Medium
CVE-2024-12206
The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing or incorrect nonce val…
Tag: Cross-Site Request Forgery (CSRF)
All CVEs associated with "Cross-Site Request Forgery (CSRF)". Page 21/80 • 9568 CVEs.
Subscribe CVEs: RSS for “Cross-Site Request Forgery (CSRF)” · RSS (High+Critical only)
About “Cross-Site Request Forgery (CSRF)”
A curated feed of “Cross-Site Request Forgery (CSRF)”-related CVEs appears below. We currently track 9568 CVEs for this tag (all time). In the last 365 days, 1403 were published. Average CVSS is 6.4 (all time; 5.6 over 365d), and 37% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-352 - Cross-Site Request Forgery (CSRF), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-01-09
Medium
CVE-2024-13203
A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is pos…
2025-01-07
High
CVE-2025-22590
Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Prayer Times Anywhere prayer-times-anywhere allows Stored XSS.This issue affects Prayer Times Anywhere: from n/a through <= 2.0.1.
High
CVE-2025-22589
Cross-Site Request Forgery (CSRF) vulnerability in bozdoz Quote Tweet quote-tweet allows Stored XSS.This issue affects Quote Tweet: from n/a through <= 0.7.
High
CVE-2025-22582
Cross-Site Request Forgery (CSRF) vulnerability in Scott Nelle Uptime Robot uptime-robot allows Stored XSS.This issue affects Uptime Robot: from n/a through <= 0.1.3.
High
CVE-2025-22571
Cross-Site Request Forgery (CSRF) vulnerability in instabot Instabot instabot allows Cross Site Request Forgery.This issue affects Instabot: from n/a through <= 1.10.
Medium
CVE-2025-22563
Cross-Site Request Forgery (CSRF) vulnerability in faaiq Pretty Url pretty-url allows Cross Site Request Forgery.This issue affects Pretty Url: from n/a through <= 1.5.5.
Medium
CVE-2025-22562
Cross-Site Request Forgery (CSRF) vulnerability in kbowson Title Experiments Free wp-experiments-free allows Cross Site Request Forgery.This issue affects Title Experiments Free: from n/a through <=…
High
CVE-2025-22559
Cross-Site Request Forgery (CSRF) vulnerability in tubepress TubePress.NET tubepressnet allows Cross Site Request Forgery.This issue affects TubePress.NET: from n/a through <= 4.0.1.
High
CVE-2025-22557
Cross-Site Request Forgery (CSRF) vulnerability in cdowp News Publisher Autopilot wpm-news-api allows Cross Site Request Forgery.This issue affects News Publisher Autopilot: from n/a through <= 2.1.4.
High
CVE-2025-22556
Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Norse Rune Oracle Plugin norse-runes-oracle allows Cross Site Request Forgery.This issue affects Norse Rune Oracle Plugin: from n/a thr…
High
CVE-2025-22555
Cross-Site Request Forgery (CSRF) vulnerability in njshofe Smoothness Slider Shortcode smoothness-slider-shortcode allows Cross Site Request Forgery.This issue affects Smoothness Slider Shortcode: fr…
High
CVE-2025-22552
Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Affiliate Disclosure Statement affiliate-disclosure-statement allows Cross Site Request Forgery.This issue affects Affiliate Disclosure Sta…
High
CVE-2025-22538
Cross-Site Request Forgery (CSRF) vulnerability in Ofek Nakar Virtual Bot virtual-bot allows Stored XSS.This issue affects Virtual Bot: from n/a through <= 1.0.0.
High
CVE-2025-22520
Cross-Site Request Forgery (CSRF) vulnerability in Tock Tock Widget tock-widget allows Cross Site Request Forgery.This issue affects Tock Widget: from n/a through <= 1.1.
Medium
CVE-2025-22503
Cross-Site Request Forgery (CSRF) vulnerability in digitalzoomstudio Admin debug wordpress – enable debug dzs-enable-debug allows Cross Site Request Forgery.This issue affects Admin debug wordpress –…
High
CVE-2025-22347
Cross-Site Request Forgery (CSRF) vulnerability in bannersky BSK Forms Blacklist bsk-gravityforms-blacklist allows Blind SQL Injection.This issue affects BSK Forms Blacklist: from n/a through <= 3.9.
High
CVE-2025-22343
Cross-Site Request Forgery (CSRF) vulnerability in koter84 wpSOL wpsol allows Stored XSS.This issue affects wpSOL: from n/a through <= 1.2.0.
