Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3471 | 1 Wow-company | 1 Button Generator | 2025-05-08 | N/A | N/A |
| The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack | |||||
| CVE-2024-2405 | 1 Wow-company | 1 Float Menu | 2025-05-08 | N/A | N/A |
| The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack. | |||||
| CVE-2024-12436 | 1 Marvinlabs | 1 Wp Customer Area | 2025-05-08 | N/A | N/A |
| The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | |||||
| CVE-2024-3478 | 1 Wow-company | 1 Herd Effects | 2025-05-08 | N/A | N/A |
| The Herd Effects WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks | |||||
| CVE-2024-3481 | 1 Wow-company | 1 Counter Box | 2025-05-08 | N/A | N/A |
| The Counter Box WordPress plugin before 1.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks | |||||
| CVE-2024-3476 | 1 Wow-company | 1 Side Menu Lite | 2025-05-08 | N/A | N/A |
| The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks | |||||
| CVE-2024-3475 | 1 Wow-company | 1 Sticky Buttons | 2025-05-08 | N/A | N/A |
| The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks | |||||
| CVE-2022-42199 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | N/A | 8.8 HIGH |
| Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List. | |||||
| CVE-2024-12774 | 1 Pulseextensions | 1 Altra Side Menu | 2025-05-07 | N/A | N/A |
| The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack | |||||
| CVE-2024-13057 | 1 Phycticio | 1 Dyn Business Panel | 2025-05-07 | N/A | N/A |
| The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||
| CVE-2025-23044 | 1 Pwndoc Project | 1 Pwndoc | 2025-05-07 | N/A | 8.1 HIGH |
| PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit 14acb704891245bf1703ce6296d62112e85aa995 patches the issue. | |||||
| CVE-2024-13115 | 1 Phptechie | 1 Wp Projects Portfolio With Client Testimonials | 2025-05-07 | N/A | N/A |
| The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||
| CVE-2024-3058 | 1 Enl Newsletter Plugin Project | 1 Enl-newsletter | 2025-05-07 | N/A | N/A |
| The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | |||||
| CVE-2024-1756 | 1 Vanquish | 1 Woocommerce Customers Manager | 2025-05-07 | N/A | N/A |
| The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name | |||||
| CVE-2024-11142 | 1 Proticaret | 1 Proticaret | 2025-05-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.This issue affects Proticaret E-Commerce: before v6.0 NOTE: According to the vendor, fixing process is still ongoing for v4.05. | |||||
| CVE-2025-47674 | 2025-05-07 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Credova Financial Credova_Financial allows Cross Site Request Forgery. This issue affects Credova_Financial: from n/a through 2.5.0. | |||||
| CVE-2025-47667 | 2025-05-07 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in qusupport LiveAgent allows Cross Site Request Forgery. This issue affects LiveAgent: from n/a through 4.4.7. | |||||
| CVE-2025-47551 | 2025-05-07 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ctltwp Wiki Embed allows Cross Site Request Forgery. This issue affects Wiki Embed: from n/a through 1.4.6. | |||||
| CVE-2025-47655 | 2025-05-07 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 theMarketer allows Stored XSS. This issue affects theMarketer: from n/a through 1.4.7. | |||||
| CVE-2025-47533 | 2025-05-07 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design Graphina allows PHP Local File Inclusion. This issue affects Graphina: from n/a through 3.0.4. | |||||