Total
8268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-62866 | 2025-12-10 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Valerio Monti Auto Alt Text auto-alt-text allows Cross Site Request Forgery.This issue affects Auto Alt Text: from n/a through <= 2.5.2. | |||||
| CVE-2025-62762 | 2025-12-10 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in photoboxone SMTP Mail smtp-mail allows Cross Site Request Forgery.This issue affects SMTP Mail: from n/a through <= 1.3.47. | |||||
| CVE-2025-62734 | 2025-12-10 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Revellin-Clerc Media Library Downloader media-library-downloader allows Cross Site Request Forgery.This issue affects Media Library Downloader: from n/a through <= 1.4.0. | |||||
| CVE-2025-62733 | 2025-12-10 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ProteusThemes Custom Sidebars by ProteusThemes custom-sidebars-by-proteusthemes allows Cross Site Request Forgery.This issue affects Custom Sidebars by ProteusThemes: from n/a through <= 1.0.3. | |||||
| CVE-2025-67595 | 1 Ays-pro | 1 Quiz Maker | 2025-12-10 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.82. | |||||
| CVE-2025-64498 | 1 Enalean | 1 Tuleap | 2025-12-10 | N/A | 4.6 MEDIUM |
| Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. This issue is fixed in version Tuleap Community Edition version 17.0.99.1762444754 and Tuleap Enterprise Edition versions 17.0-2, 16.13-7 and 16.12-10. | |||||
| CVE-2025-64499 | 1 Enalean | 1 Tuleap | 2025-12-10 | N/A | 4.6 MEDIUM |
| Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API. Attackers have access to create, edit or remove plans. This issue is fixed in Tuleap Community Edition version 17.0.99.1762456922 and Tuleap Enterprise Edtion versions 17.0-2, 16.13-7 and 16.12-10. | |||||
| CVE-2025-64760 | 1 Enalean | 1 Tuleap | 2025-12-10 | N/A | 4.6 MEDIUM |
| Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to create or remove tracker triggers. This issue is fixed in Tuleap Community Edition version 17.0.99.1763126988 and Tuleap Enterprise Edition versions 17.0-3 and 16.13-8. | |||||
| CVE-2025-60912 | 1 Phpipam | 1 Phpipam | 2025-12-10 | N/A | 3.3 LOW |
| phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump downloads via crafted HTTP GET requests if an administrator has an active session. | |||||
| CVE-2025-63030 | 2025-12-10 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.0. | |||||
| CVE-2025-67593 | 2025-12-10 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.48. | |||||
| CVE-2025-67598 | 2025-12-09 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through <= 3.4.1. | |||||
| CVE-2025-67596 | 2025-12-09 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Cross Site Request Forgery.This issue affects Business Directory: from n/a through <= 6.4.19. | |||||
| CVE-2025-67591 | 2025-12-09 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in jegtheme JNews Paywall jnews-paywall allows Cross Site Request Forgery.This issue affects JNews Paywall: from n/a through < 12.0.1. | |||||
| CVE-2025-67590 | 2025-12-09 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through <= 2.4.3. | |||||
| CVE-2025-63012 | 2025-12-09 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through <= 2.2.7. | |||||
| CVE-2025-11022 | 2025-12-09 | N/A | 9.6 CRITICAL | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Personal Project Panilux allows Cross Site Request Forgery. This CSRF vulnerability resulting in Command Injection has been identified. This issue affects Panilux: before v.0.10.0. NOTE: The vendor was contacted and responded that they deny ownership of the mentioned product. | |||||
| CVE-2025-67467 | 2025-12-09 | N/A | 4.5 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give allows Cross Site Request Forgery.This issue affects GiveWP: from n/a through <= 4.13.1. | |||||
| CVE-2025-63060 | 2025-12-09 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through <= 4.2. | |||||
| CVE-2025-13924 | 2025-12-09 | N/A | 4.3 MEDIUM | ||
| The Advanced Product Fields (Product Addons) for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.17. This is due to missing or incorrect nonce validation on the 'maybe_duplicate' function. This makes it possible for unauthenticated attackers to duplicate and publish product field groups, including draft and pending field groups, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||