High
CVE-2025-22342
Cross-Site Request Forgery (CSRF) vulnerability in Jenst WP Simple Sitemap wp-simple-sitemap allows Stored XSS.This issue affects WP Simple Sitemap: from n/a through <= 0.2.
High
CVE-2025-22336
Cross-Site Request Forgery (CSRF) vulnerability in Amos Lee(一刀) Wizhi Multi Filters by Wenprise wizhi-multi-filters allows Stored XSS.This issue affects Wizhi Multi Filters by Wenprise: from n/a thro…
High
CVE-2025-22328
Cross-Site Request Forgery (CSRF) vulnerability in Elevio by Dixa Elevio elevio allows Stored XSS.This issue affects Elevio: from n/a through <= 4.4.1.
High
CVE-2025-22325
Cross-Site Request Forgery (CSRF) vulnerability in nchankov Autocompleter autocompleter allows Stored XSS.This issue affects Autocompleter: from n/a through <= 1.3.5.2.
Medium
CVE-2025-22301
Cross-Site Request Forgery (CSRF) vulnerability in zookatron MyBookTable Bookstore mybooktable allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore: from n/a through <= 3.5.3.
Medium
CVE-2025-22300
Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager pixelyoursite allows Cross Site Request Forgery.This issue affects PixelYourSite – Your…
Medium
CVE-2025-22297
Cross-Site Request Forgery (CSRF) vulnerability in aipost AI WP Writer ai-wp-writer allows Cross Site Request Forgery.This issue affects AI WP Writer: from n/a through <= 3.8.4.4.
Medium
CVE-2024-49294
Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Cross Site Request Forgery.This issue affect…
Medium
CVE-2024-12383
The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'bmw…
High
CVE-2024-12322
The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the…
Medium
CVE-2024-12291
The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.17. This is due to missing or incorrect nonce validation on a function. Thi…
Medium
CVE-2024-12288
The Simple add pages or posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation. This…
Medium
CVE-2024-12170
The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica…
Medium
CVE-2024-12557
The Transporters.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing nonce validation on a function. This makes it…
Medium
CVE-2024-12541
The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on t…
2025-01-06
High
CVE-2024-55076
Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password.
2025-01-04
Medium
CVE-2024-12279
The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a funct…
Medium
CVE-2024-12545
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t…
2025-01-02
Medium
CVE-2024-38732
Cross-Site Request Forgery (CSRF) vulnerability in VolThemes Patricia Blog allows Cross Site Request Forgery.This issue affects Patricia Blog: from n/a through 1.2.
Medium
CVE-2024-38731
Cross-Site Request Forgery (CSRF) vulnerability in Marsian i-amaze allows Cross Site Request Forgery.This issue affects i-amaze: from n/a through 1.3.7.
Medium
CVE-2024-37931
Cross-Site Request Forgery (CSRF) vulnerability in Creativthemes Point allows Cross Site Request Forgery.This issue affects Point: from n/a through 1.1.
Medium
CVE-2024-37925
Cross-Site Request Forgery (CSRF) vulnerability in BUDDYBOSS LLC BuddyBoss Theme allows Cross Site Request Forgery.This issue affects BuddyBoss Theme: from n/a through 2.4.61.
Medium
CVE-2024-37452
Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop Schema Lite allows Cross Site Request Forgery.This issue affects Schema Lite: from n/a through 1.2.2.
Medium
CVE-2024-37438
Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Cross Site Request Forgery.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a befor…
Medium
CVE-2024-37241
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager - Resume Manager allows Cross Site Request Forgery.This issue affects WP Job Manager - Resume Manager: from n/a through 2.…
Medium
CVE-2024-37237
Cross-Site Request Forgery (CSRF) vulnerability in fs-code FS Poster fs-poster allows Cross Site Request Forgery.This issue affects FS Poster: from n/a through <= 6.5.8.
High
CVE-2024-39623
Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro listingpro allows Authentication Bypass.This issue affects ListingPro: from n/a through <= 2.9.4.
Medium
CVE-2024-38778
Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search fulltext-search.This issue affects WP Fast Total Search: from n/a through <= 1.69.234.
Medium
CVE-2024-38764
Cross-Site Request Forgery (CSRF) vulnerability in Marsian allows Cross Site Request Forgery.This issue affects i-transform: from n/a through 3.0.9.
