Total
8517 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31814 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in OwnerRez OwnerRez allows Cross Site Request Forgery. This issue affects OwnerRez: from n/a through 1.2.0. | ||||
| CVE-2024-38344 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| A cross-site request forgery vulnerability exists in WP Tweet Walls versions prior to 1.0.4. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintended operations on the WordPress site. | ||||
| CVE-2025-46462 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Trân Minh-Quân WPVN allows Cross Site Request Forgery. This issue affects WPVN: from n/a through 0.7.8. | ||||
| CVE-2025-23801 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Guy Style Admin allows Stored XSS.This issue affects Style Admin: from n/a through 1.4.3. | ||||
| CVE-2024-54421 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Sanjay Singh Negi Floating Video Player allows Stored XSS.This issue affects Floating Video Player: from n/a through 1.0. | ||||
| CVE-2024-7422 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| The Theme My Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.1.7. This is due to missing or incorrect nonce validation on the tml_admin_save_ms_settings() function. This makes it possible for unauthenticated attackers to update the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please note that this only affects multi-site instances. | ||||
| CVE-2024-48048 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in WSIFY – Sales can fly Wsify Widget allows Stored XSS.This issue affects Wsify Widget: from n/a through 1.0. | ||||
| CVE-2025-23805 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in SEOReseller Team SEOReseller Partner allows Cross Site Request Forgery.This issue affects SEOReseller Partner: from n/a through 1.3.15. | ||||
| CVE-2024-33680 | 1 Mainwp | 1 Mainwp Child Reports | 2025-07-12 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1. | ||||
| CVE-2025-25152 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in LukaszWiecek Smart DoFollow allows Stored XSS. This issue affects Smart DoFollow: from n/a through 1.0.2. | ||||
| CVE-2024-56206 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Amarjeet Amar allows Authentication Bypass.This issue affects gap-hub-user-role: from n/a through 3.4.1. | ||||
| CVE-2024-32096 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in DAEV.Tech WP Migration Plugin DB & Files – WP Synchro.This issue affects WP Migration Plugin DB & Files – WP Synchro: from n/a through 1.11.2. | ||||
| CVE-2025-32500 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Sudavar Codescar Radio Widget allows Stored XSS. This issue affects Codescar Radio Widget: from n/a through 0.4.2. | ||||
| CVE-2025-49439 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in mariusz88atelierweb Atelier Create CV allows Cross Site Request Forgery. This issue affects Atelier Create CV: from n/a through 1.1.2. | ||||
| CVE-2024-32437 | 2 Implecode, Wordpress | 2 Ecommerce Product Catalog, Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in impleCode eCommerce Product Catalog.This issue affects eCommerce Product Catalog: from n/a through 3.3.28. | ||||
| CVE-2025-31388 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in doa The World allows Stored XSS. This issue affects The World: from n/a through 0.4. | ||||
| CVE-2025-23803 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in PQINA Snippy allows Reflected XSS. This issue affects Snippy: from n/a through 1.4.1. | ||||
| CVE-2025-22582 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Scott Nellé Uptime Robot allows Stored XSS.This issue affects Uptime Robot: from n/a through 0.1.3. | ||||
| CVE-2025-30980 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link allows Cross Site Request Forgery. This issue affects Simple Keyword to Link: from n/a through 1.5. | ||||
| CVE-2025-46457 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in digontoahsan Wp Custom CMS Block allows Stored XSS. This issue affects Wp Custom CMS Block: from n/a through 2.1. | ||||