Total
7663 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-2405 | 1 Wow-company | 1 Float Menu | 2025-05-08 | N/A | 4.5 MEDIUM |
| The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack. | |||||
| CVE-2024-12436 | 1 Marvinlabs | 1 Wp Customer Area | 2025-05-08 | N/A | 4.3 MEDIUM |
| The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | |||||
| CVE-2024-12280 | 1 Marvinlabs | 1 Wp Customer Area | 2025-05-08 | N/A | 4.3 MEDIUM |
| The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack | |||||
| CVE-2024-3481 | 1 Wow-company | 1 Counter Box | 2025-05-08 | N/A | 5.2 MEDIUM |
| The Counter Box WordPress plugin before 1.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks | |||||
| CVE-2024-3478 | 1 Wow-company | 1 Herd Effects | 2025-05-08 | N/A | 6.1 MEDIUM |
| The Herd Effects WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks | |||||
| CVE-2024-3477 | 1 Wow-company | 1 Popup Box | 2025-05-08 | N/A | 4.3 MEDIUM |
| The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks | |||||
| CVE-2024-3476 | 1 Wow-company | 1 Side Menu Lite | 2025-05-08 | N/A | 8.8 HIGH |
| The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks | |||||
| CVE-2024-3475 | 1 Wow-company | 1 Sticky Buttons | 2025-05-08 | N/A | 7.5 HIGH |
| The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks | |||||
| CVE-2022-42199 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | N/A | 8.8 HIGH |
| Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List. | |||||
| CVE-2025-47523 | 2025-05-08 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Lukáš Hartmann Seznam Webmaster allows Cross Site Request Forgery. This issue affects Seznam Webmaster: from n/a through 1.4.7. | |||||
| CVE-2025-47468 | 2025-05-08 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in hashthemes Hash Form allows Cross Site Request Forgery. This issue affects Hash Form: from n/a through 1.2.8. | |||||
| CVE-2025-47491 | 2025-05-08 | N/A | 7.4 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery. This issue affects Contact Form Widget: from n/a through 1.4.6. | |||||
| CVE-2025-47519 | 2025-05-08 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal Events allows Cross Site Request Forgery. This issue affects Easy PayPal Events: from n/a through 1.2.2. | |||||
| CVE-2025-47473 | 2025-05-08 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in pimwick PW WooCommerce Bulk Edit allows Cross Site Request Forgery. This issue affects PW WooCommerce Bulk Edit: from n/a through 2.134. | |||||
| CVE-2025-47462 | 2025-05-08 | N/A | 8.8 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Ohidul Islam Challan allows Privilege Escalation. This issue affects Challan: from n/a through 3.7.58. | |||||
| CVE-2025-47447 | 2025-05-08 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak Cool Author Box allows Cross Site Request Forgery. This issue affects Cool Author Box: from n/a through 3.0.0. | |||||
| CVE-2025-47448 | 2025-05-08 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking allows Cross Site Request Forgery. This issue affects WP Hotel Booking: from n/a through 2.1.9. | |||||
| CVE-2025-47533 | 2025-05-08 | N/A | 8.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design Graphina allows PHP Local File Inclusion. This issue affects Graphina: from n/a through 3.0.4. | |||||
| CVE-2025-47514 | 2025-05-08 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Eli ELI's Related Posts Footer Links and Widget allows Stored XSS. This issue affects ELI's Related Posts Footer Links and Widget: from n/a through 1.2.04.20. | |||||
| CVE-2025-47466 | 2025-05-08 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate WP Mail allows Cross Site Request Forgery. This issue affects Ultimate WP Mail: from n/a through 1.3.4. | |||||