Medium
CVE-2025-3867
The Ajax Comment Form CST plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation via the 'acf…
Tag: Cross-Site Request Forgery (CSRF)
All CVEs associated with "Cross-Site Request Forgery (CSRF)". Page 14/80 • 9568 CVEs.
Subscribe CVEs: RSS for “Cross-Site Request Forgery (CSRF)” · RSS (High+Critical only)
About “Cross-Site Request Forgery (CSRF)”
A curated feed of “Cross-Site Request Forgery (CSRF)”-related CVEs appears below. We currently track 9568 CVEs for this tag (all time). In the last 365 days, 1403 were published. Average CVSS is 6.4 (all time; 5.6 over 365d), and 37% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-352 - Cross-Site Request Forgery (CSRF), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-04-25
Medium
CVE-2025-3866
The Add Google +1 (Plus one) social share Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonc…
Medium
CVE-2025-46547
In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL…
2025-04-24
High
CVE-2025-46530
Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Attachment hacklog-remote-attachment allows Stored XSS.This issue affects Hacklog Remote Attachment: from n/a through…
High
CVE-2025-46528
Cross-Site Request Forgery (CSRF) vulnerability in Steve Availability Calendar availability allows Stored XSS.This issue affects Availability Calendar: from n/a through <= 0.2.4.
High
CVE-2025-46524
Cross-Site Request Forgery (CSRF) vulnerability in stesvis WP Filter Post Category wp-filter-post-categories allows Stored XSS.This issue affects WP Filter Post Category: from n/a through <= 2.1.4.
High
CVE-2025-46522
Cross-Site Request Forgery (CSRF) vulnerability in Billy Bryant Tabs gt-tabs allows Stored XSS.This issue affects Tabs: from n/a through <= 4.0.3.
High
CVE-2025-46520
Cross-Site Request Forgery (CSRF) vulnerability in alphasis Related Posts via Taxonomies related-posts-via-taxonomies allows Stored XSS.This issue affects Related Posts via Taxonomies: from n/a throu…
High
CVE-2025-46516
Cross-Site Request Forgery (CSRF) vulnerability in silencecm Twitter Card Generator twitter-card-generator allows Stored XSS.This issue affects Twitter Card Generator: from n/a through <= 1.0.5.
High
CVE-2025-46514
Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery Automatic Popup milat-jquery-automatic-popup allows Stored XSS.This issue affects Milat jQuery Automatic Popup: from n/a through…
Medium
CVE-2025-46513
Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite aio-time-clock-lite allows Cross Site Request Forgery.This issue affects All in One Time Clock Lite: from n/a…
High
CVE-2025-46512
Cross-Site Request Forgery (CSRF) vulnerability in Shamim Hasan Custom Functions Plugin custom-functions allows Stored XSS.This issue affects Custom Functions Plugin: from n/a through <= 1.1.
High
CVE-2025-46510
Cross-Site Request Forgery (CSRF) vulnerability in harrysudana Contact Form 7 Calendar cf7-calendar allows Stored XSS.This issue affects Contact Form 7 Calendar: from n/a through <= 3.0.1.
High
CVE-2025-46508
Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao Advanced lazy load advanced-lazy-load allows Stored XSS.This issue affects Advanced lazy load: from n/a through <= 1.6.0.
High
CVE-2025-46507
Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimetypes unsafe-mimetypes allows Stored XSS.This issue affects Unsafe Mimetypes: from n/a through <= 0.1.4.
High
CVE-2025-46506
Cross-Site Request Forgery (CSRF) vulnerability in Lora77 WpZon – Amazon Affiliate Plugin wpzon allows Reflected XSS.This issue affects WpZon – Amazon Affiliate Plugin: from n/a through <= 1.3.
High
CVE-2025-46504
Cross-Site Request Forgery (CSRF) vulnerability in Olar Marius Vasaio QR Code vasaio-qr-code allows Stored XSS.This issue affects Vasaio QR Code: from n/a through <= 1.2.5.
High
CVE-2025-46502
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Matthee LSD Custom taxonomy and category meta custom-taxonomy-category-and-term-fields allows…
Medium
CVE-2025-46498
Cross-Site Request Forgery (CSRF) vulnerability in nghialuu Zalo Official Live Chat zalo-official-live-chat allows Cross Site Request Forgery.This issue affects Zalo Official Live Chat: from n/a thro…
High
CVE-2025-46497
Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics navegg allows Stored XSS.This issue affects Navegg Analytics: from n/a through <= 3.3.3.
