Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24875 | 2025-02-18 | N/A | N/A | ||
| SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None (SameSite=None). This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues. | |||||
| CVE-2025-26543 | 2025-02-18 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Pukhraj Suthar Simple Responsive Menu allows Stored XSS. This issue affects Simple Responsive Menu: from n/a through 2.1. | |||||
| CVE-2025-1358 | 2025-02-18 | N/A | N/A | ||
| A vulnerability classified as problematic was found in Pix Software Vivaz 6.0.10. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-26768 | 2025-02-16 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field allows Stored XSS. This issue affects what3words Address Field: from n/a through 4.0.15. | |||||
| CVE-2025-26759 | 2025-02-16 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager allows Stored XSS. This issue affects Content Snippet Manager: from n/a through 1.1.5. | |||||
| CVE-2020-19278 | 1 Mm-wiki Project | 1 Mm-wiki | 2025-02-14 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter. | |||||
| CVE-2021-43353 | 1 Crisp | 1 Crisp | 2025-02-14 | 6.8 MEDIUM | 8.8 HIGH |
| The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisp_plugin_settings_page function found in the ~/crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31. | |||||
| CVE-2025-22705 | 2025-02-14 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in godthor Disqus Popular Posts allows Reflected XSS. This issue affects Disqus Popular Posts: from n/a through 2.1.1. | |||||
| CVE-2025-24699 | 2025-02-14 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder allows Cross-Site Scripting (XSS). This issue affects WP Coder: from n/a through 3.6. | |||||
| CVE-2023-0480 | 1 Vitalpbx | 1 Vitalpbx | 2025-02-13 | N/A | 8.8 HIGH |
| VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF. | |||||
| CVE-2024-2326 | 1 Caseproof | 1 Prettylinks | 2025-02-13 | N/A | N/A |
| The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's configuration including stripe integration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-26578 | 2025-02-13 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in mathieuhays Simple Documentation allows Stored XSS. This issue affects Simple Documentation: from n/a through 1.2.8. | |||||
| CVE-2025-26550 | 2025-02-13 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Kunal Shivale Global Meta Keyword & Description allows Stored XSS. This issue affects Global Meta Keyword & Description: from n/a through 2.3. | |||||
| CVE-2025-26582 | 2025-02-13 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Blackbam TinyMCE Advanced qTranslate fix editor problems allows Stored XSS. This issue affects TinyMCE Advanced qTranslate fix editor problems: from n/a through 1.0.0. | |||||
| CVE-2025-26570 | 2025-02-13 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in uamv Glance That allows Cross Site Request Forgery. This issue affects Glance That: from n/a through 4.9. | |||||
| CVE-2025-26545 | 2025-02-13 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in shisuh Related Posts Line-up-Exactly by Milliard allows Stored XSS. This issue affects Related Posts Line-up-Exactly by Milliard: from n/a through 0.0.22. | |||||
| CVE-2025-26562 | 2025-02-13 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Patnaik RSS Filter allows Stored XSS. This issue affects RSS Filter: from n/a through 1.2. | |||||
| CVE-2025-26571 | 2025-02-13 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wibiya Wibiya Toolbar allows Cross Site Request Forgery. This issue affects Wibiya Toolbar: from n/a through 2.0. | |||||
| CVE-2025-26568 | 2025-02-13 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in jensmueller Easy Amazon Product Information allows Stored XSS. This issue affects Easy Amazon Product Information: from n/a through 4.0.1. | |||||
| CVE-2025-26569 | 2025-02-13 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in callmeforsox Post Thumbs allows Stored XSS. This issue affects Post Thumbs: from n/a through 1.5. | |||||