Medium
CVE-2025-7687
The Latest Post Accordian Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on th…
Tag: Cross-Site Request Forgery (CSRF)
All CVEs associated with "Cross-Site Request Forgery (CSRF)". Page 11/80 • 9568 CVEs.
Subscribe CVEs: RSS for “Cross-Site Request Forgery (CSRF)” · RSS (High+Critical only)
About “Cross-Site Request Forgery (CSRF)”
A curated feed of “Cross-Site Request Forgery (CSRF)”-related CVEs appears below. We currently track 9568 CVEs for this tag (all time). In the last 365 days, 1403 were published. Average CVSS is 6.4 (all time; 5.6 over 365d), and 37% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-352 - Cross-Site Request Forgery (CSRF), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-07-22
Medium
CVE-2025-7685
The Like & Share My Site plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the 'lsms_…
2025-07-21
High
CVE-2025-54082
marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0, a vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package th…
Medium
CVE-2025-7369
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.4.2. This is due to missing or incorrect nonce…
2025-07-19
Medium
CVE-2025-7834
A vulnerability, which was classified as problematic, was found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. I…
Medium
CVE-2025-7669
The Avishi WP PayPal Payment Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on…
2025-07-18
Medium
CVE-2025-50586
StudentManage v1.0 was discovered to contain Cross-Site Request Forgery (CSRF).
Medium
CVE-2025-6781
The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce val…
Medium
CVE-2025-6053
The Zuppler Online Ordering plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.0. This is due to missing or incorrect nonce validation on the '…
2025-07-17
Medium
CVE-2025-7756
A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to…
2025-07-16
Medium
CVE-2025-54042
Cross-Site Request Forgery (CSRF) vulnerability in Xfinitysoft WP Post Hide wp-post-hide allows Cross Site Request Forgery.This issue affects WP Post Hide: from n/a through <= 1.0.9.
Medium
CVE-2025-54041
Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Cross Site Request Forgery.This issue affects Wallet System for WooComm…
Medium
CVE-2025-54039
Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Animator scroll-triggered-animations allows Cross Site Request Forgery.This issue affects Animator: from n/a through <= 3.0.16.
Medium
CVE-2025-54038
Cross-Site Request Forgery (CSRF) vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Cross Site Request Forgery.This issue affects Restaurant Menu by MotoPress: from…
Medium
CVE-2025-54036
Cross-Site Request Forgery (CSRF) vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Cross Site Request Forgery.This issue affects Webba Booking: from n/a through <= 5…
Medium
CVE-2025-54035
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Newsletters newsletters-lite allows Cross Site Request Forgery.This issue affects Newsletters: from n/a through <= 4.10.
Medium
CVE-2025-54033
Cross-Site Request Forgery (CSRF) vulnerability in BlocksWP Theme Builder For Elementor theme-builder-for-elementor allows Cross Site Request Forgery.This issue affects Theme Builder For Elementor: f…
Medium
CVE-2025-54030
Cross-Site Request Forgery (CSRF) vulnerability in WesternDeal WooCommerce Google Sheet Connector wc-gsheetconnector allows Cross Site Request Forgery.This issue affects WooCommerce Google Sheet Conn…
Medium
CVE-2025-54022
Cross-Site Request Forgery (CSRF) vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Cross Site Request Forgery.This issue affects Coupon Affiliates: from n/a through…
Medium
CVE-2025-54020
Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for Contact Form 7 cf7-antispam allows Cross Site Request Forgery.This issue affects AntiSpam for Contact Form 7: from n/a through <=…
Critical
CVE-2025-54010
Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets easy-code-manager allows Cross Site Request Forgery.This issue affects FluentSnippets: from n/a through <= 10.50.
High
CVE-2025-48153
Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au Import CDN-Remote Images import-cdn-remote-images allows Stored XSS.This issue affects Import CDN-Remote Images: from n/a through <= 2.1.2.