Medium
CVE-2025-46495
Cross-Site Request Forgery (CSRF) vulnerability in tomontoast Drop Caps drop-caps allows Stored XSS.This issue affects Drop Caps: from n/a through <= 2.1.
High
CVE-2025-46492
Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog call-now-coccoc-pht-blog allows Stored XSS.This issue affects Call Now PHT Blog: from n/a through <= 2.4.1.
High
CVE-2025-46466
Cross-Site Request Forgery (CSRF) vulnerability in felixtz Modern Polls modern-polls allows Stored XSS.This issue affects Modern Polls: from n/a through <= 1.0.10.
High
CVE-2025-46465
Cross-Site Request Forgery (CSRF) vulnerability in John Weissberg Print Science Designer print-science-designer allows Stored XSS.This issue affects Print Science Designer: from n/a through <= 1.3.15…
Medium
CVE-2025-46462
Cross-Site Request Forgery (CSRF) vulnerability in Trân Minh-Quân WPVN wpvn-username-changer allows Cross Site Request Forgery.This issue affects WPVN: from n/a through <= 0.7.8.
High
CVE-2025-46457
Cross-Site Request Forgery (CSRF) vulnerability in Ahsanullah Akanda Wp Custom CMS Block wp-custom-cms-block allows Stored XSS.This issue affects Wp Custom CMS Block: from n/a through <= 2.1.
High
CVE-2025-46452
Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News allows Stored XSS. This issue affects Google News: from n/a through 2.5.1.
High
CVE-2025-46450
Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan occupancyplan allows Stored XSS.This issue affects occupancyplan: from n/a through <= 1.0.3.0.
High
CVE-2025-46442
Cross-Site Request Forgery (CSRF) vulnerability in Casey Johnson Loan Calculator repayment-calculator allows Stored XSS.This issue affects Loan Calculator: from n/a through <= 1.3.
High
CVE-2025-46439
Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Plugin Central plugin-central allows Path Traversal.This issue affects Plugin Central: from n/a through <= 2.5.1.
Medium
CVE-2025-46436
Cross-Site Request Forgery (CSRF) vulnerability in Sebastian Echeverry SCSS-Library scss-library allows Cross Site Request Forgery.This issue affects SCSS-Library: from n/a through <= 0.4.1.
High
CVE-2025-46435
Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting time-based-greeting allows Stored XSS.This issue affects Time Based Greeting: from n/a through <= 2.2.2.
High
CVE-2025-39381
Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This issue affects KiotViet Sync: from n/a through 1.8.4.
2025-04-23
Medium
CVE-2025-3907
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9.
2025-04-22
Medium
CVE-2025-31328
SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. GET-based OData function is…
High
CVE-2025-46251
Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants vikrestaurants allows Cross Site Request Forgery.This issue affects VikRestaurants: from n/a through <= 1.3.3.
Medium
CVE-2025-46249
Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor simple-calendar-for-elementor allows Cross Site Request Forgery.This issue affects Simple calendar for Element…
Medium
CVE-2025-46246
Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers cm-answers allows Cross Site Request Forgery.This issue affects CM Answers: from n/a through <= 3.3.3.
Medium
CVE-2025-46245
Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer cm-ad-changer allows Cross Site Request Forgery.This issue affects CM Ad Changer: from n/a through <= 2.0.5.
Medium
CVE-2025-46243
Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce recover-wc-abandoned-cart allows Cross Site Request Forgery.This issue affects Recover abandoned…
High
CVE-2025-46241
Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a…
Medium
CVE-2025-46231
Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit affiliate-toolkit-starter allows Cross Site Request Forgery.This issue affects affiliate-toolkit: from n…
2025-04-21
Medium
CVE-2025-3843
A vulnerability was found in panhainan DS-Java 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to lau…
2025-04-19
Medium
CVE-2025-3808
A vulnerability has been found in zhenfeng13 My-BBS 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be…
High
CVE-2025-2111
The Insert Headers And Footers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on th…
Medium
CVE-2025-3284
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.…
2025-04-18
Medium
CVE-2025-28355
Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attr…
2025-04-17
Medium
CVE-2025-29722
A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue exists due to missing CSRF protection on sensitive endpoint…
High
CVE-2025-39455
Cross-Site Request Forgery (CSRF) vulnerability in IP2Location IP2Location Variables ip2location-variables allows Reflected XSS.This issue affects IP2Location Variables: from n/a through <= 2.9.5.
