Total
7361 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4024 | 1 Genetechsolutions | 1 Pie Register | 2025-04-17 | N/A | 6.5 MEDIUM |
| The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts) | |||||
| CVE-2025-31723 | 1 Jenkins | 1 Simple Queue | 2025-04-17 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order. | |||||
| CVE-2025-1762 | 1 Vollstart | 1 Event Tickets With Ticket Scanner | 2025-04-17 | N/A | 4.3 MEDIUM |
| The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2024-55088 | 1 Getsimple-ce | 1 Getsimple Cms | 2025-04-17 | N/A | 8.8 HIGH |
| GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module. | |||||
| CVE-2024-27694 | 1 Flycms Project | 1 Flycms | 2025-04-16 | N/A | 7.4 HIGH |
| FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit. | |||||
| CVE-2025-39564 | 2025-04-16 | N/A | 6.5 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Shipping for WooCommerce allows Cross Site Request Forgery. This issue affects Conditional Shipping for WooCommerce: from n/a through 3.4.0. | |||||
| CVE-2025-39544 | 2025-04-16 | N/A | 7.4 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi WP Tools allows Path Traversal. This issue affects WP Tools: from n/a through 5.18. | |||||
| CVE-2025-30967 | 2025-04-16 | N/A | 9.6 CRITICAL | ||
| Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a. | |||||
| CVE-2025-3687 | 2025-04-16 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Affected by this issue is some unknown functionality of the component Sticky Notes Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | |||||
| CVE-2025-39563 | 2025-04-16 | N/A | 6.5 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Payments for WooCommerce allows Cross Site Request Forgery. This issue affects Conditional Payments for WooCommerce: from n/a through 3.3.0. | |||||
| CVE-2025-39600 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for WooCommerce and QuickBooks allows Cross Site Request Forgery. This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.3.1. | |||||
| CVE-2025-39601 | 2025-04-16 | N/A | 9.6 CRITICAL | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote Code Inclusion. This issue affects Custom CSS, JS & PHP: from n/a through 2.4.1. | |||||
| CVE-2025-39548 | 2025-04-16 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Right Click Disable OR Ban allows Stored XSS. This issue affects Right Click Disable OR Ban: from n/a through 1.1.17. | |||||
| CVE-2025-39593 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in EverAccounting Ever Accounting allows Cross Site Request Forgery. This issue affects Ever Accounting: from n/a through 2.1.5. | |||||
| CVE-2025-26748 | 2025-04-16 | N/A | 8.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Arkhe allows PHP Local File Inclusion. This issue affects Arkhe: from n/a through 3.11.0. | |||||
| CVE-2025-39530 | 2025-04-16 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in dsky Site Search 360 allows Stored XSS. This issue affects Site Search 360: from n/a through 2.1.7. | |||||
| CVE-2025-39517 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Basic Interactive World Map allows Cross Site Request Forgery. This issue affects Basic Interactive World Map: from n/a through 2.7. | |||||
| CVE-2025-26903 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery allows Cross Site Request Forgery. This issue affects InPost Gallery: from n/a through 2.1.4.3. | |||||
| CVE-2025-39546 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in quomodosoft ElementsReady Addons for Elementor allows Cross Site Request Forgery. This issue affects ElementsReady Addons for Elementor: from n/a through 6.6.2. | |||||
| CVE-2025-39547 | 2025-04-16 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Internal Link Optimiser allows Stored XSS. This issue affects Internal Link Optimiser: from n/a through 5.1.3. | |||||