Каталоги
В сервис интегрированы наиболее популярные публичных базы знаний:
- Сертификаты СЗИ - Государственный реестр сертифицированных средств защиты информации опубликованный Федеральной службой по техническому и экспортному контролю, может быть использован для контроля актуальности используемых СЗИ в организации.
- CVE уязвимости - общедоступная публичная база уязвимостей Common Vulnerabilities and Exposures (CVE). Миссия программы CVE заключается в выявлении, определении и каталогизации публично раскрываемых уязвимостей в сфере кибербезопасности. Для каждой уязвимости в каталоге существует одна запись CVE. Уязвимости обнаруживаются, затем присваиваются и публикуются организациями по всему миру, которые сотрудничают с программой CVE. Партнеры публикуют записи CVE для единообразного описания уязвимостей. Специалисты в области информационных технологий и кибербезопасности используют записи CVE, чтобы убедиться, что они обсуждают одну и ту же проблему, и координировать свои усилия по определению приоритетности и устранению уязвимостей.
- БДУ ФСТЭК уязвимости - раздел Уязвимости Банка данных уязвимостей опубликованная Федеральной службой по техническому и экспортному контролю совместно с Государственным научно-исследовательским испытательным институтом проблем технической защиты информации. Одной из целей создания банка данных угроз безопасности информации является объединение специалистов в области информационной безопасности для решения задач повышения защищенности информационных систем.
- НКЦКИ уязвимости - общедоступная публичная база уязвимостей Национального координационного центра по компьютерным инцидентам (НКЦКИ), обеспечивающего координацию деятельности субъектов КИИ по обнаружению, предупреждению, ликвидации последствий компьютерных атак и реагированию на компьютерные инциденты.
- MITRE ATT&CK – Adversarial Tactics, Techniques & Common Knowledge – Тактики, техники и общеизвестные знания о злоумышленниках. Это основанная на реальных наблюдениях база знаний компании Mitre, содержащая описание тактик, приемов и методов, используемых киберпреступниками. База создана в 2013 году и регулярно обновляется, цель – составление структурированной матрицы используемых киберпреступниками приемов, чтобы упростить задачу реагирования на киберинциденты.
- БДУ ФСТЭК и Новая БДУ ФСТЭК – раздел Угрозы Банка данных угроз, опубликованный в 2015 году Федеральной службой по техническому и экспортному контролю и Государственным научно-исследовательским испытательным институтом проблем технической защиты информации, обязателен при моделировании угроз при построении систем защиты персональных данных, критической информационной инфраструктуры, государственных информационных систем.
Каталог Справка открывает раздел документации по каталогам.
Уязвимости CVE, БДУ ФСТЭК и НКЦКИ
Каталоги CVE уязвимости, БДУ ФСТЭК уязвимости и НКЦКИ уязвимости предоставляют дополнительный контент и обогащают информацией описание уязвимостей от сканеров в модуле Технические уязвимости.
Интерфейс каталогов идентичен и содержит следующие блоки:
- Метрики:
- Найденные уязвимости – отображает количество найденных в отчетах от сканеров уязвимостей которые связаны с уязвимостями из каталога, при нажатии на виджет перенаправляет в модуль Технические уязвимости с установленным фильтром по названию каталога (тип фильтра Группа уязвимостей);
- Уязвимые хосты – отображает количество хостов на которых обнаружены уязвимости связанные с уязвимостями из каталога, при нажатии на виджет перенаправляет в модуль Технические уязвимости с установленным фильтром по названию каталога (тип фильтра Группа уязвимостей).
- Табличную часть Каталог уязвимостей:
- Фильтр по полю Идентификатор - особенностью данного фильтра является автоматический разбор текста с последующим извлечением из текста идентификаторов. Для этого необходимо вставить произвольный текст с идентификаторами в поле и добавить в фильтр через кнопку плюс;
- Табличную часть с полями для каталогов CVE и БДУ ФСТЭК:
- Идентификатор - id уязвимости в базе уязвимостей;
- Описание - текстовое описание уязвимости;
- Обнаружено - флаг, данный статус отображается если уязвимость обнаружена в отчетах о сканировании;
- CVSS - числовая оценка уязвимости согласно источнику, с указанием даты выявления уязвимости экспертами, оценка отображается цветом согласно оценке CVSS 0.1 – 3.9 Low Зеленый,
4.0 – 6.9 Medium Желтый, 7.0 – 8.9 High Оранжевый, 9.0 – 10.0 Critical Красный.