Medium
CVE-2024-56251
Cross-Site Request Forgery (CSRF) vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Cross Site Request Forgery.This issue affects Event Espresso 4 Decaf: from n/a thr…
Medium
CVE-2024-43927
Cross-Site Request Forgery (CSRF) vulnerability in Till Krüss Email Address Encoder email-address-encoder allows Cross Site Request Forgery.This issue affects Email Address Encoder: from n/a through…
Medium
CVE-2024-38790
Cross-Site Request Forgery (CSRF) vulnerability in Smartsupp Smartsupp – live chat, chatbots, AI and lead generation smartsupp-live-chat allows Cross Site Request Forgery.This issue affects Smartsupp…
Medium
CVE-2024-38789
Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Telegram Bot & Channel telegram-bot allows Cross Site Request Forgery.This issue affects Telegram Bot & Channel: from n/a through <= 3.…
Medium
CVE-2024-38766
Cross-Site Request Forgery (CSRF) vulnerability in matomoteam Matomo Analytics matomo allows Cross Site Request Forgery.This issue affects Matomo Analytics: from n/a through <= 5.1.1.
Medium
CVE-2024-38765
Cross-Site Request Forgery (CSRF) vulnerability in outtheboxthemes Oceanic oceanic allows Cross Site Request Forgery.This issue affects Oceanic: from n/a through <= 1.0.48.
Medium
CVE-2024-38763
Cross-Site Request Forgery (CSRF) vulnerability in themes4wp Popularis Verse popularis-verse allows Cross Site Request Forgery.This issue affects Popularis Verse: from n/a through <= 1.1.1.
Medium
CVE-2024-38762
Cross-Site Request Forgery (CSRF) vulnerability in StellarWP Event Tickets event-tickets allows Cross Site Request Forgery.This issue affects Event Tickets: from n/a through <= 5.11.0.4.
Medium
CVE-2024-38754
Cross-Site Request Forgery (CSRF) vulnerability in Taggbox Taggbox taggbox-widget allows Cross Site Request Forgery.This issue affects Taggbox: from n/a through <= 3.3.
Medium
CVE-2024-38753
Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Animated Rotating Words css3-rotating-words allows Cross Site Request Forgery.This issue affects Animated Rotating Words: from n/a throu…
Medium
CVE-2024-38751
Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Google Adsense & Banner Ads by AdsforWP ads-for-wp allows Cross Site Request Forgery.This issue affects Google Adsense & Banner Ads by Ads…
Medium
CVE-2024-38729
Cross-Site Request Forgery (CSRF) vulnerability in mbeelink MBE eShip mail-boxes-etc allows Cross Site Request Forgery.This issue affects MBE eShip: from n/a through <= 2.1.2.
Medium
CVE-2024-38691
Cross-Site Request Forgery (CSRF) vulnerability in Metorik Metorik – Reports & Email Automation for WooCommerce metorik-helper allows Cross Site Request Forgery.This issue affects Metorik – Reports &…
Medium
CVE-2024-37937
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Rara Business rara-business allows Cross Site Request Forgery.This issue affects Rara Business: from n/a through <= 1.2.5.
Medium
CVE-2024-37543
Cross-Site Request Forgery (CSRF) vulnerability in Nitesh Ultimate Auction ultimate-auction allows Cross Site Request Forgery.This issue affects Ultimate Auction : from n/a through <= 4.2.5.
Medium
CVE-2024-37540
Cross-Site Request Forgery (CSRF) vulnerability in ZEEN101 Leaky Paywall leaky-paywall allows Cross Site Request Forgery.This issue affects Leaky Paywall: from n/a through <= 4.21.2.
Medium
CVE-2024-37518
Cross-Site Request Forgery (CSRF) vulnerability in StellarWP The Events Calendar the-events-calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through <= 6.5.…
Medium
CVE-2024-37511
Cross-Site Request Forgery (CSRF) vulnerability in swte Swift Performance Lite swift-performance-lite allows Cross Site Request Forgery.This issue affects Swift Performance Lite: from n/a through <=…
Medium
CVE-2024-37508
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Construction Landing Page construction-landing-page allows Cross Site Request Forgery.This issue affects Construction Landing Page: from n…
Medium
CVE-2024-37503
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Cross Site Request Forgery.This issue affects Lawyer Landing Page: from n/a through <= 1.2.…
Medium
CVE-2024-37493
Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Posterity posterity allows Cross Site Request Forgery.This issue affects Posterity: from n/a through <= 3.3.
Medium
CVE-2024-37491
Cross-Site Request Forgery (CSRF) vulnerability in apollo13themes Rife Free rife-free allows Cross Site Request Forgery.This issue affects Rife Free: from n/a through <= 2.4.18.
