Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34008 | 1 Moodle | 1 Moodle | 2025-03-25 | N/A | 8.8 HIGH |
| Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk. | |||||
| CVE-2024-45372 | 1 Planex | 2 Mzk-dp300n, Mzk-dp300n Firmware | 2025-03-25 | N/A | 6.5 MEDIUM |
| MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc. | |||||
| CVE-2024-37227 | 1 Tribulant | 1 Newsletters | 2025-03-25 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7. | |||||
| CVE-2024-3474 | 1 Wow-company | 1 Wow Skype Buttons | 2025-03-25 | N/A | 8.8 HIGH |
| The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks | |||||
| CVE-2024-13710 | 2025-03-25 | N/A | 4.3 MEDIUM | ||
| The Estatebud – Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-2319 | 2025-03-25 | N/A | 8.8 HIGH | ||
| The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. This makes it possible for unauthenticated attackers to execute code on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Version 5.25.10 adds a nonce check, which makes this vulnerability exploitable by admins only. | |||||
| CVE-2025-30552 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Donald Gilbert WordPress Admin Bar Improved allows Stored XSS. This issue affects WordPress Admin Bar Improved: from n/a through 3.3.5. | |||||
| CVE-2025-30576 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Image Autosave allows Cross Site Request Forgery. This issue affects Hacklog Remote Image Autosave: from n/a through 2.1.0. | |||||
| CVE-2025-30565 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in karrikas banner-manager allows Stored XSS. This issue affects banner-manager: from n/a through 16.04.19. | |||||
| CVE-2025-30617 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in takien Rewrite allows Cross Site Request Forgery. This issue affects Rewrite: from n/a through 0.2.1. | |||||
| CVE-2025-30521 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in giangmd93 GP Back To Top allows Cross Site Request Forgery. This issue affects GP Back To Top: from n/a through 3.0. | |||||
| CVE-2025-30549 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Yummly Yummly Rich Recipes allows Cross Site Request Forgery. This issue affects Yummly Rich Recipes: from n/a through 4.2. | |||||
| CVE-2025-30522 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Damian Orzol Contact Form 7 Material Design allows Stored XSS. This issue affects Contact Form 7 Material Design: from n/a through 1.0.0. | |||||
| CVE-2025-30587 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in shawfactor LH OGP Meta allows Stored XSS. This issue affects LH OGP Meta: from n/a through 1.73. | |||||
| CVE-2025-30572 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Igor Yavych Simple Rating allows Stored XSS. This issue affects Simple Rating: from n/a through 1.4. | |||||
| CVE-2025-30534 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in captcha.soft Image Captcha allows Cross Site Request Forgery. This issue affects Image Captcha: from n/a through 1.2. | |||||
| CVE-2025-30557 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in odihost Easy 301 Redirects allows Cross Site Request Forgery. This issue affects Easy 301 Redirects: from n/a through 1.33. | |||||
| CVE-2025-30542 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wpsolutions SoundCloud Ultimate allows Cross Site Request Forgery. This issue affects SoundCloud Ultimate: from n/a through 1.5. | |||||
| CVE-2025-30598 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Link OSS Upload allows Cross Site Request Forgery. This issue affects OSS Upload: from n/a through 4.8.9. | |||||
| CVE-2025-30558 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in EnzoCostantini55 ANAC XML Render allows Stored XSS. This issue affects ANAC XML Render: from n/a through 1.5.7. | |||||