Critical
CVE-2025-25379
Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component.
Tag: Cross-Site Request Forgery (CSRF)
All CVEs associated with "Cross-Site Request Forgery (CSRF)". Page 18/80 • 9568 CVEs.
Subscribe CVEs: RSS for “Cross-Site Request Forgery (CSRF)” · RSS (High+Critical only)
About “Cross-Site Request Forgery (CSRF)”
A curated feed of “Cross-Site Request Forgery (CSRF)”-related CVEs appears below. We currently track 9568 CVEs for this tag (all time). In the last 365 days, 1403 were published. Average CVSS is 6.4 (all time; 5.6 over 365d), and 37% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-352 - Cross-Site Request Forgery (CSRF), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-02-28
Medium
CVE-2025-1506
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.0. This is due to missing or incorrect nonce…
Medium
CVE-2025-0801
The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on the 'rma…
High
CVE-2025-1687
The Cardealer theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.4. This is due to missing nonce validation on the 'update_user_profile' function. T…
2025-02-27
Medium
CVE-2025-1745
A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. This vulnerability affects unknown code of the component Logout. The manipulation leads to cross-site request f…
Medium
CVE-2024-0392
A Cross-Site Request Forgery (CSRF) vulnerability exists in the management console of WSO2 Enterprise Integrator 6.6.0 due to the absence of CSRF token validation. This flaw allows attackers to craft…
Medium
CVE-2024-13647
The School Management System – SakolaWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validat…
2025-02-26
Medium
CVE-2025-26925
Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager allows Cross Site Request Forgery.This issue affects Admin Menu Manager: from n/a through 1.0.3.
Medium
CVE-2024-13560
The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing or incorrect nonce vali…
2025-02-25
Medium
CVE-2025-26963
Cross-Site Request Forgery (CSRF) vulnerability in ClickWhale ClickWhale clickwhale allows Cross Site Request Forgery.This issue affects ClickWhale: from n/a through <= 2.4.3.
High
CVE-2025-26931
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Tribulant Gallery Voting gallery-voting allows Stored XSS.This issue affects Tribulant Gallery Voting: from n/a through <= 1.2.1.
Medium
CVE-2025-26926
Cross-Site Request Forgery (CSRF) vulnerability in fs-code Booknetic booknetic.This issue affects Booknetic: from n/a through <= 4.0.9.
Medium
CVE-2024-13494
The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing or incorrect nonce validation on the 'w…
Medium
CVE-2025-1644
A vulnerability classified as problematic has been found in Benner ModernaNet up to 1.2.0. Affected is an unknown function of the file /DadosPessoais/SG_Gravar. The manipulation of the argument idItA…
Medium
CVE-2025-1643
A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been rated as problematic. This issue affects some unknown processing of the file /DadosPessoais/SG_AlterarSenha. The manipulation l…
2025-02-24
Medium
CVE-2025-27357
Cross-Site Request Forgery (CSRF) vulnerability in Musa AVCI Önceki Yazı Link onceki-yazi-linki allows Cross Site Request Forgery.This issue affects Önceki Yazı Link: from n/a through <= 1.3.
High
CVE-2025-27355
Cross-Site Request Forgery (CSRF) vulnerability in Nicolas GRILLET Woocommerce – Loi Hamon loi-hamon allows Stored XSS.This issue affects Woocommerce – Loi Hamon: from n/a through <= 1.1.0.
Medium
CVE-2025-27353
Cross-Site Request Forgery (CSRF) vulnerability in Bob Namaste! LMS namaste-lms allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through <= 2.6.5.
Medium
CVE-2025-27344
Cross-Site Request Forgery (CSRF) vulnerability in filipstepanov Phee's LinkPreview linkpreview allows Cross Site Request Forgery.This issue affects Phee's LinkPreview: from n/a through <= 1.6.7.
Medium
CVE-2025-27342
Cross-Site Request Forgery (CSRF) vulnerability in josesan WooCommerce Recargo de Equivalencia woo-recargo-de-equivalencia allows Cross Site Request Forgery.This issue affects WooCommerce Recargo de…
Medium
CVE-2025-27340
Cross-Site Request Forgery (CSRF) vulnerability in Forge12 Interactive GmbH F12-Profiler f12-profiler allows Cross Site Request Forgery.This issue affects F12-Profiler: from n/a through <= 1.3.9.
