High
CVE-2025-23821
Cross-Site Request Forgery (CSRF) vulnerability in aleapp WP Cookies Alert wp-cookies-alert allows Cross Site Request Forgery.This issue affects WP Cookies Alert: from n/a through <= 1.1.1.
Tag: Cross-Site Request Forgery (CSRF)
All CVEs associated with "Cross-Site Request Forgery (CSRF)". Page 20/80 • 9568 CVEs.
Subscribe CVEs: RSS for “Cross-Site Request Forgery (CSRF)” · RSS (High+Critical only)
About “Cross-Site Request Forgery (CSRF)”
A curated feed of “Cross-Site Request Forgery (CSRF)”-related CVEs appears below. We currently track 9568 CVEs for this tag (all time). In the last 365 days, 1403 were published. Average CVSS is 6.4 (all time; 5.6 over 365d), and 37% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-352 - Cross-Site Request Forgery (CSRF), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-01-16
High
CVE-2025-23820
Cross-Site Request Forgery (CSRF) vulnerability in thapa.laxman Content Security Policy Pro content-security-policy-pro allows Cross Site Request Forgery.This issue affects Content Security Policy Pr…
High
CVE-2025-23818
Cross-Site Request Forgery (CSRF) vulnerability in pyko More Link Modifier more-link-modifier allows Stored XSS.This issue affects More Link Modifier: from n/a through <= 1.0.3.
High
CVE-2025-23817
Cross-Site Request Forgery (CSRF) vulnerability in mahadirz MHR-Custom-Anti-Copy mhr-custom-anti-copy allows Stored XSS.This issue affects MHR-Custom-Anti-Copy: from n/a through <= 2.0.
High
CVE-2025-23815
Cross-Site Request Forgery (CSRF) vulnerability in linickx root Cookie allows Cross Site Request Forgery. This issue affects root Cookie: from n/a through 1.6.
High
CVE-2025-23810
Cross-Site Request Forgery (CSRF) vulnerability in Igor Sazonov Len Slider len-slider allows Reflected XSS.This issue affects Len Slider: from n/a through <= 2.0.11.
High
CVE-2025-23808
Cross-Site Request Forgery (CSRF) vulnerability in Dutch van Andel Custom List Table Example custom-list-table-example allows Reflected XSS.This issue affects Custom List Table Example: from n/a thro…
High
CVE-2025-23805
Cross-Site Request Forgery (CSRF) vulnerability in itamarg SEOReseller Partner sr-partner allows Cross Site Request Forgery.This issue affects SEOReseller Partner: from n/a through <= 1.3.15.
High
CVE-2025-23804
Cross-Site Request Forgery (CSRF) vulnerability in Shiv Prakash Tiwari WP Service Payment Form With Authorize.net wp-service-payment-form-with-authorizenet allows Reflected XSS.This issue affects WP…
High
CVE-2025-23801
Cross-Site Request Forgery (CSRF) vulnerability in FuzzGuard Style Admin style-admin allows Stored XSS.This issue affects Style Admin: from n/a through <= 1.4.3.
High
CVE-2025-23800
Cross-Site Request Forgery (CSRF) vulnerability in nova706 OrangeBox orangebox allows Cross Site Request Forgery.This issue affects OrangeBox: from n/a through <= 3.0.0.
Critical
CVE-2025-23797
Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor wp-options-editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through <= 1.1.
High
CVE-2025-23793
Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Turcu Auto FTP auto-ftp allows Stored XSS.This issue affects Auto FTP: from n/a through <= 1.0.1.
Medium
CVE-2025-23765
Cross-Site Request Forgery (CSRF) vulnerability in w3speedster W3SPEEDSTER w3speedster-wp allows Cross Site Request Forgery.This issue affects W3SPEEDSTER: from n/a through <= 7.33.
High
CVE-2025-23749
Cross-Site Request Forgery (CSRF) vulnerability in progpars.net mybb Last Topics mybb-last-topics allows Stored XSS.This issue affects mybb Last Topics: from n/a through <= 1.0.
High
CVE-2025-23745
Cross-Site Request Forgery (CSRF) vulnerability in Tussendoor B.V. Call me Now call-me-now allows Stored XSS.This issue affects Call me Now: from n/a through <= 1.0.5.
High
CVE-2025-23743
Cross-Site Request Forgery (CSRF) vulnerability in MartijnScheijbeler Social Analytics social-analytics allows Stored XSS.This issue affects Social Analytics: from n/a through <= 0.2.