Medium
CVE-2025-39453
Cross-Site Request Forgery (CSRF) vulnerability in algol.plus Advanced Dynamic Pricing for WooCommerce advanced-dynamic-pricing-for-woocommerce allows Cross Site Request Forgery.This issue affects Ad…
Medium
CVE-2025-39443
Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D verge3d allows Cross Site Request Forgery.This issue affects Verge3D: from n/a through <= 4.9.0.
High
CVE-2025-39442
Cross-Site Request Forgery (CSRF) vulnerability in MessageMetric Review Wave – Google Places Reviews review-wave-google-places-reviews allows Stored XSS.This issue affects Review Wave – Google Places…
High
CVE-2025-39441
Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Dashboard Notepads dashboard-notepads allows Stored XSS.This issue affects Dashboard Notepads: from n/a through <= 1.2.1.
High
CVE-2025-39440
Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover broken-links-remover allows Stored XSS.This issue affects Broken Links Remover: from n/a through <= 1.2.2.
Medium
CVE-2025-39438
Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer theme-changer allows Cross Site Request Forgery.This issue affects Theme Changer: from n/a through <= 1.4.
Medium
CVE-2025-39437
Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize anthologize allows Cross Site Request Forgery.This issue affects Anthologize: from n/a through <= 0.8.3.
High
CVE-2025-39435
Cross-Site Request Forgery (CSRF) vulnerability in davidfcarr My Marginalia my-marginalia allows Stored XSS.This issue affects My Marginalia: from n/a through <= 1.0.6.
High
CVE-2025-39433
Cross-Site Request Forgery (CSRF) vulnerability in beke_ro Bknewsticker bknewsticker allows Stored XSS.This issue affects Bknewsticker: from n/a through <= 1.0.5.
High
CVE-2025-39431
Cross-Site Request Forgery (CSRF) vulnerability in Aaron Forgue Amazon Showcase WordPress Plugin amazon-showcase-wordpress-widget allows Stored XSS.This issue affects Amazon Showcase WordPress Plugin…
High
CVE-2025-39430
Cross-Site Request Forgery (CSRF) vulnerability in Alexander Rauscha mLanguage mlanguage allows Stored XSS.This issue affects mLanguage: from n/a through <= 1.6.1.
Medium
CVE-2025-39426
Cross-Site Request Forgery (CSRF) vulnerability in illow illow – Cookies Consent lgpd-compliant-cookie-banner allows Cross Site Request Forgery.This issue affects illow – Cookies Consent: from n/a th…
Medium
CVE-2025-39425
Cross-Site Request Forgery (CSRF) vulnerability in pixelgrade Style Manager style-manager allows Cross Site Request Forgery.This issue affects Style Manager: from n/a through <= 2.2.7.
High
CVE-2025-39424
Cross-Site Request Forgery (CSRF) vulnerability in simplemaps Simple Maps interactive-maps allows Stored XSS.This issue affects Simple Maps: from n/a through <= 0.98.
High
CVE-2025-39423
Cross-Site Request Forgery (CSRF) vulnerability in Jenst Add to Header add-to-header allows Stored XSS.This issue affects Add to Header: from n/a through <= 1.0.
High
CVE-2025-39422
Cross-Site Request Forgery (CSRF) vulnerability in PResponsive WP Social Bookmarking wp-social-bookmarking allows Stored XSS.This issue affects WP Social Bookmarking: from n/a through <= 3.6.
High
CVE-2025-39421
Cross-Site Request Forgery (CSRF) vulnerability in Mustafa KUCUK WP Sticky Side Buttons wp-sticky-side-buttons allows Stored XSS.This issue affects WP Sticky Side Buttons: from n/a through <= 2.1.
High
CVE-2025-39419
Cross-Site Request Forgery (CSRF) vulnerability in David Miller Revision Diet revision-diet allows Stored XSS.This issue affects Revision Diet: from n/a through <= 1.0.1.
High
CVE-2025-39418
Cross-Site Request Forgery (CSRF) vulnerability in ajayver RSS Manager rss-manager allows Stored XSS.This issue affects RSS Manager: from n/a through <= 0.06.