- Табличную часть с полями для каталогов CVE :
- Дата бюллетеня - информация о дате публикации бюллетеня содержащего уязвимости;
- Идентификатор - id уязвимости в базе уязвимостей;
- Информация - текстовое описание уязвимости;
- Вектор атаки - локальный или сетевой вектор атаки;
- Обнаружено - флаг, данный статус отображается если уязвимость обнаружена в отчетах о сканировании;
- Наличие обновления - - флаг, данный статус отображается если база уязвимостей содержит информацию о наличии обновлений от производителя уязвимого ПО;
- Дата выявления - даты выявления уязвимости экспертами.
- Чекбокс «Только обнаруженные уязвимости» - устанавливает фильтр на табличную часть для отображения только обнаруженные уязвимости.
- Функционал для экспорта всех уязвимостей каталога.
- Для каталога добавляется функционал Варианты отображения:
- Бюллетени - изменяет отображение табличной части на реестр бюллетеней, отображает общее количество уязвимостей в бюллетени в поле Уязвимостей в бюллетени и статус по обнаружению в поле Обнаружено - данный статус отображается если хотя бы одна уязвимость из бюллетеня обнаружена в инфраструктуре.
- Уязвимости.
MITRE ATT&CK, БДУ ФСТЭК, Новая БДУ ФСТЭК
Данные из каталогов MITRE ATT&CK, БДУ ФСТЭК, Новая БДУ ФСТЭК могут использоваться для контекстного наполнения риска в модуле Риски.
Каждый из указанных каталогов сформирован по собственной схеме данных, которая не соответствует подходу оценки риска, используемому в сервисе. Но в основе своей указанные базы описывают все те же риски информационной безопасности, каждый под своим углом. Поэтому они добавлены в сервис и как отдельные компоненты и как основа для создания рисков, угроз или уязвимостей.
Каталоги могут использоваться в сервисе с целью:
- Облегчения процесса формирования рисков, угроз и уязвимостей;
- Обогащения информации по рискам (угрозам, уязвимостям) созданным в сервисе.
- Взгляда на компанию и оценку рисков через публичные каталоги угроз.
Сервис позволяет установить связь между объектами из каталогов и 3 типами объектов сервиса: угрозами, уязвимостями или рисками безопасности:
- Уязвимости могут быть связаны с угрозами БДУ ФСТЭК, техниками ATT&CK и способами реализации Новой БДУ ФСТЭК.
- Угрозы могут быть связаны с угрозами БДУ ФСТЭК, техниками ATT&CK, угрозами и последствиями Новой БДУ ФСТЭК.
- Риски могут быть связаны с угрозами БДУ ФСТЭК, техниками ATT&CK, угрозами, способами реализации и последствиями Новой БДУ ФСТЭК.
Такой широкий выбор возможных связей сделан потому, что объекты из каталогов угроз могут быть или угрозой или уязвимостью в контексте сервиса.
Например, УБИ.004 Угроза аппаратного сброса пароля BIOS из БДУ ФСТЭК в контексте сервиса является уязвимостью, особенностью активов типа Микропрограммное обеспечение, которая может привести к реализации угрозы Несанкционированного локального доступа к BIOS.
В большинстве случаев угрозы из БДУ ФСТЭК и техники из MITRE ATT@CK являются именно уязвимостями, использование которых ведет к реализации угроз безопасности, но бывают и исключения.
Для рисков, угроз и уязвимостей из базы Community связи с каталогами угроз уже установлены.
Связь с каталогом угроз может быть прямой или косвенной. Например, если уязвимость связана с угрозой из БДУ ФСТЭК то и все риски, в составе которых есть данная уязвимость будут автоматически связаны с угрозой из БДУ ФСТЭК.
Каталог БДУ ФСТЭК - это реестр рисков от банка данных угроз безопасности информации ФСТЭК России.
Каждая угроза содержит описание, рекомендации к каким типам активов может быть применена эта угроза, классификация по свойствам информации и вероятные источники угрозы. Дополнительно в блоке Связанные риски указаны связанные риски, а в блоке Каталоги указываются связи с записями из других каталогов.
