High
CVE-2025-60111
Cross-Site Request Forgery (CSRF) vulnerability in javothemes Javo Core javo-core allows Authentication Bypass.This issue affects Javo Core: from n/a through <= 3.0.0.266.
Tag: Cross-Site Request Forgery (CSRF)
All CVEs associated with "Cross-Site Request Forgery (CSRF)". Page 9/80 • 9568 CVEs.
Subscribe CVEs: RSS for “Cross-Site Request Forgery (CSRF)” · RSS (High+Critical only)
About “Cross-Site Request Forgery (CSRF)”
A curated feed of “Cross-Site Request Forgery (CSRF)”-related CVEs appears below. We currently track 9568 CVEs for this tag (all time). In the last 365 days, 1403 were published. Average CVSS is 6.4 (all time; 5.6 over 365d), and 37% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-352 - Cross-Site Request Forgery (CSRF), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-09-26
Medium
CVE-2025-60093
Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download Manager download-manager allows Cross Site Request Forgery.This issue affects Download Manager: from n/a through <= 3.3.24.
Medium
CVE-2025-58914
Cross-Site Request Forgery (CSRF) vulnerability in Di Themes Di Themes Demo Site Importer di-themes-demo-site-importer allows Cross Site Request Forgery.This issue affects Di Themes Demo Site Importe…
Medium
CVE-2025-10377
The System Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.20. This is due to missing nonce validation on the sd_toggle_logs() fun…
Medium
CVE-2025-10752
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.26.12. This is due to using a predictable state…
2025-09-25
Critical
CVE-2025-59841
Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation. Authenticated users can continue to acc…
Critical
CVE-2025-59832
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user…
2025-09-23
Medium
CVE-2025-56311
In Shenzhen C-Data Technology Co. FD602GW-DX-R410 (firmware v2.2.14), the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint (/boaform/admin/formReboot). An…
2025-09-22
High
CVE-2025-59572
Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core allows Cross Site Request Forgery.This issue affects WorkScout-Core: from n/a through < 1.7.06.
Medium
CVE-2025-59568
Cross-Site Request Forgery (CSRF) vulnerability in Zoho Flow Zoho Flow zoho-flow allows Cross Site Request Forgery.This issue affects Zoho Flow: from n/a through <= 2.14.1.
High
CVE-2025-58956
Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System wp-attractive-donations-system-easy-stripe-paypal-donations allows Stored XSS.This issue affects WP Attractive…
High
CVE-2025-58690
Cross-Site Request Forgery (CSRF) vulnerability in ptibogxiv Doliconnect doliconnect allows Stored XSS.This issue affects Doliconnect: from n/a through <= 9.5.7.
High
CVE-2025-58688
Cross-Site Request Forgery (CSRF) vulnerability in Casengo Casengo Live Chat Support the-casengo-chat-widget allows Stored XSS.This issue affects Casengo Live Chat Support: from n/a through <= 2.1.4.
High
CVE-2025-58687
Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Current Age Plugin current-age allows Stored XSS.This issue affects Current Age Plugin: from n/a through <= 1.6.
High
CVE-2025-58677
Cross-Site Request Forgery (CSRF) vulnerability in puravida1976 ShrinkTheWeb (STW) Website Previews shrinktheweb-website-preview-plugin allows Stored XSS.This issue affects ShrinkTheWeb (STW) Website…
High
CVE-2025-58676
Cross-Site Request Forgery (CSRF) vulnerability in extendyourweb HORIZONTAL SLIDER horizontal-slider allows Stored XSS.This issue affects HORIZONTAL SLIDER: from n/a through <= 2.4.
Medium
CVE-2025-58675
Cross-Site Request Forgery (CSRF) vulnerability in tryinteract Interact: Embed A Quiz On Your Site interact-quiz-embed allows Cross Site Request Forgery.This issue affects Interact: Embed A Quiz On Y…
High
CVE-2025-58670
Cross-Site Request Forgery (CSRF) vulnerability in Shankaranand Maurya WP Content Protection wp-content-protection allows Stored XSS.This issue affects WP Content Protection: from n/a through <= 1.3.
High
CVE-2025-58657
Cross-Site Request Forgery (CSRF) vulnerability in EdwardBock Grid grid allows Stored XSS.This issue affects Grid: from n/a through <= 2.3.1.
