Total
7765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53272 | 2025-06-30 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in opicron Image Cleanup allows Cross Site Request Forgery. This issue affects Image Cleanup: from n/a through 1.9.2. | |||||
| CVE-2025-53254 | 2025-06-30 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in webcraftic Cyrlitera allows Cross Site Request Forgery. This issue affects Cyrlitera: from n/a through 1.2.0. | |||||
| CVE-2025-53308 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in gopi_plus Image Slider With Description allows Stored XSS. This issue affects Image Slider With Description: from n/a through 9.2. | |||||
| CVE-2025-53314 | 2025-06-30 | N/A | 9.6 CRITICAL | ||
| Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer allows SQL Injection. This issue affects WP Optimizer: from n/a through 2.3.6. | |||||
| CVE-2025-53274 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Hossin Asaadi WP Permalink Translator allows Stored XSS. This issue affects WP Permalink Translator: from n/a through 1.7.6. | |||||
| CVE-2025-53267 | 2025-06-30 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Aftab Husain Hide Admin Bar From Front End allows Cross Site Request Forgery. This issue affects Hide Admin Bar From Front End: from n/a through 1.0.0. | |||||
| CVE-2025-53265 | 2025-06-30 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Elena Yamshikova Virusdie allows Cross Site Request Forgery. This issue affects Virusdie: from n/a through 1.1.3. | |||||
| CVE-2025-53313 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in plumwd Twitch TV Embed Suite allows Stored XSS. This issue affects Twitch TV Embed Suite: from n/a through 2.1.0. | |||||
| CVE-2025-53263 | 2025-06-30 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in PluginsCafe Address Autocomplete via Google for Gravity Forms allows Cross Site Request Forgery. This issue affects Address Autocomplete via Google for Gravity Forms: from n/a through 1.3.4. | |||||
| CVE-2025-53332 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ethoseo Track Everything allows Stored XSS. This issue affects Track Everything: from n/a through 2.0.1. | |||||
| CVE-2025-53329 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in szajenw Społecznościowa 6 PL 2013 allows Stored XSS. This issue affects Społecznościowa 6 PL 2013: from n/a through 2.0.6. | |||||
| CVE-2025-53338 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in dor re.place allows Stored XSS. This issue affects re.place: from n/a through 0.2.1. | |||||
| CVE-2025-53331 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in samcharrington RSS Digest allows Stored XSS. This issue affects RSS Digest: from n/a through 1.5. | |||||
| CVE-2025-24289 | 2025-06-30 | N/A | 7.5 HIGH | ||
| A Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default. | |||||
| CVE-2021-27704 | 1 Appspace | 1 Appspace | 2025-06-27 | N/A | 6.5 MEDIUM |
| Appspace 6.2.4 is affected by Incorrect Access Control via the Appspace Web Portal password reset page. | |||||
| CVE-2024-3151 | 1 Bdtask | 1 M-store | 2025-06-27 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Bdtask Multi-Store Inventory Management System up to 20240325. Affected is an unknown function of the file /stockmovment/stockmovment/delete/ of the component Stock Movement Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258924. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6664 | 1 Codeastro | 1 Patient Record Management System | 2025-06-27 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-26910 | 1 Iqonic | 1 Wpbookit | 2025-06-27 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1. | |||||
| CVE-2025-6476 | 1 Oretnom23 | 1 Gym Management System | 2025-06-27 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in SourceCodester Gym Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6478 | 1 Codeastro | 1 Expense Management System | 2025-06-27 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. | |||||