Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-22714 | 1 Supsystic | 1 Coming Soon | 2025-01-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <= 1.7.10 versions. | ||||
| CVE-2022-47142 | 1 Mediamatic | 1 Media Library Folders | 2025-01-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions. | ||||
| CVE-2022-47609 | 1 Nicearma | 1 Dnui-delete-not-used-image | 2025-01-09 | 6.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugin <= 2.8.1 versions. | ||||
| CVE-2022-47611 | 1 Hover Image Project | 1 Hover Image | 2025-01-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m Hover Image plugin <= 1.4.1 versions. | ||||
| CVE-2022-47183 | 1 Stylist Project | 1 Stylist | 2025-01-09 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <= 0.2.6 versions. | ||||
| CVE-2024-12206 | 2025-01-09 | 4.3 Medium | ||
| The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing or incorrect nonce validation on the stm_header_builder page. This makes it possible for unauthenticated attackers to delete arbitrary headers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-12218 | 2025-01-09 | 6.1 Medium | ||
| The Woocommerce check pincode/zipcode for shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-12394 | 2025-01-09 | 6.1 Medium | ||
| The Action Network plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2022-47167 | 1 Crayon Syntax Highlighter Project | 1 Crayon Syntax Highlighter | 2025-01-08 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin <= 2.8.4 versions. | ||||
| CVE-2022-45376 | 1 Xootix | 1 Side Cart Woocommerce | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Woocommerce (Ajax) < 2.1 versions. | ||||
| CVE-2022-45079 | 1 Loginizer | 1 Loginizer | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. | ||||
| CVE-2022-45076 | 1 Webmat | 1 Flexible Elementor Panel | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WebMat Flexible Elementor Panel plugin <= 2.3.8 versions. | ||||
| CVE-2022-44739 | 1 Thingsforrestaurants | 1 Quick Restaurant Reservations | 2025-01-08 | 5.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin <= 1.5.4 versions. | ||||
| CVE-2022-41608 | 1 Asgaros | 1 Asgaros Forum | 2025-01-08 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <= 2.2.0 versions. | ||||
| CVE-2023-23797 | 1 Secondlinethemes | 1 Auto Youtube Importer | 2025-01-08 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Auto YouTube Importer plugin <= 1.0.3 versions. | ||||
| CVE-2023-25447 | 1 Inkthemes | 1 Colorway | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorWay theme <= 4.2.3 versions. | ||||
| CVE-2023-25448 | 1 Archivist Project | 1 Archivist | 2025-01-08 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions. | ||||
| CVE-2023-25472 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.3 versions. | ||||
| CVE-2023-25707 | 1 Vikwp | 1 Vikbooking Hotel Booking Engine \& Pms | 2025-01-08 | 6.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.12 versions. | ||||
| CVE-2023-23706 | 1 Miniorange | 1 Wordpress Social Login And Register \(discord\, Google\, Twitter\, Linkedin\) | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions. | ||||