Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23436 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Capa Wp-Scribd-List allows Stored XSS.This issue affects Wp-Scribd-List: from n/a through 1.2. | ||||
| CVE-2025-23455 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in mastersoftwaresolutions WP VTiger Synchronization allows Stored XSS.This issue affects WP VTiger Synchronization: from n/a through 1.1.1. | ||||
| CVE-2025-23430 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Oren Yomtov Mass Custom Fields Manager allows Reflected XSS.This issue affects Mass Custom Fields Manager: from n/a through 1.5. | ||||
| CVE-2025-23445 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Scott Swezey Easy Tynt allows Cross Site Request Forgery.This issue affects Easy Tynt: from n/a through 0.2.5.1. | ||||
| CVE-2025-23426 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Wizcrew Technologies go Social allows Stored XSS.This issue affects go Social: from n/a through 1.0. | ||||
| CVE-2025-23424 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Brian Novotny – Creative Software Design Solutions Marquee Style RSS News Ticker allows Cross Site Request Forgery.This issue affects Marquee Style RSS News Ticker: from n/a through 3.2.0. | ||||
| CVE-2025-23471 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Andy Chapman ECT Add to Cart Button allows Stored XSS.This issue affects ECT Add to Cart Button: from n/a through 1.4. | ||||
| CVE-2024-0588 | 1 Strangerstudios | 1 Paid Memberships Pro | 2025-01-17 | 4.3 Medium |
| The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This makes it possible for unauthenticated attackers to enable the streamline setting with Lifter LMS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-23435 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in David Marcucci Password Protect Plugin for WordPress allows Stored XSS.This issue affects Password Protect Plugin for WordPress: from n/a through 0.8.1.0. | ||||
| CVE-2025-23501 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in SpruceJoy Cookie Consent & Autoblock for GDPR/CCPA allows Stored XSS.This issue affects Cookie Consent & Autoblock for GDPR/CCPA: from n/a through 1.0.1. | ||||
| CVE-2025-23508 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in EdesaC Extra Options – Favicons allows Stored XSS.This issue affects Extra Options – Favicons: from n/a through 1.1.0. | ||||
| CVE-2025-23499 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier Board Election allows Stored XSS.This issue affects Board Election: from n/a through 1.0.1. | ||||
| CVE-2025-23513 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Joshua Wieczorek Bible Embed allows Stored XSS.This issue affects Bible Embed: from n/a through 0.0.4. | ||||
| CVE-2025-23533 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Adrian Moreno WP Lyrics allows Stored XSS.This issue affects WP Lyrics: from n/a through 0.4.1. | ||||
| CVE-2025-23530 | 2025-01-17 | 8.8 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg of Social Ink Custom Post Type Lockdown allows Privilege Escalation.This issue affects Custom Post Type Lockdown: from n/a through 1.11. | ||||
| CVE-2025-23511 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Viktoria Rei Bauer WP-BlackCheck allows Stored XSS.This issue affects WP-BlackCheck: from n/a through 2.7.2. | ||||
| CVE-2025-23510 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Zaantar WordPress Logging Service allows Stored XSS.This issue affects WordPress Logging Service: from n/a through 1.5.4. | ||||
| CVE-2025-23537 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Oren hahiashvili add custom google tag manager allows Stored XSS.This issue affects add custom google tag manager: from n/a through 1.0.3. | ||||
| CVE-2025-23558 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in digfish Geotagged Media allows Stored XSS.This issue affects Geotagged Media: from n/a through 0.3.0. | ||||
| CVE-2025-23532 | 2025-01-17 | 8.8 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Regios MyAnime Widget allows Privilege Escalation.This issue affects MyAnime Widget: from n/a through 1.0. | ||||