Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0736 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors.
|
|||||
| CVE-2012-3343 | 1 Bloxx | 1 Web Filtering | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that trigger error pages containing XSS sequences, a different vulnerability than CVE-2012-2564.
|
|||||
| CVE-2011-5197 | 1 Public Knowledge Project | 1 Open Harvester Systems | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.
|
|||||
| CVE-2012-1580 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files.
|
|||||
| CVE-2011-1026 | 1 Apache | 1 Archiva | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
|
|||||
| CVE-2010-1648 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.
|
|||||
| CVE-2013-4911 | 1 Siemens | 1 Wincc | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.
|
|||||
| CVE-2012-4853 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure.
|
|||||
| CVE-2013-3583 | 1 Corporater | 1 Epm Suite | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in saveProperties.html in Corporater EPM Suite allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.
|
|||||
| CVE-2013-7223 | 1 Fatfreecrm | 1 Fat Free Crm | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the lack of a protect_from_forgery line in app/controllers/application_controller.rb.
|
|||||
| CVE-2013-3397 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298.
|
|||||
| CVE-2011-4452 | 1 Wikkawiki | 1 Wikkawiki | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action.
|
|||||
| CVE-2024-7574 | 1 Cyberfoxdigital | 1 Christmasify\! | 2025-04-10 | N/A | 6.1 MEDIUM |
|
The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5. This is due to missing nonce validation on the 'options' function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2024-3782 | 1 Whitebearsolutions | 1 Wbsairback | 2025-04-10 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which could allow an attacker to create a manipulated HTML form to perform privileged actions once it is executed by a privileged user.
|
|||||
| CVE-2024-25692 | 3 Esri, Linux, Microsoft | 3 Portal For Arcgis, Linux Kernel, Windows | 2025-04-10 | N/A | 5.4 MEDIUM |
|
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and Integrity vectors is limited and of low severity.
|
|||||
| CVE-2022-3911 | 1 Iubenda | 1 Iubenda-cookie-law-solution | 2025-04-10 | N/A | 8.8 HIGH |
|
The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as edit_plugins etc
|
|||||
| CVE-2024-21043 | 1 Oracle | 1 Complex Maintenance Repair And Overhaul | 2025-04-10 | N/A | 6.1 MEDIUM |
|
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Ove ...
Show More |
|||||
| CVE-2025-32659 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in fraudlabspro FraudLabs Pro for WooCommerce allows Stored XSS. This issue affects FraudLabs Pro for WooCommerce: from n/a through 2.22.7.
|
|||||
| CVE-2025-32494 | 2025-04-09 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in bozdoz reCAPTCHA Jetpack allows Cross Site Request Forgery. This issue affects reCAPTCHA Jetpack: from n/a through 0.2.2.
|
|||||
| CVE-2025-32485 | 2025-04-09 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Bjoern WP Performance Pack allows Cross Site Request Forgery. This issue affects WP Performance Pack: from n/a through 2.5.4.
|
|||||
| CVE-2025-32477 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Jordi Salord WP-Easy Menu allows Stored XSS. This issue affects WP-Easy Menu: from n/a through 0.41.
|
|||||
| CVE-2025-32617 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Ydesignservices Multiple Location Google Map allows Stored XSS. This issue affects Multiple Location Google Map: from n/a through 1.1.
|
|||||
| CVE-2025-32480 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in dalziel Windows Live Writer allows Stored XSS. This issue affects Windows Live Writer: from n/a through 0.1.
|
|||||
| CVE-2025-32559 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in REVE Chat REVE Chat allows Stored XSS. This issue affects REVE Chat: from n/a through 6.2.2.
|
|||||
| CVE-2025-32619 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in KeyCAPTCHA KeyCAPTCHA allows Stored XSS. This issue affects KeyCAPTCHA: from n/a through 2.5.1.
|
|||||
| CVE-2025-32575 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB allows Reflected XSS. This issue affects WP w3all phpBB: from n/a through 2.9.2.
|
|||||
| CVE-2025-32478 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Mario Aguiar WP SexyLightBox allows Stored XSS. This issue affects WP SexyLightBox: from n/a through 0.5.3.
|
|||||
| CVE-2025-32679 | 2025-04-09 | N/A | 5.4 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in ZealousWeb User Registration Using Contact Form 7 allows Cross Site Request Forgery. This issue affects User Registration Using Contact Form 7: from n/a through 2.2.
|
|||||
| CVE-2025-32576 | 2025-04-09 | N/A | 9.6 CRITICAL | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop allows Upload a Web Shell to a Web Server. This issue affects WP shop: from n/a through 2.6.0.
|
|||||
| CVE-2025-31005 | 2025-04-09 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Uzair Easyfonts allows Cross Site Request Forgery. This issue affects Easyfonts: from n/a through 1.1.2.
|
|||||
| CVE-2025-32661 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive US Map allows Stored XSS. This issue affects Interactive US Map: from n/a through 2.7.
|
|||||
| CVE-2025-32555 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam allows Stored XSS. This issue affects SEO, Nutrition and Print for Recipes by Edamam: from n/a through 3.3.
|
|||||
| CVE-2025-32667 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in fromdoppler Doppler Forms allows Stored XSS. This issue affects Doppler Forms: from n/a through 2.4.5.
|
|||||
| CVE-2025-31375 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp Scheduled allows Stored XSS. This issue affects Scheduled: from n/a through 1.0.
|
|||||
| CVE-2025-31034 | 2025-04-09 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in AboZain Albanna Customize Login Page allows Cross Site Request Forgery. This issue affects Customize Login Page: from n/a through 1.1.
|
|||||
| CVE-2025-31032 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Pagopar - Grupo M S.A. Pagopar – WooCommerce Gateway allows Stored XSS. This issue affects Pagopar – WooCommerce Gateway: from n/a through 2.7.1.
|
|||||
| CVE-2025-32482 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in quanganhdo Custom Smilies allows Stored XSS. This issue affects Custom Smilies: from n/a through 1.2.
|
|||||
| CVE-2025-32678 | 2025-04-09 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Show Stats allows Cross Site Request Forgery. This issue affects WP Show Stats: from n/a through 1.5.
|
|||||
| CVE-2025-31390 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in bdoga Social Crowd allows Stored XSS. This issue affects Social Crowd: from n/a through 0.9.6.1.
|
|||||
| CVE-2025-31391 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in regen Script Compressor allows Stored XSS. This issue affects Script Compressor: from n/a through 1.7.1.
|
|||||