High
CVE-2025-39417
Cross-Site Request Forgery (CSRF) vulnerability in Eslam Mahmoud Redirect wordpress to welcome or landing page redirect-to-welcome-or-landing-page allows Stored XSS.This issue affects Redirect wordpr…
High
CVE-2025-39416
Cross-Site Request Forgery (CSRF) vulnerability in Ichi translit it! translit-it allows Stored XSS.This issue affects translit it!: from n/a through <= 1.6.
High
CVE-2025-39415
Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links social-media-links allows Stored XSS.This issue affects Social Media Links: from n/a through <= 1.0.3.
High
CVE-2025-39414
Cross-Site Request Forgery (CSRF) vulnerability in Mike spam-stopper spam-stopper allows Stored XSS.This issue affects spam-stopper: from n/a through <= 3.1.3.
High
CVE-2025-32655
Cross-Site Request Forgery (CSRF) vulnerability in DevriX Restrict User Registration restrict-user-registration allows Stored XSS.This issue affects Restrict User Registration: from n/a through <= 1.…
High
CVE-2025-32606
Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Listings for Buildium listings-for-buildium allows Stored XSS.This issue affects Listings for Buildium: from n/a through <= 0.1.5.
High
CVE-2025-32546
Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through <…
High
CVE-2025-32545
Cross-Site Request Forgery (CSRF) vulnerability in SOFTAGON WooCommerce Products without featured images woocommerce-products-without-featured-images allows Reflected XSS.This issue affects WooCommer…
2025-04-16
Medium
CVE-2025-39472
Cross-Site Request Forgery (CSRF) vulnerability in wpweb WooCommerce Social Login woo-social-login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a through < 2.…
Critical
CVE-2025-39601
Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP custom-css allows Remote Code Inclusion.This issue affects Custom CSS, JS & PHP: from n/a through <= 2.4.1.
Medium
CVE-2025-39600
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for WooCommerce and QuickBooks wp-woocommerce-quickbooks allows Cross Site Request Forgery.This issue affects Integration for…
Medium
CVE-2025-39593
Cross-Site Request Forgery (CSRF) vulnerability in EverAccounting Ever Accounting wp-ever-accounting allows Cross Site Request Forgery.This issue affects Ever Accounting: from n/a through <= 2.1.5.
Medium
CVE-2025-39564
Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Shipping for WooCommerce conditional-shipping-for-woocommerce allows Cross Site Request Forgery.This issue affects Conditional S…
Medium
CVE-2025-39563
Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Payments for WooCommerce conditional-payments-for-woocommerce allows Cross Site Request Forgery.This issue affects Conditional P…
High
CVE-2025-39548
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Right Click Disable OR Ban right-click-disable-or-ban allows Stored XSS.This issue affects Right Click Disable OR Ban: from n/a through <=…
High
CVE-2025-39547
Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Internal Link Optimiser internal-link-finder allows Stored XSS.This issue affects Internal Link Optimiser: from n/a through <= 5.1.3.
Medium
CVE-2025-39546
Cross-Site Request Forgery (CSRF) vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite allows Cross Site Request Forgery.This issue affects ElementsReady Addons for Elem…
High
CVE-2025-39544
Cross-Site Request Forgery (CSRF) vulnerability in sminozzi WP Tools wptools allows Path Traversal.This issue affects WP Tools: from n/a through <= 5.18.
High
CVE-2025-39530
Cross-Site Request Forgery (CSRF) vulnerability in dsky Site Search 360 site-search-360 allows Stored XSS.This issue affects Site Search 360: from n/a through <= 2.1.8.
Medium
CVE-2025-39517
Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Basic Interactive World Map basic-interactive-world-map allows Cross Site Request Forgery.This issue affects Basic Interactive World…
Medium
CVE-2025-39512
Cross-Site Request Forgery (CSRF) vulnerability in Yuya Hoshino Bulk Term Editor bulk-term-editor allows Cross Site Request Forgery.This issue affects Bulk Term Editor: from n/a through <= 1.1.4.
Medium
CVE-2025-3687
A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Affected by this issue is some unknown functionality of the component Sticky Notes Handler. The manipulati…
Medium
CVE-2024-13452
The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.29. This is due to missing or incorrect nonce validation on a…
2025-04-15
Critical
CVE-2025-30967
Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a.
Medium
CVE-2025-26903
Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery inpost-gallery allows Cross Site Request Forgery.This issue affects InPost Gallery: from n/a through <= 2.1.4.3.
High
CVE-2025-26748
Cross-Site Request Forgery (CSRF) vulnerability in looswebstudio Arkhe arkhe allows PHP Local File Inclusion.This issue affects Arkhe: from n/a through <= 3.12.0.
