Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24742 | 1 Codecabin | 1 Wp Go Maps | 2025-02-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Go Maps (formerly WP Google Maps) WP Go Maps. This issue affects WP Go Maps: from n/a through 9.0.40. | |||||
| CVE-2023-27520 | 1 Epson | 240 Esifnw1, Esifnw1 Firmware, Esnsb1 and 237 more | 2025-02-10 | N/A | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor. | |||||
| CVE-2024-2449 | 1 Progress | 1 Loadmaster | 2025-02-10 | N/A | 7.5 HIGH |
| A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator. | |||||
| CVE-2024-52479 | 1 Astoundify | 1 Jobify | 2025-02-10 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Cross Site Request Forgery.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3. | |||||
| CVE-2023-26845 | 1 Opencats | 1 Opencats | 2025-02-10 | N/A | 4.3 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors. | |||||
| CVE-2024-39678 | 1 Boxystudio | 1 Cooked | 2025-02-10 | N/A | 8.8 HIGH |
| Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-39679 | 1 Boxystudio | 1 Cooked | 2025-02-10 | N/A | 8.8 HIGH |
| Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-39680 | 1 Boxystudio | 1 Cooked | 2025-02-10 | N/A | 8.8 HIGH |
| Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-39681 | 1 Boxystudio | 1 Cooked | 2025-02-10 | N/A | 8.8 HIGH |
| Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-0432 | 1 Fabrick | 1 Gestpay For Woocommerce | 2025-02-10 | N/A | 4.3 MEDIUM |
| The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_delete_card' function. This makes it possible for unauthenticated attackers to delete the default card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-0433 | 1 Fabrick | 1 Gestpay For Woocommerce | 2025-02-10 | N/A | 4.3 MEDIUM |
| The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_unset_default_card' function. This makes it possible for unauthenticated attackers to remove the default status of a card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-54355 | 1 Wpmailster | 1 Wp Mailster | 2025-02-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0. | |||||
| CVE-2022-0707 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack | |||||
| CVE-2023-30529 | 1 Jenkins | 1 Lucene-search | 2025-02-07 | N/A | 4.3 MEDIUM |
| Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database. | |||||
| CVE-2024-1446 | 1 Nextscripts | 1 Social Networks Auto Poster | 2025-02-07 | N/A | 4.3 MEDIUM |
| The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to delete arbitrary posts or pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-30525 | 1 Jenkins | 1 Report Portal | 2025-02-07 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication. | |||||
| CVE-2025-25146 | 2025-02-07 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in saleandro Songkick Concerts and Festivals allows Cross Site Request Forgery. This issue affects Songkick Concerts and Festivals: from n/a through 0.9.7. | |||||
| CVE-2025-25111 | 2025-02-07 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP Spell Check allows Cross Site Request Forgery. This issue affects WP Spell Check: from n/a through 9.21. | |||||
| CVE-2025-25123 | 2025-02-07 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy Related Posts allows Stored XSS. This issue affects Easy Related Posts: from n/a through 2.0.2. | |||||
| CVE-2025-25140 | 2025-02-07 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile allows Stored XSS. This issue affects Simple User Profile: from n/a through 1.9. | |||||