Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3971 | 1 Davidjmiller | 1 Similarity | 2025-03-13 | N/A | 4.3 MEDIUM |
| The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack | |||||
| CVE-2023-52060 | 1 Gestsup | 1 Gestsup | 2025-03-13 | N/A | 4.3 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request. | |||||
| CVE-2024-45270 | 1 Majeedraza | 1 Carousel Slider | 2025-03-13 | N/A | 4.3 MEDIUM |
| WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site. | |||||
| CVE-2024-40039 | 1 Idccms Project | 1 Idccms | 2025-03-13 | N/A | 8.8 HIGH |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del | |||||
| CVE-2024-45269 | 1 Majeedraza | 1 Carousel Slider | 2025-03-13 | N/A | 4.3 MEDIUM |
| WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site. | |||||
| CVE-2024-13774 | 1 Wpfactory | 1 Wishlist For Woocommerce | 2025-03-12 | N/A | 6.5 MEDIUM |
| The Wishlist for WooCommerce: Multi Wishlists Per Customer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.7. This is due to missing or incorrect nonce validation on the 'save_to_multiple_wishlist' function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-34167 | 1 Taogogo | 1 Taocms | 2025-03-12 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php. | |||||
| CVE-2022-46797 | 1 Conversios | 1 Conversios | 2025-03-12 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin <= 5.2.3 leads to plugin settings change. | |||||
| CVE-2024-11640 | 1 E4jconnect | 1 Vikrentcar | 2025-03-11 | N/A | 8.8 HIGH |
| The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugin access privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows attackers with subscriber-level privileges and above to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2025-28901 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Naren Members page only for logged in users allows Stored XSS. This issue affects Members page only for logged in users: from n/a through 1.4.2. | |||||
| CVE-2025-28892 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in a2rocklobster FTP Sync allows Stored XSS. This issue affects FTP Sync: from n/a through 1.1.6. | |||||
| CVE-2025-28910 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Ravinder Khurana WP Hide Admin Bar allows Cross Site Request Forgery. This issue affects WP Hide Admin Bar: from n/a through 2.0. | |||||
| CVE-2025-28909 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in edwardw WP No-Bot Question allows Cross Site Request Forgery. This issue affects WP No-Bot Question: from n/a through 0.1.7. | |||||
| CVE-2025-28884 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Kumar WP Bulk Post Duplicator allows Cross Site Request Forgery. This issue affects WP Bulk Post Duplicator: from n/a through 1.2. | |||||
| CVE-2025-28923 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in philippe No Disposable Email allows Stored XSS. This issue affects No Disposable Email: from n/a through 2.5.1. | |||||
| CVE-2025-28902 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button allows Cross Site Request Forgery. This issue affects Contact Form 7 Select Box Editor Button: from n/a through 0.6. | |||||
| CVE-2025-28940 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top allows Cross Site Request Forgery. This issue affects Back To Top: from n/a through 2.0. | |||||
| CVE-2025-28897 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Steveorevo Domain Theme allows Stored XSS. This issue affects Domain Theme: from n/a through 1.3. | |||||
| CVE-2025-28894 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in frucomerci List of Posts from each Category plugin for WordPress allows Stored XSS. This issue affects List of Posts from each Category plugin for WordPress: from n/a through 2.0. | |||||
| CVE-2025-28881 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in mg12 Mobile Themes allows Cross Site Request Forgery. This issue affects Mobile Themes: from n/a through 1.1.1. | |||||