Total
8544 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2739 | 1 Mndpsingh287 | 1 Advanced Search | 2025-05-08 | 8.7 High |
| The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2024-6136 | 1 Tipsandtricks-hq | 1 Wp Estore | 2025-05-08 | 5.4 Medium |
| The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2022-43418 | 1 Jenkins | 1 Katalon | 2025-05-08 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2024-20255 | 1 Cisco | 1 Expressway | 2025-05-08 | 8.2 High |
| A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload. | ||||
| CVE-2024-3472 | 1 Wow-company | 1 Modal Window | 2025-05-08 | 5.9 Medium |
| The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack | ||||
| CVE-2024-3471 | 1 Wow-company | 1 Button Generator | 2025-05-08 | 3.4 Low |
| The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack | ||||
| CVE-2024-2405 | 1 Wow-company | 1 Float Menu | 2025-05-08 | 4.5 Medium |
| The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack. | ||||
| CVE-2024-12436 | 1 Marvinlabs | 1 Wp Customer Area | 2025-05-08 | 4.3 Medium |
| The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2024-12280 | 1 Marvinlabs | 1 Wp Customer Area | 2025-05-08 | 4.3 Medium |
| The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack | ||||
| CVE-2024-3481 | 1 Wow-company | 1 Counter Box | 2025-05-08 | 5.2 Medium |
| The Counter Box WordPress plugin before 1.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks | ||||
| CVE-2024-3478 | 1 Wow-company | 1 Herd Effects | 2025-05-08 | 6.1 Medium |
| The Herd Effects WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks | ||||
| CVE-2024-3477 | 1 Wow-company | 1 Popup Box | 2025-05-08 | 4.3 Medium |
| The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks | ||||
| CVE-2024-3476 | 1 Wow-company | 1 Side Menu Lite | 2025-05-08 | 8.8 High |
| The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks | ||||
| CVE-2024-3475 | 1 Wow-company | 1 Sticky Buttons | 2025-05-08 | 7.5 High |
| The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks | ||||
| CVE-2025-47491 | 2025-05-08 | 7.4 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery. This issue affects Contact Form Widget: from n/a through 1.4.6. | ||||
| CVE-2022-42199 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | 8.8 High |
| Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List. | ||||
| CVE-2025-47609 | 2025-05-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in easymebiz EasyMe Connect allows Cross Site Request Forgery. This issue affects EasyMe Connect: from n/a through 3.0.3. | ||||
| CVE-2025-47614 | 2025-05-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Chris Clark LessButtons Social Sharing and Statistics allows Cross Site Request Forgery. This issue affects LessButtons Social Sharing and Statistics: from n/a through 1.6.1. | ||||
| CVE-2025-47514 | 2025-05-08 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Eli ELI's Related Posts Footer Links and Widget allows Stored XSS. This issue affects ELI's Related Posts Footer Links and Widget: from n/a through 1.2.04.20. | ||||
| CVE-2025-47519 | 2025-05-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal Events allows Cross Site Request Forgery. This issue affects Easy PayPal Events: from n/a through 1.2.2. | ||||