High
CVE-2025-58270
Cross-Site Request Forgery (CSRF) vulnerability in NIX Solutions Ltd NIX Anti-Spam Light nix-anti-spam-light allows Cross Site Request Forgery.This issue affects NIX Anti-Spam Light: from n/a through…
High
CVE-2025-58268
Cross-Site Request Forgery (CSRF) vulnerability in WPMK WPMK PDF Generator wpmk-pdf-generator allows Stored XSS.This issue affects WPMK PDF Generator: from n/a through <= 1.0.1.
High
CVE-2025-58267
Cross-Site Request Forgery (CSRF) vulnerability in Aftabul Islam Stock Message stock-message allows Stored XSS.This issue affects Stock Message: from n/a through <= 1.1.0.
High
CVE-2025-58262
Cross-Site Request Forgery (CSRF) vulnerability in WPDirectoryKit Sweet Energy Efficiency sweet-energy-efficiency allows Stored XSS.This issue affects Sweet Energy Efficiency: from n/a through <= 1.0…
High
CVE-2025-58261
Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc Mavis HTTPS to HTTP Redirection mavis-https-to-http-redirect allows Stored XSS.This issue affects Mavis HTTPS to HTTP Re…
High
CVE-2025-58259
Cross-Site Request Forgery (CSRF) vulnerability in scriptsbundle Nokri nokri allows Cross Site Request Forgery.This issue affects Nokri: from n/a through <= 1.6.4.
Critical
CVE-2025-58255
Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images custom-post-types-image allows Code Injection.This issue affects Custom Post Type Images: from n/a through <= 0.5.
High
CVE-2025-58250
Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo fingo allows Authentication Bypass.This issue affects Findgo: from n/a through <= 1.3.55.
High
CVE-2025-58244
Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo constructo allows Object Injection.This issue affects Constructo: from n/a through <= 4.3.9.
Medium
CVE-2025-58236
Cross-Site Request Forgery (CSRF) vulnerability in Mayo Moriyama Force Update Translations force-update-translations allows Cross Site Request Forgery.This issue affects Force Update Translations: fr…
Medium
CVE-2025-58224
Cross-Site Request Forgery (CSRF) vulnerability in Printeers Printeers Print & Ship allows Cross Site Request Forgery. This issue affects Printeers Print & Ship: from n/a through 1.17.0.
Medium
CVE-2025-58219
Cross-Site Request Forgery (CSRF) vulnerability in LIJE Show Pages List show-pages-list allows Cross Site Request Forgery.This issue affects Show Pages List: from n/a through <= 1.2.0.
Medium
CVE-2025-58200
Cross-Site Request Forgery (CSRF) vulnerability in Bage Flexible FAQ flexible-faq allows Cross Site Request Forgery.This issue affects Flexible FAQ: from n/a through <= 0.2.
Medium
CVE-2025-58199
Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly fastly allows Cross Site Request Forgery.This issue affects Fastly: from n/a through <= 1.2.28.
Medium
CVE-2025-58032
Cross-Site Request Forgery (CSRF) vulnerability in Bytes.co WP Compiler wp-compiler allows Cross Site Request Forgery.This issue affects WP Compiler: from n/a through <= 1.0.0.
Medium
CVE-2025-58014
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.64.
High
CVE-2025-58013
Cross-Site Request Forgery (CSRF) vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through <= 4.5.0.
Medium
CVE-2025-58010
Cross-Site Request Forgery (CSRF) vulnerability in straightvisions GmbH SV Proven Expert sv-provenexpert allows Cross Site Request Forgery.This issue affects SV Proven Expert: from n/a through <= 2.0…
Medium
CVE-2025-57992
Cross-Site Request Forgery (CSRF) vulnerability in InterServer Mail Baby SMTP mail-baby-smtp allows Cross Site Request Forgery.This issue affects Mail Baby SMTP: from n/a through <= 2.8.
Medium
CVE-2025-57983
Cross-Site Request Forgery (CSRF) vulnerability in Damian BP Disable Activation Reloaded bp-disable-activation-reloaded allows Accessing Functionality Not Properly Constrained by ACLs.This issue affe…
Medium
CVE-2025-57978
Cross-Site Request Forgery (CSRF) vulnerability in themespride Advanced Appointment Booking & Scheduling advanced-appointment-booking-scheduling allows Cross Site Request Forgery.This issue affects A…
High
CVE-2025-57977
Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible PDF Invoices for WooCommerce & WordPress flexible-invoices allows Cross Site Request Forgery.This issue affects Flexible PDF Invoice…
Medium
CVE-2025-57970
Cross-Site Request Forgery (CSRF) vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Cross Site Request Forgery.This issue affects SALESmanago & Leadoo: from n/a through <= 3.8.1.
