Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3999 | 1 Dpdgroup | 1 Woocommerce Shipping | 2025-04-22 | N/A | 8.1 HIGH |
| The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. | |||||
| CVE-2022-31294 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts. | |||||
| CVE-2021-46027 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added | |||||
| CVE-2022-46062 | 1 Gym Management System Project | 1 Gym Management System | 2025-04-22 | N/A | 4.5 MEDIUM |
| Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). | |||||
| CVE-2022-46074 | 1 Helmet Store Showroom Project | 1 Helmet Store Showroom | 2025-04-22 | N/A | 8.8 HIGH |
| Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). An unauthenticated user can add an admin account due to missing CSRF protection. | |||||
| CVE-2025-3843 | 2025-04-21 | N/A | 4.3 MEDIUM | ||
| A vulnerability was found in panhainan DS-Java 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-4552 | 1 Fl3r Feelbox Project | 1 Fl3r Feelbox | 2025-04-21 | N/A | 6.1 MEDIUM |
| The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | |||||
| CVE-2025-3808 | 2025-04-21 | N/A | 4.3 MEDIUM | ||
| A vulnerability has been found in zhenfeng13 My-BBS 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected. | |||||
| CVE-2025-2111 | 2025-04-21 | N/A | 7.5 HIGH | ||
| The Insert Headers And Footers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'custom_plugin_set_option' function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. The 'WPBRIGADE_SDK__DEV_MODE' constant must be set to 'true' to exploit the vulnerability. | |||||
| CVE-2025-3284 | 2025-04-21 | N/A | 4.3 MEDIUM | ||
| The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.3. This is due to missing or incorrect nonce validation on the user_registration_pro_delete_account() function. This makes it possible for unauthenticated attackers to force delete users, including administrators, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-3756 | 1 Mf Gig Calendar Project | 1 Mf Gig Calendar | 2025-04-18 | N/A | N/A |
| The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack | |||||
| CVE-2025-39443 | 2025-04-17 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.9.0. | |||||
| CVE-2025-39440 | 2025-04-17 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover allows Stored XSS. This issue affects Broken Links Remover: from n/a through 1.2.2. | |||||
| CVE-2025-39430 | 2025-04-17 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Alexander Rauscha mLanguage allows Stored XSS. This issue affects mLanguage: from n/a through 1.6.1. | |||||
| CVE-2025-39414 | 2025-04-17 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Mike spam-stopper allows Stored XSS. This issue affects spam-stopper: from n/a through 3.1.3. | |||||
| CVE-2025-39455 | 2025-04-17 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ip2location IP2Location Variables allows Reflected XSS. This issue affects IP2Location Variables: from n/a through 2.9.5. | |||||
| CVE-2025-39435 | 2025-04-17 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in davidfcarr My Marginalia allows Stored XSS. This issue affects My Marginalia: from n/a through 1.0.6. | |||||
| CVE-2025-39431 | 2025-04-17 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Aaron Forgue Amazon Showcase WordPress Plugin allows Stored XSS. This issue affects Amazon Showcase WordPress Plugin: from n/a through 2.2. | |||||
| CVE-2025-39422 | 2025-04-17 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in PResponsive WP Social Bookmarking allows Stored XSS. This issue affects WP Social Bookmarking: from n/a through 3.6. | |||||
| CVE-2025-32655 | 2025-04-17 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in DevriX Restrict User Registration allows Stored XSS. This issue affects Restrict User Registration: from n/a through 1.0.1. | |||||