Medium
CVE-2024-37490
Cross-Site Request Forgery (CSRF) vulnerability in wproyal Bard bard allows Cross Site Request Forgery.This issue affects Bard: from n/a through <= 2.210.
Medium
CVE-2024-37478
Cross-Site Request Forgery (CSRF) vulnerability in wproyal Ashe ashe allows Cross Site Request Forgery.This issue affects Ashe: from n/a through <= 2.233.
Medium
CVE-2024-37473
Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Trendy News trendy-news allows Cross Site Request Forgery.This issue affects Trendy News: from n/a through <= 1.0.15.
Medium
CVE-2024-37469
Cross-Site Request Forgery (CSRF) vulnerability in creativethemeshq Blocksy blocksy allows Cross Site Request Forgery.This issue affects Blocksy: from n/a through <= 2.0.22.
Medium
CVE-2024-37467
Cross-Site Request Forgery (CSRF) vulnerability in themeisle Hestia hestia allows Cross Site Request Forgery.This issue affects Hestia: from n/a through <= 3.1.2.
Medium
CVE-2024-37458
Cross-Site Request Forgery (CSRF) vulnerability in extendthemes Highlight highlight allows Cross Site Request Forgery.This issue affects Highlight: from n/a through <= 1.0.29.
Medium
CVE-2024-37451
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Travel Agency travel-agency allows Cross Site Request Forgery.This issue affects Travel Agency: from n/a through <= 1.4.9.
Medium
CVE-2024-37450
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Benevolent benevolent allows Cross Site Request Forgery.This issue affects Benevolent: from n/a through <= 1.3.4.
Medium
CVE-2024-37448
Cross-Site Request Forgery (CSRF) vulnerability in famethemes OnePress onepress allows Cross Site Request Forgery.This issue affects OnePress: from n/a through <= 2.3.6.
Medium
CVE-2024-37441
Cross-Site Request Forgery (CSRF) vulnerability in desertthemes NewsMash newsmash allows Cross Site Request Forgery.This issue affects NewsMash: from n/a through <= 1.0.34.
Medium
CVE-2024-37435
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Cross Site Request Forgery.This issue affects Perfect Portfolio: from n/a through <= 1.2.0.
Medium
CVE-2024-37431
Cross-Site Request Forgery (CSRF) vulnerability in extendthemes Mesmerize mesmerize allows Cross Site Request Forgery.This issue affects Mesmerize: from n/a through <= 1.6.120.
Medium
CVE-2024-37426
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Elegant Pink elegant-pink allows Cross Site Request Forgery.This issue affects Elegant Pink: from n/a through <= 1.3.0.
Medium
CVE-2024-37421
Cross-Site Request Forgery (CSRF) vulnerability in raratheme JobScout jobscout allows Cross Site Request Forgery.This issue affects JobScout: from n/a through <= 1.1.4.
Medium
CVE-2024-37417
Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through <= 1.0.7.
Medium
CVE-2024-37413
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Preschool and Kindergarten preschool-and-kindergarten allows Cross Site Request Forgery.This issue affects Preschool and Kindergarten: fro…
Medium
CVE-2024-37412
Cross-Site Request Forgery (CSRF) vulnerability in blossomthemes Blossom Shop blossom-shop allows Cross Site Request Forgery.This issue affects Blossom Shop: from n/a through <= 1.1.7.
Medium
CVE-2024-37274
Cross-Site Request Forgery (CSRF) vulnerability in Rui Guerreiro WP Mobile Menu mobile-menu allows Cross Site Request Forgery.This issue affects WP Mobile Menu: from n/a through <= 2.8.4.3.
Medium
CVE-2024-37272
Cross-Site Request Forgery (CSRF) vulnerability in wptravelengine Travel Monster travel-monster allows Cross Site Request Forgery.This issue affects Travel Monster: from n/a through <= 1.1.2.
Medium
CVE-2024-37243
Cross-Site Request Forgery (CSRF) vulnerability in blossomthemes Vandana Lite vandana-lite allows Cross Site Request Forgery.This issue affects Vandana Lite: from n/a through <= 1.1.9.
Medium
CVE-2024-37242
Cross-Site Request Forgery (CSRF) vulnerability in Automattic Newspack Newsletters newspack-newsletters allows Cross Site Request Forgery.This issue affects Newspack Newsletters: from n/a through <=…
Medium
CVE-2024-37240
Cross-Site Request Forgery (CSRF) vulnerability in sbouey Falang multilanguage falang allows Cross Site Request Forgery.This issue affects Falang multilanguage: from n/a through <= 1.3.51.