2025-07-15
High
CVE-2025-7667
The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'res…
2025-07-11
High
CVE-2025-43856
immich is a high performance self-hosted photo and video management solution. Prior to 1.132.0, immich is vulnerable to account hijacking through oauth2, because the state parameter is not being chec…
2025-07-07
High
CVE-2025-53540
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerabl…
Medium
CVE-2025-20322
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a sp…
Medium
CVE-2025-20321
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a speci…
Medium
CVE-2025-7133
A vulnerability classified as problematic has been found in CodeAstro Online Movie Ticket Booking System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is…
2025-07-06
Medium
CVE-2025-7078
A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The…
2025-07-04
High
CVE-2025-53483
ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malici…
Medium
CVE-2025-53569
Cross-Site Request Forgery (CSRF) vulnerability in Trust Payments Trust Payments Gateway for WooCommerce (JavaScript Library) trust-payments-gateway-3ds2 allows Cross Site Request Forgery.This issue…
Medium
CVE-2025-53568
Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli Radio Station radio-station allows Cross Site Request Forgery.This issue affects Radio Station: from n/a through <= 2.5.12.
Medium
CVE-2025-23972
Cross-Site Request Forgery (CSRF) vulnerability in Brian S. Reed Contact Form 7 reCAPTCHA contact-form-7-recaptcha allows Cross Site Request Forgery.This issue affects Contact Form 7 reCAPTCHA: from…
Medium
CVE-2025-6041
The yContributors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the 'yContributor…
Medium
CVE-2025-5933
The RD Contacto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the rdWappUpdateDat…
Medium
CVE-2025-5924
The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on…
2025-07-03
Medium
CVE-2025-27454
The application is vulnerable to cross-site request forgery. An attacker can trick a valid, logged in user into submitting a web request that they did not intend. The request uses the victim's browse…
2025-07-02
High
CVE-2025-52841
Cross-Site Request Forgery (CSRF) vulnerability in Laundry on Linux, MacOS allows to perform an Account Takeover. This issue affects Laundry: 2.3.0.
Low
CVE-2025-52463
Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earlier. If this vulnerability is exploited, unintended E-mail may be sent when a user accesses a specia…
High
CVE-2025-6459
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.89. This is due to missing or…
2025-07-01
Medium
CVE-2025-34050
A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of…
Critical
CVE-2025-53095
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery (CSRF) attacks. This vulnerability…
2025-06-29
High
CVE-2025-24289
A Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlier) could allow privilege escalation if an Administrator is t…
Medium
CVE-2025-6865
A vulnerability, which was classified as problematic, was found in DaiCuo up to 1.3.13. This affects an unknown part of the file /admin.php/addon/index. The manipulation leads to cross-site request f…
Medium
CVE-2025-6864
A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to…
2025-06-28
Medium
CVE-2025-5937
The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This…
2025-06-27
Medium
CVE-2025-50370
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mcgs/admin/readenq.php of the Phpgurukul Medical Card Generation System 1.0. The vulnerable endpoint…
Medium
CVE-2025-50369
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/admin/manage-card.php) of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allow…
High
CVE-2025-53338
Cross-Site Request Forgery (CSRF) vulnerability in dor re.place replace allows Stored XSS.This issue affects re.place: from n/a through <= 0.2.1.
High
CVE-2025-53332
Cross-Site Request Forgery (CSRF) vulnerability in ethoseo Track Everything track-everything allows Stored XSS.This issue affects Track Everything: from n/a through <= 2.0.1.
High
CVE-2025-53331
Cross-Site Request Forgery (CSRF) vulnerability in samcharrington RSS Digest rss-digest allows Stored XSS.This issue affects RSS Digest: from n/a through <= 1.5.
High
CVE-2025-53329
Cross-Site Request Forgery (CSRF) vulnerability in szajenw Społecznościowa 6 PL 2013 spolecznosciowa-6-pl-2013 allows Stored XSS.This issue affects Społecznościowa 6 PL 2013: from n/a through <= 2.0.…
Medium
CVE-2025-53327
Cross-Site Request Forgery (CSRF) vulnerability in rui_mashita Aioseo Multibyte Descriptions aioseo-multibyte-descriptions allows Cross Site Request Forgery.This issue affects Aioseo Multibyte Descri…
High
CVE-2025-53317
Cross-Site Request Forgery (CSRF) vulnerability in AcmeeDesign WPShapere - WordPress admin theme wpshapere-lite allows Stored XSS.This issue affects WPShapere - WordPress admin theme: from n/a throug…
High
CVE-2025-53315
Cross-Site Request Forgery (CSRF) vulnerability in alanft Relocate Upload relocate-upload allows Stored XSS.This issue affects Relocate Upload: from n/a through <= 0.24.1.