High
CVE-2025-23720
Cross-Site Request Forgery (CSRF) vulnerability in Marco Castelluccio Web Push web-push allows Stored XSS.This issue affects Web Push: from n/a through <= 1.4.0.
High
CVE-2025-23717
Cross-Site Request Forgery (CSRF) vulnerability in itmooti Theme My Ontraport Smartform theme-my-ontraport-smartform allows Stored XSS.This issue affects Theme My Ontraport Smartform: from n/a throug…
High
CVE-2025-23715
Cross-Site Request Forgery (CSRF) vulnerability in RaymondDesign Post & Page Notes post-page-notes allows Stored XSS.This issue affects Post & Page Notes: from n/a through <= 0.1.1.
High
CVE-2025-23713
Cross-Site Request Forgery (CSRF) vulnerability in artanik Hack me if you can hack-me-if-you-can allows Stored XSS.This issue affects Hack me if you can: from n/a through <= 1.2.
High
CVE-2025-23712
Cross-Site Request Forgery (CSRF) vulnerability in kapostintegrations Kapost kapost-byline allows Stored XSS.This issue affects Kapost: from n/a through <= 2.2.9.
High
CVE-2025-23710
Cross-Site Request Forgery (CSRF) vulnerability in Mayur Sojitra Flying Twitter Birds flying-twitter-birds allows Stored XSS.This issue affects Flying Twitter Birds: from n/a through <= 1.8.
High
CVE-2025-23708
Cross-Site Request Forgery (CSRF) vulnerability in Dominic Fallows DF Draggable df-draggable allows Stored XSS.This issue affects DF Draggable: from n/a through <= 1.13.2.
High
CVE-2025-23703
Cross-Site Request Forgery (CSRF) vulnerability in cstoltenkamp Free MailClient FMC mailclient allows Stored XSS.This issue affects Free MailClient FMC: from n/a through <= 1.0.
High
CVE-2025-23702
Cross-Site Request Forgery (CSRF) vulnerability in Schalk Burger Anonymize Links anonymize-links allows Stored XSS.This issue affects Anonymize Links: from n/a through <= 1.1.
High
CVE-2025-23698
Cross-Site Request Forgery (CSRF) vulnerability in ivanra10 WP Custom Google Search wp-custom-google-search allows Stored XSS.This issue affects WP Custom Google Search: from n/a through <= 1.0.
High
CVE-2025-23694
Cross-Site Request Forgery (CSRF) vulnerability in shabboscommerce Shabbos and Yom Tov shabbos-and-yom-tov allows Stored XSS.This issue affects Shabbos and Yom Tov: from n/a through <= 1.9.
High
CVE-2025-23693
Cross-Site Request Forgery (CSRF) vulnerability in uosiu Secure CAPTCHA secure-captcha allows Stored XSS.This issue affects Secure CAPTCHA: from n/a through <= 1.2.
High
CVE-2025-23692
Cross-Site Request Forgery (CSRF) vulnerability in artanik Slider for Writers slider-for-writers allows Stored XSS.This issue affects Slider for Writers: from n/a through <= 1.3.
High
CVE-2025-23691
Cross-Site Request Forgery (CSRF) vulnerability in Braulio Aquino Send to Twitter send-to-twitter allows Stored XSS.This issue affects Send to Twitter: from n/a through <= 1.7.2.
High
CVE-2025-23690
Cross-Site Request Forgery (CSRF) vulnerability in ArtkanMedia Book a Place book-a-place allows Stored XSS.This issue affects Book a Place: from n/a through <= 0.7.1.
High
CVE-2025-23677
Cross-Site Request Forgery (CSRF) vulnerability in DSmidge HTTP to HTTPS link changer by Eyga.net https-links-in-content allows Stored XSS.This issue affects HTTP to HTTPS link changer by Eyga.net: f…
High
CVE-2025-23675
Cross-Site Request Forgery (CSRF) vulnerability in Sana Ullah Import Users to MailChimp import-users-to-mailchimp allows Stored XSS.This issue affects Import Users to MailChimp: from n/a through <= 1…
High
CVE-2025-23673
Cross-Site Request Forgery (CSRF) vulnerability in dkukral Email on Publish email-on-publish allows Stored XSS.This issue affects Email on Publish: from n/a through <= 1.5.
High
CVE-2025-23665
Cross-Site Request Forgery (CSRF) vulnerability in Ravi Kumar Vanukuru RSV GMaps rsv-google-maps allows Stored XSS.This issue affects RSV GMaps: from n/a through <= 1.5.
