Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52790 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in r-win WP-DownloadCounter allows Stored XSS. This issue affects WP-DownloadCounter: from n/a through 1.01. | |||||
| CVE-2025-52792 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in vgstef WP User Stylesheet Switcher allows Stored XSS. This issue affects WP User Stylesheet Switcher: from n/a through v2.2.0. | |||||
| CVE-2025-52825 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager allows Privilege Escalation. This issue affects Real Estate Manager: from n/a through 7.3. | |||||
| CVE-2025-52789 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in George Lewe Lewe ChordPress allows Stored XSS. This issue affects Lewe ChordPress: from n/a through 3.9.7. | |||||
| CVE-2025-49968 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Oganro XML Travel Portal Widget allows Cross Site Request Forgery. This issue affects XML Travel Portal Widget: from n/a through 2.0. | |||||
| CVE-2025-49977 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory WP Inventory Manager allows Cross Site Request Forgery. This issue affects WP Inventory Manager: from n/a through 2.3.4. | |||||
| CVE-2025-52780 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Mohammad Parsa Logo Manager For Samandehi allows Stored XSS. This issue affects Logo Manager For Samandehi: from n/a through 0.5. | |||||
| CVE-2025-49975 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.4.0. | |||||
| CVE-2025-52791 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in devfelixmoira Knowledge Base – Knowledge Base Maker allows Stored XSS. This issue affects Knowledge Base – Knowledge Base Maker: from n/a through 1.1.8. | |||||
| CVE-2025-52794 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Creative-Solutions Creative Contact Form allows Stored XSS. This issue affects Creative Contact Form: from n/a through 1.0.0. | |||||
| CVE-2025-52784 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in hideoguchi Bluff Post allows Stored XSS. This issue affects Bluff Post: from n/a through 1.1.1. | |||||
| CVE-2025-52793 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Esselink.nu Esselink.nu Settings allows Reflected XSS. This issue affects Esselink.nu Settings: from n/a through 2.94. | |||||
| CVE-2025-52781 | 2025-06-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Beee TinyNav allows Stored XSS. This issue affects TinyNav: from n/a through 1.4. | |||||
| CVE-2023-6529 | 1 Rextheme | 1 Wp Vr | 2025-06-18 | N/A | 6.1 MEDIUM |
| The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities. | |||||
| CVE-2023-6532 | 1 Wp-blogs-planetarium Project | 1 Wp-blogs-planetarium | 2025-06-18 | N/A | 8.8 HIGH |
| The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2023-51949 | 1 Verydows | 1 Verydows | 2025-06-17 | N/A | 8.8 HIGH |
| Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller | |||||
| CVE-2023-7125 | 1 Peepso | 1 Peepso | 2025-06-17 | N/A | 4.3 MEDIUM |
| The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in users perform such action via a CSRF attack | |||||
| CVE-2024-32085 | 1 Ait-themes | 1 Citadela Listing | 2025-06-17 | N/A | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a before 5.20.0. | |||||
| CVE-2025-48111 | 2025-06-17 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0. | |||||
| CVE-2025-49865 | 2025-06-17 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.0.1. | |||||