Critical
CVE-2025-53314
Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer wp-optimizer allows SQL Injection.This issue affects WP Optimizer: from n/a through <= 2.5.0.
High
CVE-2025-53313
Cross-Site Request Forgery (CSRF) vulnerability in plumwd Twitch TV Embed Suite twitch-tv-embed-suite allows Stored XSS.This issue affects Twitch TV Embed Suite: from n/a through <= 2.1.0.
High
CVE-2025-53312
Cross-Site Request Forgery (CSRF) vulnerability in Looks Awesome OnionBuzz onionbuzz-viral-quiz allows Stored XSS.This issue affects OnionBuzz: from n/a through <= 1.0.7.
High
CVE-2025-53311
Cross-Site Request Forgery (CSRF) vulnerability in Amol Nirmala Waman Navayan Subscribe navayan-subscribe allows Stored XSS.This issue affects Navayan Subscribe: from n/a through <= 1.13.
High
CVE-2025-53310
Cross-Site Request Forgery (CSRF) vulnerability in Funnnny HidePost hidepost allows Reflected XSS.This issue affects HidePost: from n/a through <= 2.3.8.
High
CVE-2025-53308
Cross-Site Request Forgery (CSRF) vulnerability in gopi_plus Image Slider With Description image-slider-with-description allows Stored XSS.This issue affects Image Slider With Description: from n/a t…
High
CVE-2025-53305
Cross-Site Request Forgery (CSRF) vulnerability in lucidcrew WP Forum Server forum-server allows Stored XSS.This issue affects WP Forum Server: from n/a through <= 1.8.2.
High
CVE-2025-53277
Cross-Site Request Forgery (CSRF) vulnerability in Infigo Software IS-theme-companion weblizar-companion allows Object Injection.This issue affects IS-theme-companion: from n/a through <= 1.59.
High
CVE-2025-53274
Cross-Site Request Forgery (CSRF) vulnerability in Hossin Asaadi WP Permalink Translator wp-permalink-translator allows Stored XSS.This issue affects WP Permalink Translator: from n/a through <= 1.7.…
Medium
CVE-2025-53273
Cross-Site Request Forgery (CSRF) vulnerability in Slickstream Slickstream slick-engagement allows Cross Site Request Forgery.This issue affects Slickstream: from n/a through <= 2.0.3.
Medium
CVE-2025-53272
Cross-Site Request Forgery (CSRF) vulnerability in opicron Image Cleanup image-cleanup allows Cross Site Request Forgery.This issue affects Image Cleanup: from n/a through <= 1.9.2.
High
CVE-2025-53271
Cross-Site Request Forgery (CSRF) vulnerability in Anton Bond Additional Order Filters for WooCommerce additional-order-filters-for-woocommerce allows Stored XSS.This issue affects Additional Order F…
Medium
CVE-2025-53270
Cross-Site Request Forgery (CSRF) vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Cross Site Request Forgery.This issue affects WordPress CTA: from n/a through <= 1.7.0.
Medium
CVE-2025-53269
Cross-Site Request Forgery (CSRF) vulnerability in imw3 My Wp Brand my-wp-brand allows Cross Site Request Forgery.This issue affects My Wp Brand: from n/a through <= 1.1.3.
Medium
CVE-2025-53268
Cross-Site Request Forgery (CSRF) vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Cross Site Request Forgery.This issue affects Import external attachment…
Medium
CVE-2025-53267
Cross-Site Request Forgery (CSRF) vulnerability in Aftab Husain Hide Admin Bar From Front End hide-admin-bar-from-front-end allows Cross Site Request Forgery.This issue affects Hide Admin Bar From Fr…
Medium
CVE-2025-53265
Cross-Site Request Forgery (CSRF) vulnerability in Virusdie Virusdie virusdie allows Cross Site Request Forgery.This issue affects Virusdie: from n/a through <= 1.1.3.
