Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11373 | 1 Floriansimunek | 1 Connexion Logs | 2025-06-09 | N/A | N/A |
| The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2024-11719 | 1 Couleurcitron | 1 Tarteaucitron-wp | 2025-06-09 | N/A | N/A |
| The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||
| CVE-2024-12301 | 1 Joomlaserviceprovider | 1 Jsp Store Locator | 2025-06-09 | N/A | N/A |
| The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. | |||||
| CVE-2024-12282 | 1 Smyx | 1 Wp-connect | 2025-06-09 | N/A | N/A |
| The WordPress???? WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||
| CVE-2023-7297 | 1 Reneade | 1 Twitterposts | 2025-06-09 | N/A | N/A |
| The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2025-5888 | 2025-06-09 | N/A | 4.3 MEDIUM | ||
| A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-10634 | 1 Nokautpl | 1 Nokaut Offers Box | 2025-06-09 | N/A | N/A |
| The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack | |||||
| CVE-2025-47543 | 1 Themetechmount | 1 Truebooker | 2025-06-09 | N/A | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker allows Cross Site Request Forgery. This issue affects TrueBooker: from n/a through 1.0.7. | |||||
| CVE-2025-47542 | 1 Migaweb | 1 Simple Calendar For Elementor | 2025-06-09 | N/A | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.5. | |||||
| CVE-2025-47517 | 1 Wpplugin | 1 Accept Donations With Paypal | 2025-06-09 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Accept Donations with PayPal allows Stored XSS. This issue affects Accept Donations with PayPal: from n/a through 1.4.5. | |||||
| CVE-2025-5885 | 2025-06-09 | N/A | 4.3 MEDIUM | ||
| A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5521 | 1 5kcrm | 1 Wukongcrm | 2025-06-09 | N/A | 8.8 HIGH |
| A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-48146 | 1 Lupsonline | 1 Seo Flow | 2025-06-06 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Lups SEO Flow by LupsOnline allows Stored XSS. This issue affects SEO Flow by LupsOnline: from n/a through 2.2.0. | |||||
| CVE-2024-5155 | 1 Ravster | 1 Inquiry Cart | 2025-06-06 | N/A | N/A |
| The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | |||||
| CVE-2025-49237 | 2025-06-06 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in POEditor POEditor allows Path Traversal. This issue affects POEditor: from n/a through 0.9.10. | |||||
| CVE-2025-26593 | 2025-06-06 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook allows Cross Site Request Forgery. This issue affects FastBook: from n/a through 1.1. | |||||
| CVE-2025-30968 | 2025-06-06 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in jokerbr313 Advanced Post List allows Cross Site Request Forgery. This issue affects Advanced Post List: from n/a through 0.5.6.2. | |||||
| CVE-2025-29005 | 2025-06-06 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in weblizar HR Management Lite allows Cross Site Request Forgery. This issue affects HR Management Lite: from n/a through 3.3. | |||||
| CVE-2025-30980 | 2025-06-06 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link allows Cross Site Request Forgery. This issue affects Simple Keyword to Link: from n/a through 1.5. | |||||
| CVE-2025-27359 | 2025-06-06 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager allows Cross Site Request Forgery. This issue affects WP Media File Type Manager: from n/a through 2.3.0. | |||||