7.4 HIGH |
|
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit.
|
|||||
| CVE-2025-39593 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in EverAccounting Ever Accounting allows Cross Site Request Forgery. This issue affects Ever Accounting: from n/a through 2.1.5.
|
|||||
| CVE-2025-30967 | 2025-04-16 | N/A | 9.6 CRITICAL | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a.
|
|||||
| CVE-2025-39547 | 2025-04-16 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Internal Link Optimiser allows Stored XSS. This issue affects Internal Link Optimiser: from n/a through 5.1.3.
|
|||||
| CVE-2025-39546 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in quomodosoft ElementsReady Addons for Elementor allows Cross Site Request Forgery. This issue affects ElementsReady Addons for Elementor: from n/a through 6.6.2.
|
|||||
| CVE-2025-39600 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for WooCommerce and QuickBooks allows Cross Site Request Forgery. This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.3.1.
|
|||||
| CVE-2025-39512 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Yuya Hoshino Bulk Term Editor allows Cross Site Request Forgery. This issue affects Bulk Term Editor: from n/a through 1.1.4.
|
|||||
| CVE-2025-39564 | 2025-04-16 | N/A | 6.5 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Shipping for WooCommerce allows Cross Site Request Forgery. This issue affects Conditional Shipping for WooCommerce: from n/a through 3.4.0.
|
|||||
| CVE-2025-39548 | 2025-04-16 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Right Click Disable OR Ban allows Stored XSS. This issue affects Right Click Disable OR Ban: from n/a through 1.1.17.
|
|||||
| CVE-2025-26903 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery allows Cross Site Request Forgery. This issue affects InPost Gallery: from n/a through 2.1.4.3.
|
|||||
| CVE-2025-39563 | 2025-04-16 | N/A | 6.5 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Payments for WooCommerce allows Cross Site Request Forgery. This issue affects Conditional Payments for WooCommerce: from n/a through 3.3.0.
|
|||||
| CVE-2025-39530 | 2025-04-16 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in dsky Site Search 360 allows Stored XSS. This issue affects Site Search 360: from n/a through 2.1.7.
|
|||||
| CVE-2025-39601 | 2025-04-16 | N/A | 9.6 CRITICAL | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote Code Inclusion. This issue affects Custom CSS, JS & PHP: from n/a through 2.4.1.
|
|||||
| CVE-2025-26748 | 2025-04-16 | N/A | 8.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Arkhe allows PHP Local File Inclusion. This issue affects Arkhe: from n/a through 3.11.0.
|
|||||
| CVE-2025-39517 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Basic Interactive World Map allows Cross Site Request Forgery. This issue affects Basic Interactive World Map: from n/a through 2.7.
|
|||||
| CVE-2025-39544 | 2025-04-16 | N/A | 7.4 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi WP Tools allows Path Traversal. This issue affects WP Tools: from n/a through 5.18.
|
|||||
| CVE-2023-51525 | 1 Wpsimplebookingcalendar | 1 Wp Simple Booking Calendar | 2025-04-15 | N/A | 5.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg WP Simple Booking Calendar.This issue affects WP Simple Booking Calendar: from n/a through 2.0.8.4.
|
|||||
| CVE-2024-30482 | 1 B-website | 1 Simple Revisions Delete | 2025-04-15 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Brice CAPOBIANCO Simple Revisions Delete.This issue affects Simple Revisions Delete: from n/a through 1.5.3.
|
|||||