High
CVE-2025-23664
Cross-Site Request Forgery (CSRF) vulnerability in Real Seguro Viagem Real Seguro Viagem seguro-viagem allows Stored XSS.This issue affects Real Seguro Viagem: from n/a through <= 2.0.5.
High
CVE-2025-23662
Cross-Site Request Forgery (CSRF) vulnerability in ryscript WP Panoramio wp-panoramio allows Stored XSS.This issue affects WP Panoramio: from n/a through <= 1.5.0.
High
CVE-2025-23661
Cross-Site Request Forgery (CSRF) vulnerability in ryscript NV Slider nv-slider allows Stored XSS.This issue affects NV Slider: from n/a through <= 1.6.
High
CVE-2025-23660
Cross-Site Request Forgery (CSRF) vulnerability in waltercerrudo MFPlugin mfplugin allows Stored XSS.This issue affects MFPlugin: from n/a through <= 1.3.
High
CVE-2025-23659
Cross-Site Request Forgery (CSRF) vulnerability in hernanjh MercadoLibre Integration mercadolibre-integration allows Stored XSS.This issue affects MercadoLibre Integration: from n/a through <= 1.1.
High
CVE-2025-23654
Cross-Site Request Forgery (CSRF) vulnerability in krolow Twitter Post twitterpost allows Stored XSS.This issue affects Twitter Post: from n/a through <= 0.1.
High
CVE-2025-23649
Cross-Site Request Forgery (CSRF) vulnerability in Kreg Steppe Auphonic Importer auphonic-importer allows Stored XSS.This issue affects Auphonic Importer: from n/a through <= 1.5.1.
High
CVE-2025-23640
Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan Rename Author Slug rename-author-slug allows Stored XSS.This issue affects Rename Author Slug: from n/a through <= 1.2.0.
High
CVE-2025-23639
Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC YouTube Downloader mdc-youtube-downloader allows Stored XSS.This issue affects MDC YouTube Downloader: from n/a through <= 3.0.0.
High
CVE-2025-23627
Cross-Site Request Forgery (CSRF) vulnerability in frenchsquared Comment-Emailer comment-emailer allows Stored XSS.This issue affects Comment-Emailer: from n/a through <= 1.0.5.
High
CVE-2025-23618
Cross-Site Request Forgery (CSRF) vulnerability in starise Twitter Shortcode twitter-shortcode allows Stored XSS.This issue affects Twitter Shortcode: from n/a through <= 0.9.
High
CVE-2025-23617
Cross-Site Request Forgery (CSRF) vulnerability in cybio Floatbox Plus floatbox-plus allows Stored XSS.This issue affects Floatbox Plus: from n/a through <= 1.4.4.
High
CVE-2025-23577
Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Word Freshener word-freshener allows Stored XSS.This issue affects Word Freshener: from n/a through <= 1.3.
High
CVE-2025-23573
Cross-Site Request Forgery (CSRF) vulnerability in sammyb WP Background Tile wp-background-tile allows Stored XSS.This issue affects WP Background Tile: from n/a through <= 1.0.
High
CVE-2025-23572
Cross-Site Request Forgery (CSRF) vulnerability in Dave Konopka UpDownUpDown updownupdown-postcomment-voting allows Stored XSS.This issue affects UpDownUpDown: from n/a through <= 1.1.
High
CVE-2025-23569
Cross-Site Request Forgery (CSRF) vulnerability in Kelvin Ng Shortcode in Comment shortcode-in-comment allows Stored XSS.This issue affects Shortcode in Comment: from n/a through <= 1.1.1.
High
CVE-2025-23567
Cross-Site Request Forgery (CSRF) vulnerability in Tamer Ziady GDReseller gdreseller allows Stored XSS.This issue affects GDReseller: from n/a through <= 1.6.
High
CVE-2025-23566
Cross-Site Request Forgery (CSRF) vulnerability in syedamirhussain91 Custom Post custom-post-type-gui allows Stored XSS.This issue affects Custom Post: from n/a through <= 1.0.
High
CVE-2025-23560
Cross-Site Request Forgery (CSRF) vulnerability in plumwd Web Testimonials web-testimonials allows Stored XSS.This issue affects Web Testimonials: from n/a through <= 1.2.
High
CVE-2025-23559
Cross-Site Request Forgery (CSRF) vulnerability in Stepan Stepasyuk MemeOne allows Stored XSS.This issue affects MemeOne: from n/a through 2.0.5.
