Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23900 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Genkisan Genki Announcement allows Cross Site Request Forgery.This issue affects Genki Announcement: from n/a through 1.4.1. | ||||
| CVE-2025-23901 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Oliver Schaal GravatarLocalCache allows Cross Site Request Forgery.This issue affects GravatarLocalCache: from n/a through 1.1.2. | ||||
| CVE-2025-23922 | 2025-01-17 | 10 Critical | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through 1.0. | ||||
| CVE-2025-23800 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in David Hamilton OrangeBox allows Cross Site Request Forgery.This issue affects OrangeBox: from n/a through 3.0.0. | ||||
| CVE-2025-23797 | 2025-01-17 | 9.8 Critical | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through 1.1. | ||||
| CVE-2025-23804 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Shiv Prakash Tiwari WP Service Payment Form With Authorize.net allows Reflected XSS.This issue affects WP Service Payment Form With Authorize.net: from n/a through 2.6.0. | ||||
| CVE-2025-23820 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Laxman Thapa Content Security Policy Pro allows Cross Site Request Forgery.This issue affects Content Security Policy Pro: from n/a through 1.3.5. | ||||
| CVE-2025-23832 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Matt Gibbs Admin Cleanup allows Stored XSS.This issue affects Admin Cleanup: from n/a through 1.0.2. | ||||
| CVE-2025-23821 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Aleapp WP Cookies Alert allows Cross Site Request Forgery.This issue affects WP Cookies Alert: from n/a through 1.1.1. | ||||
| CVE-2025-23823 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in jprintf CNZZ&51LA for WordPress allows Cross Site Request Forgery.This issue affects CNZZ&51LA for WordPress: from n/a through 1.0.1. | ||||
| CVE-2025-23844 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wellwisher Custom Widget Classes allows Cross Site Request Forgery.This issue affects Custom Widget Classes: from n/a through 1.1. | ||||
| CVE-2023-27387 | 2 Especmic, Tandd | 20 Rs-12n, Rs-12n Firmware, Rt-12n and 17 more | 2025-01-17 | 8.8 High |
| Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | ||||
| CVE-2025-23793 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Auto FTP allows Stored XSS. This issue affects Auto FTP: from n/a through 1.0.1. | ||||
| CVE-2024-1315 | 1 Radiustheme | 1 Classified Listing | 2025-01-17 | 8.8 High |
| The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the 'rtcl_update_user_account' function. This makes it possible for unauthenticated attackers to change the administrator user's password and email address via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This locks the administrator out of the site and prevents them from resetting their password, while granting the attacker access to their account. | ||||
| CVE-2025-23815 | 2025-01-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in linickx root Cookie allows Cross Site Request Forgery. This issue affects root Cookie: from n/a through 1.6. | ||||
| CVE-2024-1407 | 1 Strangerstudios | 1 Paid Memberships Pro | 2025-01-17 | 5.4 Medium |
| The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to subscribe to, modify, or cancel membership for a user via a forged request granted they can trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-3215 | 1 Strangerstudios | 1 Paid Memberships Pro | 2025-01-17 | 5.3 Medium |
| The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the pmpro_update_level_group_order() function. This makes it possible for unauthenticated attackers to update order levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2022-4621 | 1 Panasonic | 10 Vcc-hd2100p, Vcc-hd2100p Firmware, Vcc-hd3100p and 7 more | 2025-01-16 | 7.5 High |
| Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges. | ||||
| CVE-2022-45127 | 1 Sewio | 1 Real-time Location System Studio | 2025-01-16 | 8.1 High |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary backup operations and cause a denial-of-service condition. | ||||
| CVE-2022-47395 | 1 Sewio | 1 Real-time Location System Studio | 2025-01-16 | 8.1 High |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its monitor services. An attacker could take advantage of this vulnerability to execute arbitrary maintenance operations and cause a denial-of-service condition. | ||||