Medium
CVE-2025-57960
Cross-Site Request Forgery (CSRF) vulnerability in TravelMap Travel Map travelmap-blog allows Cross Site Request Forgery.This issue affects Travel Map: from n/a through <= 1.0.3.
Medium
CVE-2025-57946
Cross-Site Request Forgery (CSRF) vulnerability in Loc Bui payOS payos allows Cross Site Request Forgery.This issue affects payOS: from n/a through <= 1.0.73.
Medium
CVE-2025-57942
Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Emergency Password Reset emergency-password-reset allows Cross Site Request Forgery.This issue affects Emergency Password Reset: from n/a…
Medium
CVE-2025-57934
Cross-Site Request Forgery (CSRF) vulnerability in Aurélien LWS LWS Affiliation lws-affiliation allows Cross Site Request Forgery.This issue affects LWS Affiliation: from n/a through <= 2.3.6.
Medium
CVE-2025-57933
Cross-Site Request Forgery (CSRF) vulnerability in piotnetdotcom Piotnet Forms piotnetforms allows Cross Site Request Forgery.This issue affects Piotnet Forms: from n/a through <= 1.0.30.
Medium
CVE-2025-57930
Cross-Site Request Forgery (CSRF) vulnerability in kanwei_doublethedonation Double the Donation double-the-donation allows Cross Site Request Forgery.This issue affects Double the Donation: from n/a…
Medium
CVE-2025-57927
Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Dashboard Notepad dashboard-notepad allows Cross Site Request Forgery.This issue affects Dashboard Notepad: from n/a through <= 1.42.
Medium
CVE-2025-57924
Cross-Site Request Forgery (CSRF) vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6.
High
CVE-2025-57918
Cross-Site Request Forgery (CSRF) vulnerability in ERA404 LinkedInclude linkedinclude allows Stored XSS.This issue affects LinkedInclude: from n/a through <= 3.0.4.
Medium
CVE-2025-57915
Cross-Site Request Forgery (CSRF) vulnerability in César Martín TOCHAT.BE tochat-be allows Cross Site Request Forgery.This issue affects TOCHAT.BE: from n/a through <= 1.3.4.
Medium
CVE-2025-57914
Cross-Site Request Forgery (CSRF) vulnerability in Matat Technologies Deliver via Shipos for WooCommerce wc-shipos-delivery allows Cross Site Request Forgery.This issue affects Deliver via Shipos for…
Medium
CVE-2025-57905
Cross-Site Request Forgery (CSRF) vulnerability in Amin Y AgreeMe Checkboxes For WooCommerce agreeme-checkboxes-for-woocommerce allows Cross Site Request Forgery.This issue affects AgreeMe Checkboxes…
Medium
CVE-2025-57902
Cross-Site Request Forgery (CSRF) vulnerability in Md Taufiqur Rahman RIS Version Switcher – Downgrade or Upgrade WP Versions Easily ris-version-switcher allows Cross Site Request Forgery.This issue…
Medium
CVE-2025-53456
Cross-Site Request Forgery (CSRF) vulnerability in activewebsight SEO Backlink Monitor seo-backlink-monitor allows Cross Site Request Forgery.This issue affects SEO Backlink Monitor: from n/a through…
Medium
CVE-2025-53451
Cross-Site Request Forgery (CSRF) vulnerability in mihdan Mihdan: No External Links mihdan-no-external-links allows Cross Site Request Forgery.This issue affects Mihdan: No External Links: from n/a t…
2025-09-21
Medium
CVE-2025-10759
A vulnerability was detected in Webkul QloApps up to 1.7.0. This affects an unknown function of the component CSRF Token Handler. Performing manipulation of the argument token results in authorizatio…
2025-09-20
Medium
CVE-2025-9887
The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in…
Medium
CVE-2025-9883
The Browser Sniff plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on a function. This…
Medium
CVE-2025-9882
The osTicket WP Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on a function…
Medium
CVE-2025-9949
The Internal Links Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the li…
2025-09-19
Medium
CVE-2025-43809
Cross-Site Request Forgery (CSRF) vulnerability in the server (license) registration page in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through…
2025-09-18
High
CVE-2025-50255
Cross Site Request Forgery (CSRF) vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request.