Medium
CVE-2025-27339
Cross-Site Request Forgery (CSRF) vulnerability in Will Anderson Minimum Password Strength minimum-password-strength allows Cross Site Request Forgery.This issue affects Minimum Password Strength: fr…
Medium
CVE-2025-27336
Cross-Site Request Forgery (CSRF) vulnerability in Alex Prokopenko / JustCoded Just Variables just-wp-variables allows Cross Site Request Forgery.This issue affects Just Variables: from n/a through <…
Medium
CVE-2025-27335
Cross-Site Request Forgery (CSRF) vulnerability in Free plug in by SEO Roma Auto Tag Links auto-tag-links allows Cross Site Request Forgery.This issue affects Auto Tag Links: from n/a through <= 1.0.…
High
CVE-2025-27332
Cross-Site Request Forgery (CSRF) vulnerability in gmnazmul Smart Maintenance & Countdown smart-maintenance-countdown allows Stored XSS.This issue affects Smart Maintenance & Countdown: from n/a thro…
Medium
CVE-2025-27328
Cross-Site Request Forgery (CSRF) vulnerability in queeez WP-PostRatings Cheater wp-postratings-cheater allows Cross Site Request Forgery.This issue affects WP-PostRatings Cheater: from n/a through <…
High
CVE-2025-27321
Cross-Site Request Forgery (CSRF) vulnerability in Blighty Blightly Explorer blighty-explorer allows Stored XSS.This issue affects Blightly Explorer: from n/a through <= 2.3.0.
Medium
CVE-2025-27318
Cross-Site Request Forgery (CSRF) vulnerability in ixiter Simple Google Sitemap simple-google-sitemap allows Cross Site Request Forgery.This issue affects Simple Google Sitemap: from n/a through <= 1…
Medium
CVE-2025-27317
Cross-Site Request Forgery (CSRF) vulnerability in IT-RAYS RAYS Grid rays-grid allows Cross Site Request Forgery.This issue affects RAYS Grid: from n/a through <= 1.3.1.
Medium
CVE-2025-27316
Cross-Site Request Forgery (CSRF) vulnerability in hosting.io JPG, PNG Compression and Optimization wp-image-compression allows Cross Site Request Forgery.This issue affects JPG, PNG Compression and…
Medium
CVE-2025-27315
Cross-Site Request Forgery (CSRF) vulnerability in wptom All-In-One Cufon all-in-one-cufon allows Cross Site Request Forgery.This issue affects All-In-One Cufon: from n/a through <= 1.3.0.
Medium
CVE-2025-27311
Cross-Site Request Forgery (CSRF) vulnerability in luk3thomas Bulk Content Creator bulk-content-creator allows Cross Site Request Forgery.This issue affects Bulk Content Creator: from n/a through <=…
High
CVE-2025-27298
Cross-Site Request Forgery (CSRF) vulnerability in cmstactics WP Video Posts wp-video-posts allows OS Command Injection.This issue affects WP Video Posts: from n/a through <= 3.5.1.
Medium
CVE-2025-27290
Cross-Site Request Forgery (CSRF) vulnerability in seyyed-amir Erima Zarinpal Donate erima-zarinpal-donate allows Cross Site Request Forgery.This issue affects Erima Zarinpal Donate: from n/a through…
High
CVE-2025-27277
Cross-Site Request Forgery (CSRF) vulnerability in tiefpunkt Add Linked Images To Gallery add-linked-images-to-gallery-v01 allows Cross Site Request Forgery.This issue affects Add Linked Images To Ga…
High
CVE-2025-27276
Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Photo Gallery ( Responsive ) photo-gallery-pearlbells allows Privilege Escalation.This issue affects Photo Gallery ( Responsive ): from n/a…
2025-02-22
High
CVE-2025-27012
Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo a1post-bg-shipping-for-woocommerce allows Privilege Escalation.This issue affects A1POST.BG Shipping for Woo: from…
Medium
CVE-2025-1557
A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the att…
2025-02-21
Medium
CVE-2025-25772
A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request.
