Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35730 | 1 Oceanwp | 1 Sticky Header | 2025-01-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky header plugin <= 1.0.8 on WordPress. | ||||
| CVE-2024-13709 | 2025-01-27 | 4.3 Medium | ||
| The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on the 'linear-debug'. This makes it possible for unauthenticated attackers to reset the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-24537 | 2025-01-27 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery. This issue affects The Events Calendar: from n/a through 6.7.0. | ||||
| CVE-2025-24533 | 2025-01-27 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider Responsive Slider by MetaSlider allows Cross Site Request Forgery. This issue affects Responsive Slider by MetaSlider: from n/a through 3.92.0. | ||||
| CVE-2024-56012 | 2025-01-27 | 9.8 Critical | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Pearlbells Flash News / Post (Responsive), Pearlbells Post Title (TypeWriter) allows Privilege Escalation.This issue affects Flash News / Post (Responsive): from n/a through 4.1; Post Title (TypeWriter): from n/a through 4.1. | ||||
| CVE-2023-2444 | 1 Rockwellautomation | 1 Factorytalk Vantagepoint | 2025-01-24 | 7.1 High |
| A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, the attacker could impersonate the legitimate user and send requests to the affected product. Additionally, if an attacker sends an untrusted link to a computer that is not on the same domain as the server and a user opens the FactoryTalk Vantagepoint website, enters credentials for the FactoryTalk Vantagepoint server, and clicks on the malicious link a cross site request forgery attack would be successful as well. | ||||
| CVE-2023-0763 | 1 Infigosoftware | 1 Clock In Portal- Staff \& Attendance Management | 2025-01-24 | 4.3 Medium |
| The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack | ||||
| CVE-2025-24555 | 2025-01-24 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in SubscriptionDNA.com Subscription DNA allows Stored XSS. This issue affects Subscription DNA: from n/a through 2.1. | ||||
| CVE-2025-24568 | 2025-01-24 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates allows Cross Site Request Forgery. This issue affects Starter Templates: from n/a through 4.4.9. | ||||
| CVE-2025-24561 | 2025-01-24 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ReviewsTap ReviewsTap allows Stored XSS. This issue affects ReviewsTap: from n/a through 1.1.2. | ||||
| CVE-2025-24546 | 2025-01-24 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9. | ||||
| CVE-2025-24543 | 2025-01-24 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9. | ||||
| CVE-2025-24572 | 2025-01-24 | 6.5 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search allows Cross Site Request Forgery. This issue affects WP Fast Total Search: from n/a through 1.78.258. | ||||
| CVE-2025-24562 | 2025-01-24 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Optimal Access Inc. KBucket allows Stored XSS. This issue affects KBucket: from n/a through 4.1.6. | ||||
| CVE-2025-24636 | 2025-01-24 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Laymance Technologies LLC MachForm Shortcode allows Stored XSS. This issue affects MachForm Shortcode: from n/a through 1.4.1. | ||||
| CVE-2025-24622 | 2025-01-24 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Job Board Manager allows Cross Site Request Forgery. This issue affects Job Board Manager: from n/a through 2.1.59. | ||||
| CVE-2025-24623 | 2025-01-24 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Security Really Simple SSL allows Cross Site Request Forgery. This issue affects Really Simple SSL: from n/a through 9.1.4. | ||||
| CVE-2025-24647 | 2025-01-24 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in datafeedr.com WooCommerce Cloak Affiliate Links allows Cross Site Request Forgery. This issue affects WooCommerce Cloak Affiliate Links: from n/a through 1.0.35. | ||||
| CVE-2025-24696 | 2025-01-24 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Attire Attire Blocks allows Cross Site Request Forgery. This issue affects Attire Blocks: from n/a through 1.9.6. | ||||
| CVE-2025-24720 | 2025-01-24 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons allows Cross Site Request Forgery. This issue affects Sticky Buttons: from n/a through 4.1.1. | ||||