2025-09-17
Medium
CVE-2025-54390
A Cross-Site Request Forgery (CSRF) vulnerability exists in the ResetPasswordRequest operation of Zimbra Collaboration (ZCS) when the zimbraFeatureResetPasswordStatus attribute is enabled. An attacke…
Medium
CVE-2025-10188
The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce valid…
Medium
CVE-2025-9891
The User Sync – Remote User Sync plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on…
Medium
CVE-2025-9629
The USS Upyun plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on the uss_setting_pag…
2025-09-15
High
CVE-2025-56710
A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2.0. This flaw allows an attacker to trick authentic…
2025-09-12
Medium
CVE-2025-9881
The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on a function.…
Medium
CVE-2025-9880
The Side Slide Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a fu…
2025-09-11
Medium
CVE-2025-9635
The Analytics Reduce Bounce Rate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on th…
Medium
CVE-2025-9634
The Plugin updates blocker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the pub_…
Medium
CVE-2025-9633
The LH Signing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.83. This is due to missing or incorrect nonce validation on the plugin_options…
Medium
CVE-2025-9632
The PhpList Subber plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the bulk_action_…
Medium
CVE-2025-9631
The AutoCatSet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.4. This is due to missing or incorrect nonce validation on the autocatset_aja…
Medium
CVE-2025-9628
The The integration of the AMO.CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation o…
Medium
CVE-2025-9627
The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirl_plugin_opti…
Medium
CVE-2025-9623
The Admin in English with Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on th…
Medium
CVE-2025-9620
The Seo Monster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.3. This is due to missing or incorrect nonce validation on the check_integra…
Medium
CVE-2025-9617
The Publish approval plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the publish_sa…
Medium
CVE-2025-8481
The Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.1.7. This is due to missing or incorrect nonce va…
Medium
CVE-2025-8479
The Zoho Flow plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.14.1. This is due to missing or incorrect nonce validation on the zoho_flow_deactiva…
2025-09-10
Medium
CVE-2025-9888
The Maspik – Ultimate Spam Protection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.6. This is due to missing or incorrect nonce validatio…
Medium
CVE-2025-9622
The WP Blast | SEO & Performance Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.6. This is due to missing or incorrect nonce valida…
2025-09-09
Medium
CVE-2025-58430
listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and including 1.1.0, every http request in addition to the session cookie `session` there included `nonce…
High
CVE-2025-54256
Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in arbitrary code execution in the context of the current user. Explo…
Critical
CVE-2025-58997
Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow mow allows Code Injection.This issue affects Mow: from n/a through <= 4.10.
High
CVE-2025-58991
Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4.
Medium
CVE-2025-58975
Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Cross Site Request Forgery.This issue affects Advanced Settings: from n/a through <= 3.1.1.
Medium
CVE-2025-8711
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed…
High
CVE-2025-55147
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed…
Medium
CVE-2025-42923
Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact…
2025-09-08
Low
CVE-2024-48341
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addShop
2025-09-06
High
CVE-2025-7040
The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_settings' action of the csso_handle_actions() fun…
2025-09-05
High
CVE-2025-48104
Cross-Site Request Forgery (CSRF) vulnerability in ericzane Floating Window Music Player floating-window-music-player allows Stored XSS.This issue affects Floating Window Music Player: from n/a throu…
Medium
CVE-2025-27003
Cross-Site Request Forgery (CSRF) vulnerability in fullworks Quick Paypal Payments quick-paypal-payments allows Cross Site Request Forgery.This issue affects Quick Paypal Payments: from n/a through <…
Medium
CVE-2025-58878
Cross-Site Request Forgery (CSRF) vulnerability in usamafarooq Woocommerce Gifts Product woo-gift-product allows Cross Site Request Forgery.This issue affects Woocommerce Gifts Product: from n/a thro…
Medium
CVE-2025-58869
Cross-Site Request Forgery (CSRF) vulnerability in Simasicher SimaCookie simasicher-dsgvo-cookie allows Stored XSS.This issue affects SimaCookie: from n/a through <= 1.3.2.
Medium
CVE-2025-58865
Cross-Site Request Forgery (CSRF) vulnerability in reimund Compact Admin compact-admin allows Cross Site Request Forgery.This issue affects Compact Admin: from n/a through <= 1.3.3.
