Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-28927 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in A. Chappard Display Template Name allows Cross Site Request Forgery. This issue affects Display Template Name: from n/a through 1.7.1. | |||||
| CVE-2025-28900 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in webgarb TabGarb Pro allows Stored XSS. This issue affects TabGarb Pro: from n/a through 2.6. | |||||
| CVE-2025-28891 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in jazzigor price-calc allows Stored XSS. This issue affects price-calc: from n/a through 0.6.3. | |||||
| CVE-2025-28883 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables allows Stored XSS. This issue affects WP Compare Tables: from n/a through 1.0.5. | |||||
| CVE-2025-28887 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Fastmover Plugins Last Updated Column allows Cross Site Request Forgery. This issue affects Plugins Last Updated Column: from n/a through 0.1.3. | |||||
| CVE-2025-28932 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in BCS Website Solutions Insert Code allows Stored XSS. This issue affects Insert Code: from n/a through 2.4. | |||||
| CVE-2025-28913 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Aftab Ali Muni WP Add Active Class To Menu Item allows Cross Site Request Forgery. This issue affects WP Add Active Class To Menu Item: from n/a through 1.0. | |||||
| CVE-2025-28941 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ohtan Spam Byebye allows Cross Site Request Forgery. This issue affects Spam Byebye: from n/a through 2.2.4. | |||||
| CVE-2025-28922 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Terence D. Go To Top allows Stored XSS. This issue affects Go To Top: from n/a through 0.0.8. | |||||
| CVE-2025-28931 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in DevriX Hashtags allows Stored XSS. This issue affects Hashtags: from n/a through 0.3.2. | |||||
| CVE-2025-28886 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in xjb REST API TO MiniProgram allows Cross Site Request Forgery. This issue affects REST API TO MiniProgram: from n/a through 4.7.1. | |||||
| CVE-2025-28912 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Muntasir Rahman Custom Dashboard Page allows Cross Site Request Forgery. This issue affects Custom Dashboard Page: from n/a through 1.0. | |||||
| CVE-2025-28925 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Hieu Nguyen WATI Chat and Notification allows Stored XSS. This issue affects WATI Chat and Notification: from n/a through 1.1.2. | |||||
| CVE-2025-28933 | 2025-03-11 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in maxfoundry MaxA/B allows Stored XSS. This issue affects MaxA/B: from n/a through 2.2.2. | |||||
| CVE-2024-1976 | 1 Marketingoptimizer | 1 Marketing Optimizer | 2025-03-11 | N/A | 4.3 MEDIUM |
| The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via the admin/main-settings-page.php file. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-54139 | 1 Combodo | 1 Itop | 2025-03-11 | N/A | 9.6 CRITICAL |
| Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the `_table_id` parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the issue. | |||||
| CVE-2024-0592 | 1 Never5 | 1 Related Posts | 2025-03-11 | N/A | 5.4 MEDIUM |
| The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handle_create_link() function. This makes it possible for unauthenticated attackers to add related posts to other posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This ultimately makes it possible for attackers to view draft and password protected posts. | |||||
| CVE-2024-1889 | 1 Sma | 4 Clcon-10, Clcon-10 Firmware, Clcon-s-10 and 1 more | 2025-03-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected device. | |||||
| CVE-2024-49779 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-03-11 | N/A | 8.8 HIGH |
| IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote attacker could exploit this vulnerability to bypass security restrictions and gain unauthorized access to the vulnerable application. | |||||
| CVE-2024-0827 | 1 Hammadh | 1 Play.ht | 2025-03-11 | N/A | 4.3 MEDIUM |
| The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||