Medium
CVE-2025-25770
Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /agency/AgencyUserController.java.
High
CVE-2025-25769
Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /controller/UserController.java.
Medium
CVE-2024-13883
The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'sav…
2025-02-20
Medium
CVE-2024-7141
Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross Site Request Forgery (CSRF) flaw.
Medium
CVE-2024-54959
Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorites component, enabling POST-based Cross-Site Scripting (XSS).
Medium
CVE-2024-49779
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifyi…
High
CVE-2024-13753
The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on th…
2025-02-19
High
CVE-2020-10095
Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device.
Medium
CVE-2024-13339
The DeBounce Email Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.8.0. This is due to missing or incorrect nonce validation on the…
Medium
CVE-2024-13336
The Disable Auto Updates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'disab…
Medium
CVE-2025-0865
The WP Media Category Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.0 to 2.3.3. This is due to missing or incorrect nonce validation on the wp_mcm_handle_a…
Medium
CVE-2024-13405
The Apptivo Business Site CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation on the '…
Medium
CVE-2025-1441
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007. This is due to missing or incorrect nonce val…
2025-02-18
Medium
CVE-2024-13718
The Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.26. This is due…
Medium
CVE-2024-13795
The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect non…
Medium
CVE-2024-13523
The MemorialDay plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on a function. This…
Medium
CVE-2024-13438
The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce valida…
High
CVE-2024-13315
The Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. This is due to missing or in…
Medium
CVE-2025-0796
The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.11. This is due to missing or incorrect nonce validation on…
High
CVE-2024-13852
The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the plugin_page() function. This makes it possible for un…
High
CVE-2024-13684
The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the reset_db_page() funct…
Medium
CVE-2024-13555
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missin…
Medium
CVE-2024-13522
The magayo Lottery Results plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.12. This is due to missing or incorrect nonce validation on the '…
2025-02-16
High
CVE-2025-26768
Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through…
High
CVE-2025-26759
Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager content-snippet-manager allows Stored XSS.This issue affects Content Snippet Manager: from n/a through <= 1.1.5.
Medium
CVE-2025-1358
A vulnerability classified as problematic was found in Pix Software Vivaz 6.0.10. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be init…
2025-02-15
Medium
CVE-2024-10581
The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the d…
2025-02-14
High
CVE-2025-24699
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder wp-coder allows Cross-Site Scripting (XSS).This issue affects WP Coder: from n/a through <= 3.6.
High
CVE-2025-22705
Cross-Site Request Forgery (CSRF) vulnerability in godthor Disqus Popular Posts disqus-popular-posts allows Reflected XSS.This issue affects Disqus Popular Posts: from n/a through <= 2.1.1.
2025-02-13
Medium
CVE-2025-23411
mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting a…
High
CVE-2025-26582
Cross-Site Request Forgery (CSRF) vulnerability in Blackbam TinyMCE Advanced qTranslate fix editor problems tinymce-advanced-qtranslate-fix-editor-problems allows Stored XSS.This issue affects TinyMC…
High
CVE-2025-26580
Cross-Site Request Forgery (CSRF) vulnerability in Complete SEO Page/Post Specific Social Share Buttons pagepost-specific-social-share-buttons allows Stored XSS.This issue affects Page/Post Specific…
High
CVE-2025-26578
Cross-Site Request Forgery (CSRF) vulnerability in mathieuhays Simple Documentation client-documentation allows Stored XSS.This issue affects Simple Documentation: from n/a through <= 1.2.8.
High
CVE-2025-26577
Cross-Site Request Forgery (CSRF) vulnerability in daxiawp DX-auto-publish dx-auto-publish allows Stored XSS.This issue affects DX-auto-publish: from n/a through <= 1.2.
High
CVE-2025-26572
Cross-Site Request Forgery (CSRF) vulnerability in jesseheap WP PHPList phplist-form-integration allows Cross Site Request Forgery.This issue affects WP PHPList: from n/a through <= 1.7.
High
CVE-2025-26571
Cross-Site Request Forgery (CSRF) vulnerability in wibiya Wibiya Toolbar wibiya allows Cross Site Request Forgery.This issue affects Wibiya Toolbar: from n/a through <= 2.0.
