Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30462 | 1 Pluginus | 1 Husky - Products Filter Professional For Woocommerce | 2025-03-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.1. | ||||
| CVE-2025-27298 | 2025-03-12 | 8.3 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in cmstactics WP Video Posts allows OS Command Injection. This issue affects WP Video Posts: from n/a through 3.5.1. | ||||
| CVE-2024-31430 | 1 Pluginus | 2 Bear - Woocommerce Bulk Editor And Products Manager Professional, Wolf - Wordpress Posts Bulk Editor And Products Manager Professional | 2025-03-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.1; BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.1. | ||||
| CVE-2022-48320 | 1 Checkmk | 1 Checkmk | 2025-03-12 | 5.4 Medium |
| Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk <= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an attacker to add new visual elements to multiple pages. | ||||
| CVE-2025-28909 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in edwardw WP No-Bot Question allows Cross Site Request Forgery. This issue affects WP No-Bot Question: from n/a through 0.1.7. | ||||
| CVE-2025-28910 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Ravinder Khurana WP Hide Admin Bar allows Cross Site Request Forgery. This issue affects WP Hide Admin Bar: from n/a through 2.0. | ||||
| CVE-2024-13774 | 1 Wpfactory | 1 Wishlist For Woocommerce | 2025-03-12 | 6.1 Medium |
| The Wishlist for WooCommerce: Multi Wishlists Per Customer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.7. This is due to missing or incorrect nonce validation on the 'save_to_multiple_wishlist' function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-27910 | 2025-03-12 | 8 High | ||
| tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request. | ||||
| CVE-2025-25927 | 2025-03-12 | 6.8 Medium | ||
| A Cross-Site Request Forgery (CSRF) in Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted GET request. | ||||
| CVE-2022-4386 | 1 Intuitive Custom Post Order Project | 1 Intuitive Custom Post Order | 2025-03-12 | 4.3 Medium |
| The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack | ||||
| CVE-2021-34167 | 1 Taogogo | 1 Taocms | 2025-03-12 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php. | ||||
| CVE-2025-28856 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in dangrossman W3Counter Free Real-Time Web Stats allows Cross Site Request Forgery. This issue affects W3Counter Free Real-Time Web Stats: from n/a through 4.1. | ||||
| CVE-2022-46797 | 1 Conversios | 1 Conversios | 2025-03-12 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin <= 5.2.3 leads to plugin settings change. | ||||
| CVE-2025-28933 | 2025-03-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in maxfoundry MaxA/B allows Stored XSS. This issue affects MaxA/B: from n/a through 2.2.2. | ||||
| CVE-2025-28941 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ohtan Spam Byebye allows Cross Site Request Forgery. This issue affects Spam Byebye: from n/a through 2.2.4. | ||||
| CVE-2025-27792 | 2025-03-12 | N/A | ||
| Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery (CSRF) were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referrer header can be dropped from CSRF requests using `<meta name="referrer" content="never">`, effectively bypassing this protection. Version 5.1.1 contains a patch for the issue. | ||||
| CVE-2025-28876 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Skrill_Team Skrill Official allows Cross Site Request Forgery. This issue affects Skrill Official: from n/a through 1.0.65. | ||||
| CVE-2025-28881 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in mg12 Mobile Themes allows Cross Site Request Forgery. This issue affects Mobile Themes: from n/a through 1.1.1. | ||||
| CVE-2025-28883 | 2025-03-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables allows Stored XSS. This issue affects WP Compare Tables: from n/a through 1.0.5. | ||||
| CVE-2025-28884 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Kumar WP Bulk Post Duplicator allows Cross Site Request Forgery. This issue affects WP Bulk Post Duplicator: from n/a through 1.2. | ||||