Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27332 | 2025-02-24 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in gmnazmul Smart Maintenance & Countdown allows Stored XSS. This issue affects Smart Maintenance & Countdown: from n/a through 1.2. | ||||
| CVE-2025-27335 | 2025-02-24 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Free plug in by SEO Roma Auto Tag Links allows Cross Site Request Forgery. This issue affects Auto Tag Links: from n/a through 1.0.13. | ||||
| CVE-2025-27344 | 2025-02-24 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in filipstepanov Phee's LinkPreview allows Cross Site Request Forgery. This issue affects Phee's LinkPreview: from n/a through 1.6.7. | ||||
| CVE-2025-27276 | 2025-02-24 | 8.8 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Photo Gallery ( Responsive ) allows Privilege Escalation. This issue affects Photo Gallery ( Responsive ): from n/a through 4.0. | ||||
| CVE-2025-27357 | 2025-02-24 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Musa AVCI Önceki Yazı Link allows Cross Site Request Forgery. This issue affects Önceki Yazı Link: from n/a through 1.3. | ||||
| CVE-2025-27290 | 2025-02-24 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in seyyed-amir Erima Zarinpal Donate allows Cross Site Request Forgery. This issue affects Erima Zarinpal Donate: from n/a through 1.0. | ||||
| CVE-2025-27353 | 2025-02-24 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Bob Namaste! LMS allows Cross Site Request Forgery. This issue affects Namaste! LMS: from n/a through 2.6.5. | ||||
| CVE-2025-27355 | 2025-02-24 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Nicolas GRILLET Woocommerce – Loi Hamon allows Stored XSS. This issue affects Woocommerce – Loi Hamon: from n/a through 1.1.0. | ||||
| CVE-2025-27315 | 2025-02-24 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wptom All-In-One Cufon allows Cross Site Request Forgery. This issue affects All-In-One Cufon: from n/a through 1.3.0. | ||||
| CVE-2025-27316 | 2025-02-24 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in hosting.io JPG, PNG Compression and Optimization allows Cross Site Request Forgery. This issue affects JPG, PNG Compression and Optimization: from n/a through 1.7.35. | ||||
| CVE-2025-27318 | 2025-02-24 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ixiter Simple Google Sitemap allows Cross Site Request Forgery. This issue affects Simple Google Sitemap: from n/a through 1.6. | ||||
| CVE-2025-27321 | 2025-02-24 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Blighty Blightly Explorer allows Stored XSS. This issue affects Blightly Explorer: from n/a through 2.3.0. | ||||
| CVE-2025-27342 | 2025-02-24 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in josesan WooCommerce Recargo de Equivalencia allows Cross Site Request Forgery. This issue affects WooCommerce Recargo de Equivalencia: from n/a through 1.6.24. | ||||
| CVE-2025-27340 | 2025-02-24 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Marc F12-Profiler allows Cross Site Request Forgery. This issue affects F12-Profiler: from n/a through 1.3.9. | ||||
| CVE-2024-13555 | 1 1clickmigration | 1 1 Click Migration | 2025-02-24 | 5.3 Medium |
| The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the cancel_actions() function. This makes it possible for unauthenticated attackers to cancel a triggered backup via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-27012 | 2025-02-24 | 8.8 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows Privilege Escalation. This issue affects A1POST.BG Shipping for Woo: from n/a through 1.5.1. | ||||
| CVE-2024-13522 | 1 Magayo | 1 Magayo Lottery Results | 2025-02-24 | 6.1 Medium |
| The magayo Lottery Results plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.12. This is due to missing or incorrect nonce validation on the 'magayo-lottery-results' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2022-42070 | 1 Oretnom23 | 1 Online Birth Certificate Management System | 2025-02-24 | 8.8 High |
| Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF). | ||||
| CVE-2025-1557 | 2025-02-24 | 4.3 Medium | ||
| A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10581 | 1 Designinvento | 1 Directorypress | 2025-02-24 | 4.3 Medium |
| The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it possible for unauthenticated attackers to update listing statuses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||