Каталог Новая БДУ ФСТЭК от банка данных угроз безопасности информации ФСТЭК России содержит:
- матрицу Способы реализации (возникновения угроз) - каждая ячейка которых содержит описание поверхности атаки: группу способов, уровень возможностей нарушителя, возможные реализуемые угрозы, компоненты объектов воздействия, возможные меры защиты;
- Негативные последствия - перечень негативных последствий в классификации ФСТЭК в виде кода и описания;
- Угрозы - реестр угроз с описанием, каждая угроза содержит возможные объекты воздействия и возможные способы реализации угроз;
- Объекты - перечень объектов последствий с описанием и компонентами которые могут входить в состав объекта;
- Компоненты - перечень компонентов объектов воздействия с указанием объектов воздействия на которых они могут располагаться;
- Нарушители - уровни возможностей нарушителей классифицированные по возможностям и компетенции;
- Меры защиты - в терминологии SECURITM это список требований выполнение которых сокращает возможности нарушителя.
Каталог MITRE ATT&CK содержит:
- Матрица - содержит тактики и техники злоумышленника, позволяет на основании тактики или техники создать риск или уязвимость, в матрице указаны связи с рисками в базе Community и с рисками в базе команды;
- Тактики - направления действия нарушителя на том или ином этапе cyberkillchane;
- Техники - конкретные действия нарушителя для достижения цели на конкретном шаге cyberkillchane;
- Контрмеры - в терминологии SECURITM это список требований выполнение которых сокращает возможности нарушителя;
- Преступные группы - описание APT группировок и их особенности и модель поведения;
- Инструменты - ПО используемое нарушителями для вредоносного воздействия.
Матрицы могут использоваться для построения тепловой карты рисков наложенных на матрицы угроз и уязвимостей.
Сертификаты СЗИ
Каталог Сертификаты СЗИ может быть использован в модуле Активы как источник информации для поля Номер сертификата СЗИ. В модуле активов есть возможность вести реестр СЗИ используемых в организации, в свою очередь каталог сертификатов СЗИ позволяет связать актив с каталогом через поле актива Номер сертификата СЗИ.
Каталог Сертификаты СЗИ содержит реестр с информацией о номере сертификата, сроке действия сертификата и сроке поддержки СЗИ. Кроме реестра каталог содержит следующие метрики:
- Имеющиеся СЗИ - отображает количество активов у которых заполнено поле Номер сертификата СЗИ;
- Скоро будут просрочены - отображает количество активов у которых срок действия сертификата меньше 90 календарных дней;
- Просроченные сертификаты - отображает количество активов у которых срок действия сертификата уже истек;
- Истекшая поддержка - отображает количество активов у которых срок действия сертификата уже истек.
Каждая метрика ведёт в реестр активов и выводит список СЗИ, отфильтрованный по соответствующим параметрам.
Нажав на просмотр сертификата, мы увидим карточку сертификата, сервис хранит информацию о следующих данных:
- Номер сертификата;
- Дата внесения в реестр;
- Срок действия сертификата;
- Срок окончания тех. поддержки;
- Наименование средства (шифр);
- Схема сертификации;
- Испытательная лаборатория;
- Орган по сертификации;
- Заявитель;
- Наименования документов соответствия;
- Реквизиты заявителя.
Реестр обновляется автоматически один раз в месяц.
Куда я попал?
CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
| Тип уязвимости: | Набор уязвимостей которые должны присутствовать одновременно |
| Вероятность эксплойта: |
Medium
|
Идентификаторы ФСТЭК уязвимостей
Идентификатор, базы данных общеизвестных уязвимостей информационной безопасности
| Идентификатор | Описание |
|---|---|
| BDU:2014-00410 | Уязвимость файлового сервера Serv-U File Server, позволяющая удаленному злоумышленнику изменить конфигурацию системы |
| BDU:2015-00234 | Уязвимость программного обеспечения Adobe Pepper Flash для Google Chrome, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-00235 | Уязвимость программного обеспечения Adobe Pepper Flash для Google Chrome, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-00344 | Уязвимость программного обеспечения Flash Player, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-00345 | Уязвимость программного обеспечения Adobe AIR, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-00346 | Уязвимость программного обеспечения Flash Player, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-00987 | Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-00988 | Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-00989 | Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-03352 | Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-09374 | Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-09893 | Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику подделать межсайтовые запросы |
| BDU:2015-09894 | Уязвимость браузера Firefox ESR, позволяющая удалённому злоумышленнику подделать межсайтовые запросы |
