Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30555 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in iiiryan WordPres ???? allows Stored XSS. This issue affects WordPres ????: from n/a through 1.1.0. | |||||
| CVE-2025-30538 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ChrisHurst Simple Optimizer allows Cross Site Request Forgery. This issue affects Simple Optimizer: from n/a through 1.2.7. | |||||
| CVE-2025-30584 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in alphaomegaplugins AlphaOmega Captcha & Anti-Spam Filter allows Stored XSS. This issue affects AlphaOmega Captcha & Anti-Spam Filter: from n/a through 3.3. | |||||
| CVE-2025-30601 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in flipdish Flipdish Ordering System allows Cross Site Request Forgery. This issue affects Flipdish Ordering System: from n/a through 1.4.16. | |||||
| CVE-2025-30526 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in lucksy Typekit plugin for WordPress allows Cross Site Request Forgery. This issue affects Typekit plugin for WordPress: from n/a through 1.2.3. | |||||
| CVE-2025-30564 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wpwox Custom Script Integration allows Stored XSS. This issue affects Custom Script Integration: from n/a through 2.1. | |||||
| CVE-2025-30561 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Henrique Mouta CAS Maestro allows Stored XSS. This issue affects CAS Maestro: from n/a through 1.1.3. | |||||
| CVE-2025-30585 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in marynixie Generate Post Thumbnails allows Cross Site Request Forgery. This issue affects Generate Post Thumbnails: from n/a through 0.8. | |||||
| CVE-2025-30615 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Jacob Schwartz WP e-Commerce Style Email allows Code Injection. This issue affects WP e-Commerce Style Email: from n/a through 0.6.2. | |||||
| CVE-2025-30531 | 2025-03-24 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in GBS Developer WP Ride Booking allows Cross Site Request Forgery. This issue affects WP Ride Booking: from n/a through 2.4. | |||||
| CVE-2025-24387 | 1 Otrs | 1 Otrs | 2025-03-24 | N/A | 6.5 MEDIUM |
| A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * OTRS 2025.x | |||||
| CVE-2024-13768 | 2025-03-22 | N/A | 4.3 MEDIUM | ||
| The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation on the cits_assign_fonts_tab() function. This makes it possible for unauthenticated attackers to delete font assignments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-0807 | 2025-03-22 | N/A | 4.3 MEDIUM | ||
| The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation on the cits_settings_tab() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-4138 | 1 Gitlab | 1 Gitlab | 2025-03-21 | N/A | 8.1 HIGH |
| A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project. | |||||
| CVE-2017-20093 | 1 W3eden | 1 Download Manager | 2025-03-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. | |||||
| CVE-2022-36288 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | |||||
| CVE-2022-34347 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | |||||
| CVE-2024-13647 | 1 Themesawesome | 1 Sakolawp | 2025-03-21 | N/A | 4.3 MEDIUM |
| The School Management System – SakolaWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the 'save_exam_setting' and 'delete_exam_setting' actions. This makes it possible for unauthenticated attackers to update exam settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2015-10130 | 1 I13websolution | 1 Team Circle Image Slider With Lightbox | 2025-03-21 | N/A | 4.3 MEDIUM |
| The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the circle_thumbnail_slider_with_lightbox_image_management_func() function. This makes it possible for unauthenticated attackers to edit image data which can be used to inject malicious JavaScript, along with deleting images, and uploading malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-29557 | 1 Relx | 1 Firco Compliance Link | 2025-03-20 | N/A | 8.8 HIGH |
| LexisNexis Firco Compliance Link 3.7 allows CSRF. | |||||