Total
8582 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-28941 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ohtan Spam Byebye allows Cross Site Request Forgery. This issue affects Spam Byebye: from n/a through 2.2.4. | ||||
| CVE-2025-27792 | 2025-03-12 | N/A | ||
| Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery (CSRF) were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referrer header can be dropped from CSRF requests using `<meta name="referrer" content="never">`, effectively bypassing this protection. Version 5.1.1 contains a patch for the issue. | ||||
| CVE-2025-28881 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in mg12 Mobile Themes allows Cross Site Request Forgery. This issue affects Mobile Themes: from n/a through 1.1.1. | ||||
| CVE-2025-28883 | 2025-03-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables allows Stored XSS. This issue affects WP Compare Tables: from n/a through 1.0.5. | ||||
| CVE-2025-28886 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in xjb REST API TO MiniProgram allows Cross Site Request Forgery. This issue affects REST API TO MiniProgram: from n/a through 4.7.1. | ||||
| CVE-2025-28892 | 2025-03-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in a2rocklobster FTP Sync allows Stored XSS. This issue affects FTP Sync: from n/a through 1.1.6. | ||||
| CVE-2025-28894 | 2025-03-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in frucomerci List of Posts from each Category plugin for WordPress allows Stored XSS. This issue affects List of Posts from each Category plugin for WordPress: from n/a through 2.0. | ||||
| CVE-2025-28897 | 2025-03-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Steveorevo Domain Theme allows Stored XSS. This issue affects Domain Theme: from n/a through 1.3. | ||||
| CVE-2025-28901 | 2025-03-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Naren Members page only for logged in users allows Stored XSS. This issue affects Members page only for logged in users: from n/a through 1.4.2. | ||||
| CVE-2025-28902 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button allows Cross Site Request Forgery. This issue affects Contact Form 7 Select Box Editor Button: from n/a through 0.6. | ||||
| CVE-2025-28912 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Muntasir Rahman Custom Dashboard Page allows Cross Site Request Forgery. This issue affects Custom Dashboard Page: from n/a through 1.0. | ||||
| CVE-2025-28913 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Aftab Ali Muni WP Add Active Class To Menu Item allows Cross Site Request Forgery. This issue affects WP Add Active Class To Menu Item: from n/a through 1.0. | ||||
| CVE-2025-28922 | 2025-03-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Terence D. Go To Top allows Stored XSS. This issue affects Go To Top: from n/a through 0.0.8. | ||||
| CVE-2025-28923 | 2025-03-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in philippe No Disposable Email allows Stored XSS. This issue affects No Disposable Email: from n/a through 2.5.1. | ||||
| CVE-2025-28927 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in A. Chappard Display Template Name allows Cross Site Request Forgery. This issue affects Display Template Name: from n/a through 1.7.1. | ||||
| CVE-2025-28931 | 2025-03-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in DevriX Hashtags allows Stored XSS. This issue affects Hashtags: from n/a through 0.3.2. | ||||
| CVE-2025-28932 | 2025-03-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in BCS Website Solutions Insert Code allows Stored XSS. This issue affects Insert Code: from n/a through 2.4. | ||||
| CVE-2025-28940 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top allows Cross Site Request Forgery. This issue affects Back To Top: from n/a through 2.0. | ||||
| CVE-2024-2277 | 1 Bdtask | 1 G-prescription Gynaecology \& Obs Consultation | 2025-03-12 | 4.3 Medium |
| A vulnerability was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Setting/change_password_save of the component Password Reset Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256046 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-11640 | 1 E4jconnect | 1 Vikrentcar | 2025-03-11 | 8.8 High |
| The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugin access privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows attackers with subscriber-level privileges and above to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||