| BDU:2015-09895 | Уязвимость почтового клиента Thunderbird, позволяющая удалённому злоумышленнику подделать межсайтовые запросы |
| BDU:2015-09977 | Уязвимость программной платформы Apache Struts, связанная с использованием предсказуемых значений , позволяющая удаленному нарушителю осуществить CSRF-атаку |
| BDU:2015-10402 | Уязвимость микропрограммного обеспечения программируемого логического контроллера Siemens Simatic S7-1200, позволяющая нарушителю производить межсайтовую фальсификацию запросов |
| BDU:2015-10409 | Уязвимость микропрограммного обеспечения маршрутизатора Juniper SRX 240, позволяющая нарушителю обойти CSRF-защиту интерфейса J-Web |
| BDU:2015-10915 | Уязвимость программной платформы Flash Player, позволяющая нарушителю обойти механизм защиты |
| BDU:2015-10916 | Уязвимость программной платформы Flash Player, позволяющая нарушителю обойти механизм защиты |
| BDU:2015-10917 | Уязвимость программной платформы Adobe AIR, позволяющая нарушителю обойти механизм защиты |
| BDU:2015-10918 | Уязвимость программной платформы Adobe AIR, позволяющая нарушителю обойти механизм защиты |
| BDU:2015-10938 | Уязвимость системы управления обучением Мoodle, позволяющая нарушителю пройти процедуру аутентификации |
| BDU:2015-10943 | Уязвимость системы управления обучением Мoodle, позволяющая нарушителю нарушить процедуру аутентификации для произвольных пользователей |
| BDU:2015-10973 | Уязвимость микропрограммного обеспечения устройства управления конференц-связью Cisco TelePresence ISDN Gateway, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2015-10974 | Уязвимость микропрограммного обеспечения устройства управления конференц-связью Cisco TelePresence Serial Gateway, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2015-10975 | Уязвимость микропрограммного обеспечения устройства управления конференц-связью Cisco TelePresence IP Gateway, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2015-10976 | Уязвимость микропрограммного обеспечения устройства обработки потокового видео Cisco TelePresence IP VCR, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2015-10977 | Уязвимость микропрограммного обеспечения устройства управления конференц-связью Cisco TelePresence Multipoint Control Unit, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2015-11530 | Уязвимость микропрограммного обеспечения устройства управления конференц-связью Cisco TelePresence Server, позволяющая нарушителю нарушить процедуру аутентификации произвольных пользователей |
| BDU:2015-11596 | Уязвимость микропрограммного обеспечения программируемого логического контроллера Schneider Electric Modicon M340, позволяющая нарушителю перенаправить пользователя на вредоносный сайт |
| BDU:2015-11962 | Уязвимость Java-сервера приложений WildFly и связующей платформы JBoss Enterprise Application Platform, позволяющая нарушителю пройти аутентификацию от имени администратора |
| BDU:2015-11974 | Уязвимость микропрограммного обеспечения систем контроля состояния цепей электропитания Janitza UMG 508, 509, 511, 604, 605, позволяющая нарушителю пройти аутентификацию от имени произвольного пользователя |
| BDU:2015-12097 | Уязвимость средства администрирования системы электронного документооборота EMC Documentum Administrator, средства управления мультимедийными материалами системы электронного документооборота EMC Documentum Digital Asset Management, средства доступа... |
| BDU:2015-12140 | Уязвимость почтового сервера Microsoft Exchange Server, позволяющая нарушителю нарушить процедуру аутентификации произвольных пользователей |
| BDU:2015-12151 | Уязвимость программного средства управления серверами HP System Management Homepage, позволяющая нарушителю нарушить процедуру аутентификации произвольных пользователей |
| BDU:2016-00248 | Уязвимость операционной системы Cisco Firepower Extensible Operating System, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2016-00379 | Уязвимость программной платформы Java Platform, позволяющая нарушителю загрузить на компьютер произвольные файлы |
| BDU:2016-00482 | Уязвимость программы мгновенного обмена сообщениями Adobe Connect, позволяющая нарушителю подменить пользователя в ходе сессии |
| BDU:2016-00553 | Уязвимость платформы управления политиками соединений Cisco Identity Services Engine, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2016-00598 | Уязвимость системы управления обучением Мoodle, позволяющая нарушителю подменить пользователя в ходе сессии |
| BDU:2016-00601 | Уязвимости системы управления обучением Мoodle, позволяющие нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2016-00613 | Уязвимость сервера приложений Apache Tomcat, позволяющая нарушителю обойти механизм защиты CSRF |