High
CVE-2025-26570
Cross-Site Request Forgery (CSRF) vulnerability in uamv Glance That allows Cross Site Request Forgery. This issue affects Glance That: from n/a through 4.9.
High
CVE-2025-26569
Cross-Site Request Forgery (CSRF) vulnerability in Callmeforsox Post Thumbs allows Stored XSS. This issue affects Post Thumbs: from n/a through 1.5.
High
CVE-2025-26568
Cross-Site Request Forgery (CSRF) vulnerability in jensmueller Easy Amazon Product Information easy-amazon-product-information allows Stored XSS.This issue affects Easy Amazon Product Information: fr…
High
CVE-2025-26562
Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Patnaik RSS Filter rss-filter allows Stored XSS.This issue affects RSS Filter: from n/a through <= 1.2.
High
CVE-2025-26550
Cross-Site Request Forgery (CSRF) vulnerability in Kunal Shivale Global Meta Keyword & Description global-meta-keyword-and-description allows Stored XSS.This issue affects Global Meta Keyword & Descr…
High
CVE-2025-26549
Cross-Site Request Forgery (CSRF) vulnerability in pa1 WP Html Page Sitemap wp-html-page-sitemap allows Stored XSS.This issue affects WP Html Page Sitemap: from n/a through <= 2.2.
High
CVE-2025-26547
Cross-Site Request Forgery (CSRF) vulnerability in nagarjunsonti My Login Logout Plugin my-loginlogout allows Stored XSS.This issue affects My Login Logout Plugin: from n/a through <= 2.4.
High
CVE-2025-26545
Cross-Site Request Forgery (CSRF) vulnerability in shisuh Related Posts Line-up-Exactly by Milliard related-posts-line-up-exactry-by-milliard allows Stored XSS.This issue affects Related Posts Line-u…
High
CVE-2025-26543
Cross-Site Request Forgery (CSRF) vulnerability in Pukhraj Suthar Simple Responsive Menu simple-responsive-menu allows Stored XSS.This issue affects Simple Responsive Menu: from n/a through <= 2.1.
2025-02-12
High
CVE-2024-12386
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.3. This is due to missing nonce validation on multiple functions. This make…
Medium
CVE-2024-13437
The Book a Room plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9. This is due to missing or incorrect nonce validation on the 'bookaroom_Sett…
Medium
CVE-2025-0808
The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the "de…
Medium
CVE-2024-13749
The StaffList plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing or incorrect nonce validation on the 'stafflist' pag…
2025-02-11
Medium
CVE-2019-15002
An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an…
High
CVE-2025-24900
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, the…
High
CVE-2025-24897
Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attrib…
Medium
CVE-2025-0588
In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. By submitting a specifically crafted referrer header the user c…
Medium
CVE-2025-24875
SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None (SameSite=None). This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this…
2025-02-07
Medium
CVE-2024-9661
The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit func…
High
CVE-2025-25168
Cross-Site Request Forgery (CSRF) vulnerability in Black and White BookPress – For Book Authors book-press allows Cross-Site Scripting (XSS).This issue affects BookPress – For Book Authors: from n/a…
High
CVE-2025-25166
Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation inlocation allows Stored XSS.This issue affects InLocation: from n/a through <= 1.8.
High
CVE-2025-25160
Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker style-tweaker allows Stored XSS.This issue affects Style Tweaker: from n/a through <= 0.11.
High
CVE-2025-25156
Cross-Site Request Forgery (CSRF) vulnerability in Stanko Metodiev Quote Comments quote-comments allows Stored XSS.This issue affects Quote Comments: from n/a through <= 3.0.0.
High
CVE-2025-25154
Cross-Site Request Forgery (CSRF) vulnerability in scweber Custom Comment Notifications custom-comment-notifications allows Stored XSS.This issue affects Custom Comment Notifications: from n/a throug…
High
CVE-2025-25153
Cross-Site Request Forgery (CSRF) vulnerability in djjmz Simple Auto Tag simple-auto-tag allows Stored XSS.This issue affects Simple Auto Tag: from n/a through <= 1.1.
