Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54674 | 2025-08-14 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce allows Cross Site Request Forgery. This issue affects Product Configurator for WooCommerce: from n/a through 1.4.4. | |||||
| CVE-2025-8491 | 2025-08-13 | N/A | 4.3 MEDIUM | ||
| The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsc_eprm_save_menu() function. This makes it possible for unauthenticated attackers to upload a menu file via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-8891 | 2025-08-13 | N/A | 4.3 MEDIUM | ||
| The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwp_notice_button_click() function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-3150 | 1 Itning | 1 Student-homework-management-system | 2025-08-13 | N/A | 4.3 MEDIUM |
| A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected. | |||||
| CVE-2024-12279 | 1 Wp Social Autoconnect Project | 1 Wp Social Autoconnect | 2025-08-12 | N/A | 6.1 MEDIUM |
| The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-13518 | 1 Simplepress | 1 Simplepress | 2025-08-12 | N/A | 4.3 MEDIUM |
| The Simple:Press Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.10.11. This is due to missing or incorrect nonce validation on the 'sp_save_edited_post' function. This makes it possible for unauthenticated attackers to modify a forum post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-31482 | 1 Freshrss | 1 Freshrss | 2025-08-12 | N/A | N/A |
| FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue. | |||||
| CVE-2024-4994 | 1 Gitlab | 1 Gitlab | 2025-08-12 | N/A | N/A |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL mutations. | |||||
| CVE-2025-1320 | 1 Mtrv | 1 Teachpress | 2025-08-11 | N/A | 4.3 MEDIUM |
| The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers to delete imports via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-26902 | 1 Brizy | 1 Brizy | 2025-08-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Brizy Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro: from n/a through 2.6.1. | |||||
| CVE-2024-1211 | 1 Gitlab | 1 Gitlab | 2025-08-05 | N/A | 8.8 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider. | |||||
| CVE-2025-1473 | 1 Lfprojects | 1 Mlflow | 2025-08-05 | N/A | 7.1 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user. | |||||
| CVE-2024-1879 | 1 Agpt | 1 Autogpt Classic | 2025-08-05 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the lack of protections on the API endpoint receiving instructions, enabling an attacker to direct a user running AutoGPT in their local network to a malicious website. This site can then send crafted requests to the AutoGPT server, leading to command execution. The issue is exacerbated by CORS being enabled for arbitrary origins by default, allowing the attacker to read the response of all cross-site queries. This vulnerability was addressed in version 5.1. | |||||
| CVE-2025-8505 | 2025-08-04 | N/A | 4.3 MEDIUM | ||
| A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | |||||
| CVE-2024-1592 | 1 Really-simple-plugins | 1 Complianz | 2025-08-01 | N/A | 4.3 MEDIUM |
| The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the process_delete function in class-DNSMPD.php. This makes it possible for unauthenticated attackers to delete GDPR data requests via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-1506 | 1 Wpmet | 1 Wp Social Login And Register Social Counter | 2025-08-01 | N/A | 4.3 MEDIUM |
| The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.0. This is due to missing or incorrect nonce validation on the counter_access_key_setup() function. This makes it possible for unauthenticated attackers to update social login provider settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-54529 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | N/A | 7.5 HIGH |
| In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration | |||||
| CVE-2025-54528 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | N/A | 8.8 HIGH |
| In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow | |||||
| CVE-2025-54536 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | N/A | 8.8 HIGH |
| In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint | |||||
| CVE-2019-1658 | 1 Cisco | 1 Unified Intelligence Center | 2025-07-31 | 4.3 MEDIUM | 7.4 HIGH |
| A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user. | |||||