| BDU:2016-00928 | Уязвимость микропрограммного обеспечения маршрутизатора Amped Wireless R10000, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2016-00930 | Уязвимость микропрограммного обеспечения маршрутизатора Medialink MWN-WARP300N, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2016-00931 | Уязвимость микропрограммного обеспечения маршрутизатора N600 DB Belkin F9K1102, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2016-00935 | Уязвимость микропрограммного обеспечения системы резервного копирования Storeonce Backup, позволяющая нарушителю подменить пользователя в ходе сессии |
| BDU:2016-02066 | Уязвимость системы управления почтовыми рассылками GNU Mailman, позволяющая нарушителю подменить пользователя в ходе сессии администратора |
| BDU:2016-02068 | Уязвимость системы управления почтовыми рассылками GNU Mailman, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2017-00614 | Уязвимость антивирусного программного средства McAfee VirusScan Enterprise, позволяющая нарушителю нарушить доступность данных |
| BDU:2017-00683 | Уязвимость системы управления IP-телефонией Cisco Unified Communications Manager, позволяющая нарушителю нарушить целостность данных |
| BDU:2017-00781 | Уязвимость операционной системы Windows, позволяющая нарушителю получить информацию для компроментации целевой системы |
| BDU:2017-01481 | Уязвимость веб-консоли средства антивирусной защиты Антивирус Касперского 8.0 для Linux File Servers, позволяющая отправить команду антивирусу от имени его пользователя |
| BDU:2017-02187 | Уязвимость программного обеспечения удаленного мониторинга Advantech WebAccess, связанная с подделкой межсайтовых запросов, позволяющая нарушителю перехватить аутентификацию произвольного пользователя |
| BDU:2018-00189 | Уязвимость средства защиты электронной почты Kaspersky Secure Mail Gateway, связанная с отсутствием CSRF-токена в веб-формах, позволяющая перехватить сессию администратора |
| BDU:2018-01009 | Уязвимость микропрограммного обеспечения маршрутизатора 4G LTE Light Industrial M2M Router (NWL-25), связанная с подделкой межсайтовых запросов, позволяющая нарушителю изменить пароль устройства |
| BDU:2018-01305 | Уязвимость веб-интерфейса операционной системы FortiOS, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2018-01380 | Уязвимость веб-интрефейса средства управления использования электроэнергии Cisco Energy Management Suite, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2018-01440 | Уязвимость веб-интерфейса платформы управления политиками безопасности Cisco Identity Services Engine, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2018-01622 | Уязвимость программного обеспечения инфраструктуры Cisco Enterprise NFV Infrastructure Software, связанная с ошибками проверки HTTP-запросов в интерфейсе управления, позволяющая нарушителю осуществлять межсайтовую подделку запросов |
| BDU:2018-01623 | Уязвимость веб-интерфейса программного средства управления унифицированными коммуникациями Cisco Prime Collaboration Assurance, позволяющая нарушителю выполнять произвольные действия в уязвимой системе путем осуществления межсайтовой подделки запросо... |
| BDU:2019-00746 | Уязвимость веб-интерфейса программного средства Cisco Unified Intelligence Center, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2019-00898 | Уязвимость микропрограммного обеспечения камер серий Pelco Sarix Enhanced и Spectra Enhanced, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю получить доступ к интерфейсу камеры |
| BDU:2019-01118 | Уязвимость микропрограммного обеспечения коммутатора Moxa IKS-G6824A, позволяющая нарушителю получить несанкционированный доступ к устройству |
| BDU:2019-01325 | Уязвимость приложения для управления серверами CentOS Web Panel, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю выполнить произвольные команды |
| BDU:2019-01326 | Уязвимость приложения для управления серверами CentOS Web Panel, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю выполнить произвольные команды |
| BDU:2019-01339 | Уязвимость веб-интерфейса микропрограммного обеспечения IP-телефонов Cisco IP Phone серии 8800, позволяющая нарушителю выполнить произвольные действия в уязвимом устройстве |
| BDU:2019-01354 | Уязвимость компонентов Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Daemon Manager (rvdm) платформ для высокоскоростного распространения данных TIB... |
| BDU:2019-01673 | Уязвимость веб-интерфейса управления программного обеспечения Cisco Wireless LAN Controller, позволяющая нарушителю выполнить произвольные действия на устройстве с привилегиями пользователя, включая изменение конфигурации устройства |
| BDU:2019-01685 | Уязвимость функции FindMe микропрограммного обеспечения устройства управления абонентскими вызовами Cisco TelePresence Video Communication Server и программного обеспечения шлюза Cisco Expressway, позволяющая нарушителю выполнить произвольные действи... |
| BDU:2019-01800 | Уязвимость микропрограммного обеспечения межсетевого экрана Cisco Adaptive Security Appliance, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю выполнить произвольный код в контексте текущего пользователя |
