Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22715 | 1 Codelyfe | 1 Stupid Simple Cms | 2025-06-20 | N/A | 8.8 HIGH |
| Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php. | |||||
| CVE-2023-51813 | 1 Free And Open Source Inventory Management System Project | 1 Free And Open Source Inventory Management System | 2025-06-20 | N/A | 6.5 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in Free Open-Source Inventory Management System v.1.0 allows a remote attacker to execute arbitrary code via the staff_list parameter in the index.php component. | |||||
| CVE-2023-6390 | 1 Jonathonkemp | 1 Wordpress Users | 2025-06-20 | N/A | 8.8 HIGH |
| The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | |||||
| CVE-2024-24470 | 1 Flusity | 1 Flusity | 2025-06-20 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component. | |||||
| CVE-2024-22568 | 1 Flycms Project | 1 Flycms | 2025-06-20 | N/A | 8.8 HIGH |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del. | |||||
| CVE-2023-6625 | 1 Gravitymaster | 1 Product Enquiry For Woocommerce | 2025-06-20 | N/A | 4.3 MEDIUM |
| The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack | |||||
| CVE-2024-22591 | 1 Flycms Project | 1 Flycms | 2025-06-20 | N/A | 8.8 HIGH |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save. | |||||
| CVE-2024-22601 | 1 Flycms Project | 1 Flycms | 2025-06-20 | N/A | 8.8 HIGH |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save | |||||
| CVE-2023-0824 | 1 Wpuserplus | 1 Userplus | 2025-06-20 | N/A | 6.5 MEDIUM |
| The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. | |||||
| CVE-2025-5033 | 1 Teacms Project | 1 Teacms | 2025-06-20 | N/A | N/A |
| A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-49965 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Oganro PixelBeds Channel Manager and Hotel Booking Engine allows Cross Site Request Forgery. This issue affects PixelBeds Channel Manager and Hotel Booking Engine: from n/a through 1.0. | |||||
| CVE-2025-49964 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in indgeek ClipLink allows Cross Site Request Forgery. This issue affects ClipLink: from n/a through 1.1. | |||||
| CVE-2025-52783 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in themelocation Change Cart button Colors WooCommerce allows Stored XSS. This issue affects Change Cart button Colors WooCommerce: from n/a through 1.0. | |||||
| CVE-2025-49972 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in David Wood TM Replace Howdy allows Cross Site Request Forgery. This issue affects TM Replace Howdy: from n/a through 1.4.2. | |||||
| CVE-2025-49967 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in marcusjansen Live Sports Streamthunder allows Cross Site Request Forgery. This issue affects Live Sports Streamthunder: from n/a through 2.1. | |||||
| CVE-2025-49966 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API allows Cross Site Request Forgery. This issue affects Oganro Travel Portal Search Widget for HotelBeds APITUDE API: from n/a through 1.0. | |||||
| CVE-2025-52795 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in aharonyan WP Front User Submit / Front Editor allows Cross Site Request Forgery. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.4. | |||||
| CVE-2025-52772 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Adnan Haque (a11n) Virtual Moderator allows Cross-Site Scripting (XSS). This issue affects Virtual Moderator: from n/a through 1.4. | |||||
| CVE-2025-50036 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Yamna Khawaja Mailing Group Listserv allows Cross Site Request Forgery. This issue affects Mailing Group Listserv: from n/a through 3.0.5. | |||||
| CVE-2025-50044 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager allows Cross Site Request Forgery. This issue affects Real Estate Manager: from n/a through 7.3. | |||||