High
CVE-2025-23558
Cross-Site Request Forgery (CSRF) vulnerability in digitalfisherman Geotagged Media geotagged-media allows Stored XSS.This issue affects Geotagged Media: from n/a through <= 0.3.0.
High
CVE-2025-23557
Cross-Site Request Forgery (CSRF) vulnerability in Kathleen Malone Find Your Reps find-your-reps allows Stored XSS.This issue affects Find Your Reps: from n/a through <= 1.2.
High
CVE-2025-23537
Cross-Site Request Forgery (CSRF) vulnerability in קידום ובניית אתרים add custom google tag manager add-custom-google-tag-manager allows Stored XSS.This issue affects add custom google tag manager: f…
High
CVE-2025-23533
Cross-Site Request Forgery (CSRF) vulnerability in zetxek WP Lyrics wplyrics allows Stored XSS.This issue affects WP Lyrics: from n/a through <= 0.4.1.
High
CVE-2025-23532
Cross-Site Request Forgery (CSRF) vulnerability in Regios MyAnime Widget myanime-widget allows Privilege Escalation.This issue affects MyAnime Widget: from n/a through <= 1.0.
High
CVE-2025-23530
Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Lockdown custom-post-type-lockdown allows Privilege Escalation.This issue affects Custom Post Type Lockdown: from n/a thro…
High
CVE-2025-23513
Cross-Site Request Forgery (CSRF) vulnerability in jd7777 Bible Embed bible-embed allows Stored XSS.This issue affects Bible Embed: from n/a through <= 0.0.4.
High
CVE-2025-23511
Cross-Site Request Forgery (CSRF) vulnerability in Stargazer WP-BlackCheck wp-blackcheck allows Stored XSS.This issue affects WP-BlackCheck: from n/a through <= 2.7.2.
High
CVE-2025-23510
Cross-Site Request Forgery (CSRF) vulnerability in Jan Štětina WordPress Logging Service wordpress-logging-service allows Stored XSS.This issue affects WordPress Logging Service: from n/a through <=…
High
CVE-2025-23508
Cross-Site Request Forgery (CSRF) vulnerability in OrigoThemes Extra Options – Favicons extra-options-favicons allows Stored XSS.This issue affects Extra Options – Favicons: from n/a through <= 1.1.0.
High
CVE-2025-23501
Cross-Site Request Forgery (CSRF) vulnerability in SpruceJoy Cookie Consent & Autoblock for GDPR/CCPA cookie-consent-autoblock allows Stored XSS.This issue affects Cookie Consent & Autoblock for GDPR…
High
CVE-2025-23499
Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier Board Election board-election allows Stored XSS.This issue affects Board Election: from n/a through <= 1.0.1.
High
CVE-2025-23497
Cross-Site Request Forgery (CSRF) vulnerability in albdesign Simple Project Manager simple-project-managment allows Stored XSS.This issue affects Simple Project Manager: from n/a through <= 1.2.2.
High
CVE-2025-23483
Cross-Site Request Forgery (CSRF) vulnerability in hoyce Universal Analytics Injector universal-analytics-injector allows Stored XSS.This issue affects Universal Analytics Injector: from n/a through…
High
CVE-2025-23476
Cross-Site Request Forgery (CSRF) vulnerability in isnowfy my-related-posts my-related-posts allows Stored XSS.This issue affects my-related-posts: from n/a through <= 1.1.
High
CVE-2025-23471
Cross-Site Request Forgery (CSRF) vulnerability in etemplates ECT Add to Cart Button ect-add-to-cart-button allows Stored XSS.This issue affects ECT Add to Cart Button: from n/a through <= 1.4.
High
CVE-2025-23470
Cross-Site Request Forgery (CSRF) vulnerability in xavsio4 Visit Site Link enhanced visit-site-link-enhanced allows Stored XSS.This issue affects Visit Site Link enhanced: from n/a through <= 1.0.
High
CVE-2025-23467
Cross-Site Request Forgery (CSRF) vulnerability in vimal.ghorecha RSS News Scroller rss-news-scroller allows Stored XSS.This issue affects RSS News Scroller: from n/a through <= 2.0.0.
High
CVE-2025-23463
Cross-Site Request Forgery (CSRF) vulnerability in Mukesh Dak MD Custom content after or before of post md-custom-content allows Stored XSS.This issue affects MD Custom content after or before of pos…
High
CVE-2025-23456
Cross-Site Request Forgery (CSRF) vulnerability in Oddthinking EmailShroud emailshroud allows Reflected XSS.This issue affects EmailShroud: from n/a through <= 2.2.1.