Medium
CVE-2025-24358
gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist…
Medium
CVE-2025-30965
Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Cross Site Request Forgery. This issue affects WPJobBoard: from n/a through n/a.
2025-04-14
High
CVE-2025-27009
Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Stored XSS.This issue affects My auctions allegro: from n/a through <= 3.6.33.
Medium
CVE-2025-3561
A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible…
Medium
CVE-2025-3557
A vulnerability, which was classified as problematic, has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this issue is some unknown functionality. The manipulation leads to cr…
2025-04-12
Medium
CVE-2024-13338
The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is d…
Medium
CVE-2024-13337
The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is d…
Medium
CVE-2025-2871
The WordPress Mega Menu – QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation o…
2025-04-10
Medium
CVE-2025-32282
Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics googleanalytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through <=…
2025-04-09
Medium
CVE-2025-26902
Cross-Site Request Forgery (CSRF) vulnerability in Brizy Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro: from n/a through 2.6.1.
Medium
CVE-2025-3131
Cross-Site Request Forgery (CSRF) vulnerability in Drupal ECA: Event - Condition - Action allows Cross Site Request Forgery.This issue affects ECA: Event - Condition - Action: from 0.0.0 before 1.1.1…
Medium
CVE-2025-32679
Cross-Site Request Forgery (CSRF) vulnerability in ZealousWeb User Registration Using Contact Form 7 user-registration-using-contact-form-7 allows Cross Site Request Forgery.This issue affects User R…
Medium
CVE-2025-32678
Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Show Stats wp-show-stats allows Cross Site Request Forgery.This issue affects WP Show Stats: from n/a through <= 1.5.
High
CVE-2025-32673
Cross-Site Request Forgery (CSRF) vulnerability in epeken Epeken All Kurir epeken-all-kurir allows Stored XSS.This issue affects Epeken All Kurir: from n/a through <= 2.0.6.
High
CVE-2025-32669
Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack mergado-marketing-pack allows Stored XSS.This issue affects Mergado Pack: from n/a through <= 4.2.1.
High
CVE-2025-32667
Cross-Site Request Forgery (CSRF) vulnerability in fromdoppler Doppler Forms doppler-form allows Stored XSS.This issue affects Doppler Forms: from n/a through <= 2.5.1.
High
CVE-2025-32664
Cross-Site Request Forgery (CSRF) vulnerability in ashokbasnet Nepali Date Utilities nepali-date-utilities allows Stored XSS.This issue affects Nepali Date Utilities: from n/a through <= 1.0.15.
High
CVE-2025-32661
Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive US Map interactive-us-map allows Stored XSS.This issue affects Interactive US Map: from n/a through <= 2.7.
High
CVE-2025-32659
Cross-Site Request Forgery (CSRF) vulnerability in fraudlabspro FraudLabs Pro for WooCommerce fraudlabs-pro-for-woocommerce allows Stored XSS.This issue affects FraudLabs Pro for WooCommerce: from n/…
High
CVE-2025-32645
Cross-Site Request Forgery (CSRF) vulnerability in Hiren Patel Custom Posts Order custom-posts-order allows Stored XSS.This issue affects Custom Posts Order: from n/a through <= 4.4.
High
CVE-2025-32644
Cross-Site Request Forgery (CSRF) vulnerability in IP2Location IP2Location World Clock ip2location-world-clock allows Stored XSS.This issue affects IP2Location World Clock: from n/a through <= 1.1.9.
Critical
CVE-2025-32642
Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon vite-coupon allows Remote Code Inclusion.This issue affects Vite Coupon: from n/a through <= 1.0.9.
Critical
CVE-2025-32641
Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Cross Site Request Forgery.This issue affects Anant Addons for Elementor: f…
High
CVE-2025-32624
Missing Authorization vulnerability in czater Czater.pl – live chat i telefon czater allows Cross Site Request Forgery.This issue affects Czater.pl – live chat i telefon: from n/a through <= 1.0.5.
High
CVE-2025-32623
Cross-Site Request Forgery (CSRF) vulnerability in plainware PlainInventory z-inventory-manager allows Stored XSS.This issue affects PlainInventory: from n/a through <= 3.1.9.
High
CVE-2025-32621
Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital WP Map Route Planner wp-map-route-planner allows Cross Site Request Forgery.This issue affects WP Map Route Planner: from n/a through…