High
CVE-2025-58861
Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Stored XSS.This issue affects Quick Event Calendar: from n/a through <= 1.4.9.
High
CVE-2025-58860
Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Enable Latex enable-latex allows Stored XSS.This issue affects Enable Latex: from n/a through <= 1.2.16.
High
CVE-2025-58859
Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Add to Feedly add-to-feedly allows Stored XSS.This issue affects Add to Feedly: from n/a through <= 1.2.11.
Medium
CVE-2025-58856
Cross-Site Request Forgery (CSRF) vulnerability in ablancodev Woocommerce Notify Updated Product woocommerce-notify-updated-product allows Stored XSS.This issue affects Woocommerce Notify Updated Pro…
High
CVE-2025-58854
Cross-Site Request Forgery (CSRF) vulnerability in Samer Bechara Ultimate AJAX Login ultimate-ajax-login allows Reflected XSS.This issue affects Ultimate AJAX Login: from n/a through <= 1.2.1.
High
CVE-2025-58853
Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Reflected XSS.This issue affects Popping Sidebars and Widgets…
High
CVE-2025-58852
Cross-Site Request Forgery (CSRF) vulnerability in Mark O'Donnell MSTW League Manager mstw-league-manager allows Stored XSS.This issue affects MSTW League Manager: from n/a through <= 2.10.
High
CVE-2025-58849
Cross-Site Request Forgery (CSRF) vulnerability in Deepak S Hide Real Download Path hide-real-download-path allows Stored XSS.This issue affects Hide Real Download Path: from n/a through <= 1.6.
High
CVE-2025-58848
Cross-Site Request Forgery (CSRF) vulnerability in aakash1911 WP likes wp-likes allows Reflected XSS.This issue affects WP likes: from n/a through <= 3.1.1.
High
CVE-2025-58847
Cross-Site Request Forgery (CSRF) vulnerability in Yaidier WN Flipbox Pro wn-flipbox-pro allows Reflected XSS.This issue affects WN Flipbox Pro: from n/a through <= 2.1.
High
CVE-2025-58846
Cross-Site Request Forgery (CSRF) vulnerability in Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule buffer-my-post allows Reflected XSS.Thi…
High
CVE-2025-58845
Cross-Site Request Forgery (CSRF) vulnerability in ChrisHurst Bulk Watermark bulk-watermark allows Reflected XSS.This issue affects Bulk Watermark: from n/a through <= 1.6.10.
High
CVE-2025-58844
Cross-Site Request Forgery (CSRF) vulnerability in Subhash Kumar Database to Excel database-to-excel allows Stored XSS.This issue affects Database to Excel: from n/a through <= 1.0.
High
CVE-2025-58843
Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Auto Last Youtube Video auto-last-youtube-video allows Stored XSS.This issue affects Auto Last Youtube Video: from n/a through <= 1.0.…
High
CVE-2025-58833
Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity MyGLS connect invelity-mygls-connect allows Object Injection.This issue affects Invelity MyGLS connect: from n/a through <= 1.1.1.
Medium
CVE-2025-58831
Cross-Site Request Forgery (CSRF) vulnerability in snagysandor Parallax Scrolling Enllax.js parallax-scrolling-enllax-js allows Cross Site Request Forgery.This issue affects Parallax Scrolling Enllax…
Medium
CVE-2025-58818
Cross-Site Request Forgery (CSRF) vulnerability in SwiftNinjaPro Developer Tools Blocker swiftninjapro-inspect-element-console-blocker allows Cross Site Request Forgery.This issue affects Developer T…
High
CVE-2025-58809
Cross-Site Request Forgery (CSRF) vulnerability in Nick Ciske To Lead For Salesforce salesforce-wordpress-to-lead allows Reflected XSS.This issue affects To Lead For Salesforce: from n/a through <= 2…
High
CVE-2025-58807
Cross-Site Request Forgery (CSRF) vulnerability in Dsingh Purge Varnish Cache purge-varnish allows Stored XSS.This issue affects Purge Varnish Cache: from n/a through <= 2.6.
High
CVE-2025-58806
Cross-Site Request Forgery (CSRF) vulnerability in Tom Longridge WordPress Error Monitoring by Bugsnag bugsnag allows Stored XSS.This issue affects WordPress Error Monitoring by Bugsnag: from n/a thr…