Medium
CVE-2025-53264
Cross-Site Request Forgery (CSRF) vulnerability in Konrád Koller ONet Regenerate Thumbnails onet-regenerate-thumbnails allows Cross Site Request Forgery.This issue affects ONet Regenerate Thumbnails:…
Medium
CVE-2025-53263
Cross-Site Request Forgery (CSRF) vulnerability in PluginsCafe Address Autocomplete via Google for Gravity Forms gf-google-address-autocomplete allows Cross Site Request Forgery.This issue affects Ad…
Medium
CVE-2025-53262
Cross-Site Request Forgery (CSRF) vulnerability in Writesonic Writesonic writesonic allows Cross Site Request Forgery.This issue affects Writesonic: from n/a through <= 1.0.5.
Medium
CVE-2025-53261
Cross-Site Request Forgery (CSRF) vulnerability in macbookandrew WP YouTube Live wp-youtube-live allows Cross Site Request Forgery.This issue affects WP YouTube Live: from n/a through <= 1.10.0.
Medium
CVE-2025-53254
Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Cyrlitera cyrlitera allows Cross Site Request Forgery.This issue affects Cyrlitera: from n/a through <= 1.3.0.
Medium
CVE-2025-53203
Cross-Site Request Forgery (CSRF) vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Cross Site Request Forgery.This issue affects WooCommerce PDF Invoice Buil…
Medium
CVE-2025-53197
Cross-Site Request Forgery (CSRF) vulnerability in cookiebot Cookiebot cookiebot allows Cross Site Request Forgery.This issue affects Cookiebot: from n/a through <= 4.5.8.
Medium
CVE-2025-53193
Cross-Site Request Forgery (CSRF) vulnerability in Burst Statistics B.V. Burst Statistics burst-statistics allows Cross Site Request Forgery.This issue affects Burst Statistics: from n/a through <= 2…
Medium
CVE-2025-32281
Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite: from n/a through <= 1.2.8.
Medium
CVE-2025-5936
The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar(…
2025-06-26
High
CVE-2025-48921
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13.
Medium
CVE-2025-48497
Cross-site request forgery vulnerability exists in iroha Board versions v0.10.12 and earlier. If a user accesses a specially crafted URL while being logged in to the affected product, arbitrary learn…
Medium
CVE-2025-5932
The Homerunner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.30. This is due to missing or incorrect nonce validation on the main_settings…
2025-06-25
Medium
CVE-2025-6664
A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forger…
Medium
CVE-2025-50179
Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to…
2025-06-23
Low
CVE-2025-52968
xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handle…
2025-06-22
Medium
CVE-2025-6478
A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site requ…
Medium
CVE-2025-6476
A vulnerability was found in SourceCodester Gym Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It…
2025-06-20
High
CVE-2024-4994
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which al…
High
CVE-2025-52825
Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Privilege Escalation.This issue affects Real Estate Manager: from n/a through <= 7.3.
High
CVE-2025-52795
Cross-Site Request Forgery (CSRF) vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Cross Site Request Forgery.This issue affects WP Front User Submit / Front Editor:…
High
CVE-2025-52794
Cross-Site Request Forgery (CSRF) vulnerability in Creative-Solutions Creative Contact Form sexy-contact-form allows Stored XSS.This issue affects Creative Contact Form: from n/a through <= 1.0.0.
High
CVE-2025-52793
Cross-Site Request Forgery (CSRF) vulnerability in Esselink.nu Esselink.nu Settings esselinknu-settings allows Reflected XSS.This issue affects Esselink.nu Settings: from n/a through <= 4.5.
High
CVE-2025-52792
Cross-Site Request Forgery (CSRF) vulnerability in vgstef WP User Stylesheet Switcher wp-user-stylesheet-switcher allows Stored XSS.This issue affects WP User Stylesheet Switcher: from n/a through <=…
High
CVE-2025-52791
Cross-Site Request Forgery (CSRF) vulnerability in devfelixmoira Knowledge Base – Knowledge Base Maker knowledge-base-maker allows Stored XSS.This issue affects Knowledge Base – Knowledge Base Maker:…
High
CVE-2025-52790
Cross-Site Request Forgery (CSRF) vulnerability in r-win WP-DownloadCounter wp-downloadcounter allows Stored XSS.This issue affects WP-DownloadCounter: from n/a through <= 1.01.
