Total
8818 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48351 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in PluginsPoint Kento Splash Screen allows Stored XSS. This issue affects Kento Splash Screen: from n/a through 1.4. | ||||
| CVE-2025-48320 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in cuckoohello 百度分享按钮 allows Stored XSS. This issue affects 百度分享按钮: from n/a through 1.0.6. | ||||
| CVE-2025-7812 | 2025-08-29 | 8.8 High | ||
| The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.6. This is due to missing or incorrect nonce validation on the adminExport() function. This makes it possible for unauthenticated attackers to update settings and execute remote code when the Server command execution setting is enabled via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-48321 | 2025-08-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in dyiosah Ultimate twitter profile widget allows Stored XSS. This issue affects Ultimate twitter profile widget: from n/a through 1.0. | ||||
| CVE-2025-49040 | 2 Backupbolt, Wordpress | 2 Backup Bolt, Wordpress | 2025-08-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through 1.4.1. | ||||
| CVE-2025-48311 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in OffClicks Invisible Optin allows Stored XSS. This issue affects Invisible Optin: from n/a through 1.0. | ||||
| CVE-2025-48307 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao SEO For Images allows Stored XSS. This issue affects SEO For Images: from n/a through 1.0.0. | ||||
| CVE-2025-48343 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Aaron Axelsen WPMU Ldap Authentication allows Stored XSS. This issue affects WPMU Ldap Authentication: from n/a through 5.0.1. | ||||
| CVE-2025-48353 | 2025-08-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in dactum Clickbank WordPress Plugin (Niche Storefront) allows Stored XSS. This issue affects Clickbank WordPress Plugin (Niche Storefront): from n/a through 1.3.5. | ||||
| CVE-2025-48310 | 2 Wordpress, Wptableeditor | 2 Wordpress, Table Editor | 2025-08-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in wptableeditor Table Editor allows Cross Site Request Forgery. This issue affects Table Editor: from n/a through 1.6.4. | ||||
| CVE-2025-48309 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in web-able BetPress allows Stored XSS. This issue affects BetPress: from n/a through 1.0.1 Lite. | ||||
| CVE-2025-48308 | 2025-08-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in nonletter Newsletter subscription optin module allows Stored XSS. This issue affects Newsletter subscription optin module: from n/a through 1.2.9. | ||||
| CVE-2025-48318 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in shen2 多说社会化评论框 allows Cross Site Request Forgery. This issue affects 多说社会化评论框: from n/a through 1.2. | ||||
| CVE-2025-48304 | 2025-08-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes Google XML News Sitemap plugin allows Stored XSS. This issue affects Google XML News Sitemap plugin: from n/a through 0.02. | ||||
| CVE-2025-48306 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in developers savyour Savyour Affiliate Partner allows Stored XSS. This issue affects Savyour Affiliate Partner: from n/a through 2.1.4. | ||||
| CVE-2025-48359 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in thaihavnn07 ATT YouTube Widget allows Stored XSS. This issue affects ATT YouTube Widget: from n/a through 1.0. | ||||
| CVE-2025-58217 | 2025-08-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov Instant Breaking News allows Stored XSS. This issue affects Instant Breaking News: from n/a through 1.0. | ||||
| CVE-2025-48109 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Xavier Media XM-Backup allows Stored XSS. This issue affects XM-Backup: from n/a through 0.9.1. | ||||
| CVE-2025-1891 | 1 Qzw1210 | 1 Shishuocms | 2025-08-28 | 4.3 Medium |
| A vulnerability was found in shishuocms 1.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-31688 | 1 Nuvole | 1 Configuration Split | 2025-08-28 | 6.8 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Configuration Split allows Cross Site Request Forgery.This issue affects Configuration Split: from 0.0.0 before 1.10.0, from 2.0.0 before 2.0.2. | ||||