Total
7668 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39563 | 2025-04-16 | N/A | 6.5 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Payments for WooCommerce allows Cross Site Request Forgery. This issue affects Conditional Payments for WooCommerce: from n/a through 3.3.0. | |||||
| CVE-2025-39600 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for WooCommerce and QuickBooks allows Cross Site Request Forgery. This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.3.1. | |||||
| CVE-2025-39601 | 2025-04-16 | N/A | 9.6 CRITICAL | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote Code Inclusion. This issue affects Custom CSS, JS & PHP: from n/a through 2.4.1. | |||||
| CVE-2025-39548 | 2025-04-16 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Right Click Disable OR Ban allows Stored XSS. This issue affects Right Click Disable OR Ban: from n/a through 1.1.17. | |||||
| CVE-2025-39593 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in EverAccounting Ever Accounting allows Cross Site Request Forgery. This issue affects Ever Accounting: from n/a through 2.1.5. | |||||
| CVE-2025-26748 | 2025-04-16 | N/A | 8.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Arkhe allows PHP Local File Inclusion. This issue affects Arkhe: from n/a through 3.11.0. | |||||
| CVE-2025-39530 | 2025-04-16 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in dsky Site Search 360 allows Stored XSS. This issue affects Site Search 360: from n/a through 2.1.7. | |||||
| CVE-2025-39517 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Basic Interactive World Map allows Cross Site Request Forgery. This issue affects Basic Interactive World Map: from n/a through 2.7. | |||||
| CVE-2025-26903 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery allows Cross Site Request Forgery. This issue affects InPost Gallery: from n/a through 2.1.4.3. | |||||
| CVE-2025-39546 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in quomodosoft ElementsReady Addons for Elementor allows Cross Site Request Forgery. This issue affects ElementsReady Addons for Elementor: from n/a through 6.6.2. | |||||
| CVE-2025-39547 | 2025-04-16 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Internal Link Optimiser allows Stored XSS. This issue affects Internal Link Optimiser: from n/a through 5.1.3. | |||||
| CVE-2025-39512 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Yuya Hoshino Bulk Term Editor allows Cross Site Request Forgery. This issue affects Bulk Term Editor: from n/a through 1.1.4. | |||||
| CVE-2023-51525 | 1 Wpsimplebookingcalendar | 1 Wp Simple Booking Calendar | 2025-04-15 | N/A | 5.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg WP Simple Booking Calendar.This issue affects WP Simple Booking Calendar: from n/a through 2.0.8.4. | |||||
| CVE-2024-30482 | 1 B-website | 1 Simple Revisions Delete | 2025-04-15 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Brice CAPOBIANCO Simple Revisions Delete.This issue affects Simple Revisions Delete: from n/a through 1.5.3. | |||||
| CVE-2025-25379 | 1 07fly | 1 07flycms | 2025-04-15 | N/A | 9.6 CRITICAL |
| Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component. | |||||
| CVE-2024-57611 | 1 07fly | 1 07flycms | 2025-04-15 | N/A | 3.5 LOW |
| 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId. | |||||
| CVE-2024-57159 | 1 07fly | 1 07flycms | 2025-04-15 | N/A | 3.5 LOW |
| 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html. | |||||
| CVE-2024-33651 | 1 Mf Gig Calendar Project | 1 Mf Gig Calendar | 2025-04-15 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through 1.2.1. | |||||
| CVE-2025-2871 | 2025-04-15 | N/A | 4.3 MEDIUM | ||
| The WordPress Mega Menu – QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajax_dismiss_notice() function. This makes it possible for unauthenticated attackers to update any user meta to a value of one, including wp_capabilities which could result in a privilege deescalation of an administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-13338 | 2025-04-15 | N/A | 5.3 MEDIUM | ||
| The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the wclearfy_cache_delete functionality . This makes it possible for unauthenticated attackers to clear the cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||