High
CVE-2025-52789
Cross-Site Request Forgery (CSRF) vulnerability in George Lewe Lewe ChordPress chordpress allows Stored XSS.This issue affects Lewe ChordPress: from n/a through <= 4.0.1.
High
CVE-2025-52784
Cross-Site Request Forgery (CSRF) vulnerability in hideoguchi Bluff Post bluff-post allows Stored XSS.This issue affects Bluff Post: from n/a through <= 1.1.1.
High
CVE-2025-52783
Cross-Site Request Forgery (CSRF) vulnerability in themelocation Change Cart button Colors WooCommerce wc-style allows Stored XSS.This issue affects Change Cart button Colors WooCommerce: from n/a th…
High
CVE-2025-52781
Cross-Site Request Forgery (CSRF) vulnerability in Beee TinyNav tinynav allows Stored XSS.This issue affects TinyNav: from n/a through <= 1.4.
High
CVE-2025-52780
Cross-Site Request Forgery (CSRF) vulnerability in Mohammad Parsa Logo Manager For Samandehi samandehi-logo-manager allows Stored XSS.This issue affects Logo Manager For Samandehi: from n/a through <…
High
CVE-2025-52772
Cross-Site Request Forgery (CSRF) vulnerability in Adnan Haque (a11n) Virtual Moderator allows Cross-Site Scripting (XSS). This issue affects Virtual Moderator: from n/a through 1.4.
Medium
CVE-2025-52711
Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldG…
Medium
CVE-2025-50044
Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Cross Site Request Forgery.This issue affects Real Estate Manager: from n/a through <= 7…
Medium
CVE-2025-50036
Cross-Site Request Forgery (CSRF) vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows Cross Site Request Forgery.This issue affects Mailing Group Listserv: from n/a through…
Medium
CVE-2025-49977
Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Cross Site Request Forgery.This issue affects WP Inventory Manager: from n/a through <…
Medium
CVE-2025-49975
Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP jobwp allows Cross Site Request Forgery.This issue affects JobWP: from n/a through <= 2.4.0.
Medium
CVE-2025-49972
Cross-Site Request Forgery (CSRF) vulnerability in David Wood TM Replace Howdy tm-replace-howdy allows Cross Site Request Forgery.This issue affects TM Replace Howdy: from n/a through <= 1.4.2.
Medium
CVE-2025-49968
Cross-Site Request Forgery (CSRF) vulnerability in Oganro XML Travel Portal Widget oganro-reservation-widget allows Cross Site Request Forgery.This issue affects XML Travel Portal Widget: from n/a th…
Medium
CVE-2025-49967
Cross-Site Request Forgery (CSRF) vulnerability in marcusjansen Live Sports Streamthunder live-sports-streamthunder allows Cross Site Request Forgery.This issue affects Live Sports Streamthunder: fro…
Medium
CVE-2025-49966
Cross-Site Request Forgery (CSRF) vulnerability in Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API oganro-travel-portal-search-widget-for-hotelbeds-apitude-api allows Cross Site R…
Medium
CVE-2025-49965
Cross-Site Request Forgery (CSRF) vulnerability in Oganro PixelBeds Channel Manager and Hotel Booking Engine pixelbeds-channel-manager-booking-engine allows Cross Site Request Forgery.This issue affe…
Medium
CVE-2025-49964
Cross-Site Request Forgery (CSRF) vulnerability in indgeek ClipLink cliplink allows Cross Site Request Forgery.This issue affects ClipLink: from n/a through <= 1.1.
Medium
CVE-2025-6341
A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The…
2025-06-19
Medium
CVE-2025-6284
A vulnerability was found in PHPGurukul Car Rental Portal 3.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The…
2025-06-18
Medium
CVE-2024-54172
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute mali…
2025-06-17
Medium
CVE-2025-49865
Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Cross Site Request Forgery.This issue affects Advanced Settings: from n/a through <= 3.0.1.
Medium
CVE-2025-49856
Cross-Site Request Forgery (CSRF) vulnerability in CyberChimps Responsive Plus responsive-add-ons allows Cross Site Request Forgery.This issue affects Responsive Plus: from n/a through <= 3.2.2.