High
CVE-2025-25152
Cross-Site Request Forgery (CSRF) vulnerability in LukaszWiecek Smart DoFollow smart-dofollow allows Stored XSS.This issue affects Smart DoFollow: from n/a through <= 1.0.2.
High
CVE-2025-25149
Cross-Site Request Forgery (CSRF) vulnerability in Danillo Nunes Login-box login-box allows Stored XSS.This issue affects Login-box: from n/a through <= 2.0.4.
High
CVE-2025-25148
Cross-Site Request Forgery (CSRF) vulnerability in ElbowRobo Read More Copy Link read-more-copy-link allows Stored XSS.This issue affects Read More Copy Link: from n/a through <= 1.0.2.
High
CVE-2025-25147
Cross-Site Request Forgery (CSRF) vulnerability in Phillip.Gooch Auto SEO auto-seo allows Stored XSS.This issue affects Auto SEO: from n/a through <= 2.5.6.
Medium
CVE-2025-25146
Cross-Site Request Forgery (CSRF) vulnerability in saleandro Songkick Concerts and Festivals songkick-concerts-and-festivals allows Cross Site Request Forgery.This issue affects Songkick Concerts and…
Medium
CVE-2025-25145
Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics infusionsoft-web-tracker allows Cross Site Request Forgery.This issue affects Infusionsoft Analytics: from n/a t…
Medium
CVE-2025-25143
Cross-Site Request Forgery (CSRF) vulnerability in ibasit GlobalQuran globalquran allows Cross Site Request Forgery.This issue affects GlobalQuran: from n/a through <= 1.0.
High
CVE-2025-25140
Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile simple-user-profile allows Stored XSS.This issue affects Simple User Profile: from n/a through <= 1.9.
High
CVE-2025-25139
Cross-Site Request Forgery (CSRF) vulnerability in Cynob IT Consultancy WP Custom Post RSS Feed wp-custom-post-rss-feed allows Stored XSS.This issue affects WP Custom Post RSS Feed: from n/a through…
High
CVE-2025-25138
Cross-Site Request Forgery (CSRF) vulnerability in Rishi On Page SEO + Whatsapp Chat Button ops-robots-txt allows Stored XSS.This issue affects On Page SEO + Whatsapp Chat Button: from n/a through <=…
High
CVE-2025-25135
Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar customize-wpadmin allows Stored XSS.This issue affects Custom Links On Admin Dashboard Toolb…
High
CVE-2025-25128
Cross-Site Request Forgery (CSRF) vulnerability in orlandolac Facilita Form Tracker facilita-form-tracker allows Stored XSS.This issue affects Facilita Form Tracker: from n/a through <= 1.0.
High
CVE-2025-25126
Cross-Site Request Forgery (CSRF) vulnerability in zmseo ZMSEO zmseo allows Stored XSS.This issue affects ZMSEO: from n/a through <= 1.14.1.
High
CVE-2025-25125
Cross-Site Request Forgery (CSRF) vulnerability in CyrilG Fyrebox Quizzes fyrebox-shortcode allows Stored XSS.This issue affects Fyrebox Quizzes: from n/a through <= 3.1.
High
CVE-2025-25123
Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy Related Posts easy-related-posts allows Stored XSS.This issue affects Easy Related Posts: from n/a through <= 2.0.2.
Medium
CVE-2025-25111
Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP Spell Check wp-spell-check allows Cross Site Request Forgery.This issue affects WP Spell Check: from n/a through <= 9.21.
Critical
CVE-2025-25107
Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites onestore-sites allows Cross Site Request Forgery.This issue affects OneStore Sites: from n/a through <= 0.1.1.
Critical
CVE-2025-25106
Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP starter-templates allows Cross Site Request Forgery.This issue affects Starter Templates by FancyWP: from n/a t…
High
CVE-2025-25104
Cross-Site Request Forgery (CSRF) vulnerability in mraliende URL-Preview-Box good-url-preview-box allows Cross Site Request Forgery.This issue affects URL-Preview-Box: from n/a through <= 1.20.
Medium
CVE-2025-25103
Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Indeed API indeed-api allows Cross Site Request Forgery.This issue affects Indeed API: from n/a through <= 0.5.