High
CVE-2025-23455
Cross-Site Request Forgery (CSRF) vulnerability in Master Software Solutions WP VTiger Synchronization msstiger allows Stored XSS.This issue affects WP VTiger Synchronization: from n/a through <= 1.1…
High
CVE-2025-23445
Cross-Site Request Forgery (CSRF) vulnerability in scottswezey Easy Tynt easy-tynt allows Cross Site Request Forgery.This issue affects Easy Tynt: from n/a through <= 0.2.5.1.
High
CVE-2025-23442
Cross-Site Request Forgery (CSRF) vulnerability in mschertel Shockingly Big IE6 Warning shockingly-big-ie6-warning allows Stored XSS.This issue affects Shockingly Big IE6 Warning: from n/a through <=…
High
CVE-2025-23436
Cross-Site Request Forgery (CSRF) vulnerability in capa Wp-Scribd-List wp-scribd-list allows Stored XSS.This issue affects Wp-Scribd-List: from n/a through <= 1.2.
High
CVE-2025-23435
Cross-Site Request Forgery (CSRF) vulnerability in marcucci Password Protect Plugin for WordPress password-protect-plugin-for-wordpress allows Stored XSS.This issue affects Password Protect Plugin fo…
High
CVE-2025-23430
Cross-Site Request Forgery (CSRF) vulnerability in Oren Yomtov Mass Custom Fields Manager mass-custom-fields-manager allows Reflected XSS.This issue affects Mass Custom Fields Manager: from n/a throu…
High
CVE-2025-23426
Cross-Site Request Forgery (CSRF) vulnerability in Binesh Dobhal go Social go-social allows Stored XSS.This issue affects go Social: from n/a through <= 1.0.
High
CVE-2025-23424
Cross-Site Request Forgery (CSRF) vulnerability in bnovotny Marquee Style RSS News Ticker marquee-style-rss-news-ticker allows Cross Site Request Forgery.This issue affects Marquee Style RSS News Tic…
Low
CVE-2024-57611
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId.
Medium
CVE-2024-57161
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.html
Medium
CVE-2024-57160
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.
Low
CVE-2024-57159
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html.
Medium
CVE-2024-10789
The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wp…
2025-01-15
High
CVE-2025-22784
Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Background Control background-control allows Path Traversal.This issue affects Background Control: from n/a through <= 1.0.5.
Medium
CVE-2025-22731
Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Build Private Store For Woocommerce build-private-store-for-woocommerce allows Cross Site Request Forgery.This issue affects Build…
2025-01-14
Medium
CVE-2024-50861
The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS wh…
High
CVE-2024-50858
Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modifica…
Medium
CVE-2024-50857
The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within…
Medium
CVE-2024-55945
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is…
High
CVE-2024-55924
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is…
Medium
CVE-2024-55923
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is…
Medium
CVE-2024-55922
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is…
High
CVE-2024-55921
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is…
Medium
CVE-2024-55920
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is…
Medium
CVE-2024-55894
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is…
Medium
CVE-2024-55893
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is…
Medium
CVE-2025-23081
Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - DataTransfer Extension…
High
CVE-2024-47100
A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-…
Medium
CVE-2025-0393
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce val…
Medium
CVE-2024-12008
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unaut…
2025-01-13
Medium
CVE-2023-42234
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function.
High
CVE-2025-22963
Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin.
2025-01-10
Low
CVE-2025-23113
An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An atta…
High
CVE-2024-6662
Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery (CSRF) as the form available under "/edytor/index.php?id=7,7,0" lacks protection mechanisms. A user cou…
2025-01-09
Medium
CVE-2024-13304
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Minify JS allows Cross Site Request Forgery.This issue affects Minify JS: from 0.0.0 before 3.0.3.
Low
CVE-2024-13293
Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.This issue affects POST File: from 0.0.0 before 1.0.2.
High
CVE-2024-13284
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5.
Low
CVE-2024-13261
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.This issue affects Acquia DAM: from 0.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3.
High
CVE-2024-13260
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1.
High
CVE-2024-13250
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6.
High
CVE-2024-13244
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.This issue affects Migrate Tools: from 0.0.0 before 6.0.3.
High
CVE-2025-22814
Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Admin Theme zephyr-modern-admin-theme allows Cross Site Request Forgery.This issue affects Zephyr Admin Theme: from n/a through <…
Medium
CVE-2024-12605
The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to Cross-Site Request Fo…
Medium
CVE-2024-12218
The Woocommerce check pincode/zipcode for shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect no…