Total
8578 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36876 | 1 Stylemixthemes | 1 Ulisting | 2025-03-28 | 5.4 Medium |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages. | ||||
| CVE-2021-36877 | 1 Stylemixthemes | 1 Ulisting | 2025-03-28 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles. | ||||
| CVE-2021-36850 | 1 Meowapps | 1 Media File Renamer - Auto \& Manual Rename | 2025-03-28 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters "post_title", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state. | ||||
| CVE-2021-36908 | 1 Webfactoryltd | 1 Wp Reset Pro | 2025-03-28 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in WebFactory Ltd. WP Reset PRO plugin <= 5.98 versions. | ||||
| CVE-2021-36887 | 1 Tarteaucitron.js - Cookies Legislation \& Gdpr Project | 1 Tarteaucitron.js - Cookies Legislation \& Gdpr | 2025-03-28 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass". | ||||
| CVE-2021-36886 | 1 Ciphercoin | 1 Contact Form 7 Database Addon | 2025-03-28 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9). | ||||
| CVE-2022-38329 | 1 Shopxian | 1 Shopxian Cms | 2025-03-28 | 4.3 Medium |
| A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to modify or delete specific content through crafted requests, potentially leading to data loss and system integrity issues. | ||||
| CVE-2024-27559 | 1 Codelyfe | 1 Stupid Simple Cms | 2025-03-28 | 6.3 Medium |
| Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /save_settings.php | ||||
| CVE-2024-27689 | 1 Codelyfe | 1 Stupid Simple Cms | 2025-03-28 | 8.8 High |
| Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-article.php. | ||||
| CVE-2022-43980 | 1 Pandorafms | 1 Pandora Fms | 2025-03-27 | 5.2 Medium |
| There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. The exploitation of this vulnerability could allow an atacker to steal the value of the admin user´s cookie. | ||||
| CVE-2022-4872 | 1 Chained Products Project | 1 Chained Products | 2025-03-27 | 4.3 Medium |
| The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no' | ||||
| CVE-2025-30923 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in powerfulwp Gift Message for WooCommerce allows Cross Site Request Forgery. This issue affects Gift Message for WooCommerce: from n/a through 1.7.8. | ||||
| CVE-2025-30912 | 2025-03-27 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Float menu allows Cross Site Request Forgery. This issue affects Float menu: from n/a through 6.1.2. | ||||
| CVE-2025-30888 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce allows Cross Site Request Forgery. This issue affects Custom Fields Account Registration For Woocommerce: from n/a through 1.1. | ||||
| CVE-2025-30872 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Nitin Prakash Product Author for WooCommerce allows Cross Site Request Forgery. This issue affects Product Author for WooCommerce: from n/a through 1.0.7. | ||||
| CVE-2025-30863 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms allows Cross Site Request Forgery. This issue affects Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.0.9. | ||||
| CVE-2025-30862 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi reCAPTCHA for all allows Cross Site Request Forgery. This issue affects reCAPTCHA for all: from n/a through 2.22. | ||||
| CVE-2025-30857 | 2025-03-27 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in PressMaximum Currency Switcher for WooCommerce allows Stored XSS. This issue affects Currency Switcher for WooCommerce: from n/a through 0.0.7. | ||||
| CVE-2025-30856 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in theme funda Custom Field For WP Job Manager allows Cross Site Request Forgery. This issue affects Custom Field For WP Job Manager: from n/a through 1.4. | ||||
| CVE-2025-30854 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Saso Serial Codes Generator and Validator with WooCommerce Support allows Cross Site Request Forgery. This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through 2.7.7. | ||||