Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3823 | 1 Mranderson | 1 Base64 Encoderdecoder | 2025-05-15 | N/A | N/A |
| The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | |||||
| CVE-2024-3824 | 1 Mranderson | 1 Base64 Encoderdecoder | 2025-05-15 | N/A | N/A |
| The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack | |||||
| CVE-2025-4282 | 1 Oretnom23 | 1 Stock Management System | 2025-05-14 | N/A | 8.8 HIGH |
| A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-50930 | 1 Savignano | 1 S-notify | 2025-05-14 | N/A | 7.1 HIGH |
| An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Jira, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be. | |||||
| CVE-2024-10892 | 1 Stylemixthemes | 1 Cost Calculator Builder | 2025-05-14 | N/A | N/A |
| The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. | |||||
| CVE-2025-2907 | 1 Tychesoftwares | 1 Order Delivery Date Pro For Woocommerce | 2025-05-14 | N/A | N/A |
| The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modify the default_user_role to administrator and users_can_register, allowing them to register as an administrator of the site for complete site takeover. | |||||
| CVE-2024-3582 | 1 Mmond | 1 Ungallery | 2025-05-14 | N/A | N/A |
| The UnGallery WordPress plugin through 2.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | |||||
| CVE-2024-3590 | 1 Themeqx | 1 Letterpress | 2025-05-14 | N/A | N/A |
| The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers | |||||
| CVE-2024-3903 | 1 Technologicx | 1 Add Custom Css And Js | 2025-05-14 | N/A | N/A |
| The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack | |||||
| CVE-2024-11607 | 1 Harryhe | 1 Gtpayment Donations | 2025-05-14 | N/A | N/A |
| The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||
| CVE-2022-42070 | 1 Oretnom23 | 1 Online Birth Certificate Management System | 2025-05-14 | N/A | 8.8 HIGH |
| Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF). | |||||
| CVE-2021-33338 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 5.1 MEDIUM | 7.5 HIGH |
| The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, exposes the CSRF token in URLs, which allows man-in-the-middle attackers to obtain the token and conduct Cross-Site Request Forgery (CSRF) attacks via the p_auth parameter. | |||||
| CVE-2024-5028 | 1 Cminds | 1 Cm Search And Replace | 2025-05-13 | N/A | N/A |
| The CM WordPress Search And Replace Plugin WordPress plugin before 1.3.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | |||||
| CVE-2024-5167 | 1 Cminds | 1 Cm E-mail Blacklist | 2025-05-13 | N/A | N/A |
| The CM Email Registration Blacklist and Whitelist WordPress plugin before 1.4.9 does not have CSRF check when adding or deleting an item from the blacklist or whitelist, which could allow attackers to make a logged in admin add or delete settings from the blacklist or whitelist menu via a CSRF attack | |||||
| CVE-2022-3082 | 1 Miniorange | 1 Discord Integration | 2025-05-13 | N/A | 6.5 MEDIUM |
| The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example | |||||
| CVE-2024-23510 | 1 Martynchamberlin | 1 Dont Muck My Markup | 2025-05-13 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Martyn Chamberlin Don't Muck My Markup.This issue affects Don't Muck My Markup: from n/a through 1.8. | |||||
| CVE-2024-3965 | 1 Projectcaruso | 1 Pray For Me | 2025-05-13 | N/A | N/A |
| The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2024-3993 | 1 Wp-master | 1 Azan | 2025-05-13 | N/A | N/A |
| The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | |||||
| CVE-2024-4480 | 1 Goprayer | 1 Prayer | 2025-05-13 | N/A | N/A |
| The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2024-2262 | 1 Themify | 1 Woocommerce Product Filter | 2025-05-13 | N/A | N/A |
| Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs | |||||