Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32484 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WP-Planification allows Stored XSS. This issue affects WP-Planification: from n/a through 2.3.1.
|
|||||
| CVE-2025-32645 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Hiren Patel Custom Posts Order allows Stored XSS. This issue affects Custom Posts Order: from n/a through 4.4.
|
|||||
| CVE-2025-32502 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in lemmentwickler ePaper Lister for Yumpu allows Stored XSS. This issue affects ePaper Lister for Yumpu: from n/a through 1.4.0.
|
|||||
| CVE-2025-31392 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Shameem Reza Smart Product Gallery Slider allows Cross Site Request Forgery. This issue affects Smart Product Gallery Slider: from n/a through 1.0.4.
|
|||||
| CVE-2025-25056 | 2025-04-09 | N/A | 4.3 MEDIUM | ||
|
Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while logged in, unintended operations may be performed.
|
|||||
| CVE-2025-31402 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in NewsBoard Plugin NewsBoard Post and RSS Scroller allows Stored XSS. This issue affects NewsBoard Post and RSS Scroller: from n/a through 1.2.12.
|
|||||
| CVE-2025-32481 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in ninotheme Nino Social Connect allows Stored XSS. This issue affects Nino Social Connect: from n/a through 2.0.
|
|||||
| CVE-2022-4102 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-04-09 | N/A | 3.1 LOW |
|
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug.
|
|||||
| CVE-2024-53472 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 8.8 HIGH |
|
WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery (CSRF).
|
|||||
| CVE-2024-35550 | 1 Idccms | 1 Idccms | 2025-04-09 | N/A | 6.3 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=rev.
|
|||||
| CVE-2024-35551 | 1 Idccms | 1 Idccms | 2025-04-09 | N/A | 4.3 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add.
|
|||||
| CVE-2024-35552 | 1 Idccms | 1 Idccms | 2025-04-09 | N/A | 8.8 HIGH |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN.
|
|||||
| CVE-2024-35553 | 1 Idccms | 1 Idccms | 2025-04-09 | N/A | 8.3 HIGH |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=add&nohrefStr=close.
|
|||||
| CVE-2024-35554 | 1 Idccms | 1 Idccms | 2025-04-09 | N/A | 5.4 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN.
|
|||||
| CVE-2024-35555 | 1 Idccms | 1 Idccms | 2025-04-09 | N/A | 6.3 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=newsWeb&fieldName=state&fieldName2=state&tabName=infoWeb&dataID=40.
|
|||||
| CVE-2024-35556 | 1 Idccms | 1 Idccms | 2025-04-09 | N/A | 8.8 HIGH |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet.
|
|||||
| CVE-2024-35557 | 1 Idccms | 1 Idccms | 2025-04-09 | N/A | 5.5 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close.
|
|||||
| CVE-2024-35558 | 1 Idccms | 1 Idccms | 2025-04-09 | N/A | 8.8 HIGH |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=rev&nohrefStr=close.
|
|||||
| CVE-2024-35559 | 1 Idccms | 1 Idccms | 2025-04-09 | N/A | 8.8 HIGH |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=rev&nohrefStr=close.
|
|||||
| CVE-2024-35560 | 1 Idccms | 1 Idccms | 2025-04-09 | N/A | 4.3 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCN.
|
|||||
| CVE-2024-35561 | 1 Idccms | 1 Idccms | 2025-04-09 | N/A | 5.4 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=add&nohrefStr=close.
|
|||||
| CVE-2025-32280 | 1 Wedevs | 1 Wp Project Manager | 2025-04-09 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager allows Cross Site Request Forgery. This issue affects WP Project Manager: from n/a through 2.6.22.
|
|||||
| CVE-2024-30458 | 1 Pluginus | 1 Fox - Currency Switcher Professional For Woocommerce | 2025-04-09 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS – WooCommerce Currency Switcher.This issue affects WOOCS – WooCommerce Currency Switcher: from n/a through 1.4.1.7.
|
|||||
| CVE-2024-30456 | 1 Pluginus | 1 Wordpress Currency Switcher | 2025-04-09 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WPCS.This issue affects WPCS: from n/a through 1.2.0.1.
|
|||||
| CVE-2024-1325 | 1 Delabon | 1 Woomotiv | 2025-04-09 | N/A | 4.3 MEDIUM |
|
The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.3. This is due to missing or incorrect nonce validation on the 'ajax_cancel_review' function. This makes it possible for unauthenticated attackers to reset the site's review count via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2022-4103 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-04-09 | N/A | 4.3 MEDIUM |
|
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any post type) with an arbitrary title
|
|||||
| CVE-2025-28856 | 1 W3counter | 1 W3counter | 2025-04-09 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in dangrossman W3Counter Free Real-Time Web Stats allows Cross Site Request Forgery. This issue affects W3Counter Free Real-Time Web Stats: from n/a through 4.1.
|
|||||
| CVE-2025-28876 | 1 Skrill | 1 Skrill | 2025-04-09 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Skrill_Team Skrill Official allows Cross Site Request Forgery. This issue affects Skrill Official: from n/a through 1.0.65.
|
|||||
| CVE-2009-1036 | 1 Drupal | 2 Drupal, Plus1 | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI.
|
|||||
| CVE-2009-0486 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 7.5 HIGH | N/A |
|
Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
|
|||||
| CVE-2008-0508 | 1 Wordpress | 1 Permalinks Migration Plugin | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting.
|
|||||
| CVE-2007-1489 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6 allows remote attackers to obtain admin access by modifying cookies and performing "certain consecutive actions," possibly due to a cross-site request forgery (CSRF) vulnerability.
|
|||||
| CVE-2007-5828 | 1 Django Project | 1 Django | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module
|
|||||
| CVE-2008-0575 | 1 Webspell | 1 Webspell | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in admin/admincenter.php in webSPELL 4.01.02 allows remote attackers to assign the superadmin privilege level to arbitrary accounts as administrators via an "update member" action.
|
|||||
| CVE-2009-0483 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi.
|
|||||
| CVE-2009-1455 | 1 Andrew Simpson | 1 Webcollab | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in WebCollab before 2.50 (aka Billy Goat) allow remote attackers to hijack the authentication of administrators for requests that change an arbitrary password or have other unspecified impact.
|
|||||
| CVE-2008-1654 | 1 Adobe | 1 Flash Player | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.
|
|||||
| CVE-2008-1981 | 1 E-publish Project | 1 E-publish | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors.
|
|||||
| CVE-2007-5575 | 1 Treble Designs | 1 1024 Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 allows remote attackers to perform some actions as administrators, as demonstrated by (1) an unspecified action that creates a file containing PHP code and (2) unspecified use of the forum component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-5572 | 1 Sphpblog | 1 Sphpblog | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Blog (SPHPBlog) 0.4.9 allow remote attackers to perform delete actions as administrators via (1) the block_id parameter to add_block.php or (2) the link_id parameter to add_link.php.
|
|||||