Medium
CVE-2024-37238
Cross-Site Request Forgery (CSRF) vulnerability in Greg Winiarski WPAdverts wpadverts allows Cross Site Request Forgery.This issue affects WPAdverts: from n/a through <= 2.1.2.
Medium
CVE-2024-37236
Cross-Site Request Forgery (CSRF) vulnerability in Tim W Loco Translate loco-translate allows Cross Site Request Forgery.This issue affects Loco Translate: from n/a through <= 2.6.9.
Medium
CVE-2024-37235
Cross-Site Request Forgery (CSRF) vulnerability in Adrian Tobey Groundhogg groundhogg allows Cross Site Request Forgery.This issue affects Groundhogg: from n/a through <= 3.4.2.3.
Medium
CVE-2024-37104
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Chic Lite chic-lite allows Cross Site Request Forgery.This issue affects Chic Lite: from n/a through <= 1.1.3.
Medium
CVE-2024-37103
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Education Zone education-zone allows Cross Site Request Forgery.This issue affects Education Zone: from n/a through <= 1.3.4.
Medium
CVE-2024-37102
Cross-Site Request Forgery (CSRF) vulnerability in blossomthemes Vilva vilva allows Cross Site Request Forgery.This issue affects Vilva: from n/a through <= 1.2.2.
Medium
CVE-2024-37093
Cross-Site Request Forgery (CSRF) vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Cross Site Request Forgery.This issue affects MasterStudy LMS: from n/a t…
2024-12-31
High
CVE-2024-56207
Cross-Site Request Forgery (CSRF) vulnerability in EditionGuard EditionGuard for WooCommerce – eBook Sales with DRM editionguard-for-woocommerce-ebook-sales-with-drm allows Privilege Escalation.This…
High
CVE-2024-56206
Cross-Site Request Forgery (CSRF) vulnerability in krishankakkar gap-hub-user-role gap-hub-user-role allows Authentication Bypass.This issue affects gap-hub-user-role: from n/a through <= 3.4.1.
High
CVE-2024-56204
Cross-Site Request Forgery (CSRF) vulnerability in yonisink Sinking Dropdowns sinking-dropdowns allows Privilege Escalation.This issue affects Sinking Dropdowns: from n/a through <= 1.25.
High
CVE-2024-56203
Cross-Site Request Forgery (CSRF) vulnerability in gholme4 Wayne Audio Player wayne-audio-player allows Privilege Escalation.This issue affects Wayne Audio Player: from n/a through <= 1.0.
High
CVE-2024-56232
Cross-Site Request Forgery (CSRF) vulnerability in Alex Volkov WP Nice Loader wp-nice-loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through <= 0.1.0.4.
Medium
CVE-2024-56229
Cross-Site Request Forgery (CSRF) vulnerability in SearchIQ SearchIQ searchiq.This issue affects SearchIQ: from n/a through <= 4.6.
Medium
CVE-2024-56222
Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard Help Desk codebard-help-desk allows Cross Site Request Forgery.This issue affects CodeBard Help Desk: from n/a through <= 1.1.1.
Medium
CVE-2024-56218
Cross-Site Request Forgery (CSRF) vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Cross Site Request Forgery.This issue affects Contac…
2024-12-27
Medium
CVE-2024-11842
The DN Shipping by Weight for WooCommerce WordPress plugin before 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them v…
2024-12-26
Medium
CVE-2024-12955
A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as problematic. This vulnerability affects unknown code of the file /logout.php. The manipulation…
2024-12-25
Medium
CVE-2024-10862
The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in all versions up to, and including, 8.7.15…
Medium
CVE-2024-12636
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2…
2024-12-22
High
CVE-2024-56311
REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into acce…
High
CVE-2024-56310
REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a…
2024-12-21
High
CVE-2024-12771
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect n…
Medium
CVE-2024-11607
The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin ad…
2024-12-20
Medium
CVE-2024-11812
The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.091. This is due to missing or incorrect nonce validation on the…
2024-12-18
High
CVE-2024-56116
A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows remote attackers to create an administrator account.
Medium
CVE-2024-56140
Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the `security.checkOrigin` configura…
Medium
CVE-2024-12554
The Peter’s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on the cas_register_…
Medium
CVE-2024-12454
The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect non…
Medium
CVE-2024-10892
The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attack…