| BDU:2019-01807 | Уязвимость веб-интерфейса управления гиперконвергентной инфраструктуры Cisco HyperFlex, позволяющая нарушителю выполнить произвольный код |
| BDU:2019-02012 | Уязвимость микропрограммного обеспечения принтеров HP Color LaserJet Pro, связанная с подделкой межсайтовых запросов, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации |
| BDU:2019-02013 | Уязвимость микропрограммного обеспечения принтеров HP Color LaserJet Pro, связанная с подделкой межсайтовых запросов, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2019-02139 | Уязвимость веб-интерфейса управления программного пакета Cisco Industrial Network Director, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2019-02221 | Уязвимость веб-интерфейса средства управления информационной системой Cisco Prime Service Catalog, связанная с отсутствием защиты от межсайтовой подмены запросов (CSRF), позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2019-02244 | Уязвимость веб-интерфейса операционной системы Cisco IOS XE, позволяющая нарушителю выполнить произвольные действия в контексте текущего пользователя |
| BDU:2019-02382 | Уязвимость платформы для централизованного управления политиками McAfee ePO Cloud, связанная с отсутствием защиты от межсайтовой подмены запросов, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве и получить доступ к уязви... |
| BDU:2019-02405 | Уязвимость веб-интерфейса управления программного средства удалённого администрирования серверов Cisco Integrated Management Controller, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2019-02492 | Уязвимость средства разработки программного обеспечения Azure DevOps Server, связанная с недостатками обработки запросов на авторизацию, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2019-02821 | Уязвимость микропрограммного обеспечения принтеров HP Color LaserJet Pro и HP LaserJet Pro, связанная с подделкой межсайтовых запросов, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании |
| BDU:2019-02822 | Уязвимость микропрограммного обеспечения принтеров HP Deskjet, связанная с подделкой межсайтовых запросов, позволяющая нарушителю вызвать отказ в обслуживании или нарушения в конфигурации устройства |
| BDU:2019-02840 | Уязвимость веб-интерфейса операционной системы FortiOS, позволяющая нарушителю осуществить межсайтовую подделку запроса |
| BDU:2019-02844 | Уязвимость процесса httpsd операционной системы FortiOS, позволяющая нарушителю раскрыть защищаемую информацию или выполнить несанкционированное отключение пользователей |
| BDU:2019-02934 | Уязвимость плагина NPAPI браузеров Firefox ESR, Firefox и почтового клиента Thunderbird, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2019-02940 | Уязвимость сервера автоматизации Jenkins, связанная с отсутсвием идентификатора веб-сеанса, позволяющая нарушителю осуществить межсайтовую подделку запросов и получить несанкционированный доступ к защищаемой информации |
| BDU:2019-03005 | Уязвимость микропрограммного обеспечения коммуникационного модуля Siemens CP, связанная с межсайтовой фальсификацией запросов, позволяющая нарушителю произвести атаку |
| BDU:2019-03040 | Уязвимость веб-интерфейса управления операционной системы Cisco IOS XE, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2019-03111 | Уязвимость платформы для автоматизации деятельности учреждений здравоохранения субъекта РФ ТрастМед:Лекарственное обеспечение, связанная с отсутствием CSRF-токена в веб-формах, позволяющая выполнять действия от имени пользователей, в том числе админи... |
| BDU:2019-03125 | Уязвимость веб-интерфейса управления гиперконвергентной инфраструктуры Cisco HyperFlex, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве с помощью специально сформированной ссылки |
| BDU:2019-03140 | Уязвимость микропрограммного обеспечения принтеров HP Deskjet, связанная с подделкой межсайтовых запросов, позволяющая нарушителю вызвать отказ в обслуживании или нарушения в конфигурации устройства |
| BDU:2019-03173 | Уязвимость программного обеспечения для электронного документооборота Microsoft SharePoint Foundation, связанная с ошибками при обработке запросов на авторизацию приложений, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2019-03175 | Уязвимость пакетов программ Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server и программного обеспечения для электронного документооборота Microsoft SharePoint Foundation, связанная с ошибками при обработке запросов на авторизацию п... |
| BDU:2019-03269 | Уязвимость встроенного веб-сервера микропрограммного обеспечения преобразователей протоколов Moxa MGate MB3170, MB3180, MB3270, MB3280, MB3480 и MB3660, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2019-03466 | Уязвимость плагина NPAPI браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2019-03562 | Уязвимость компонента CMS веб-сайтов для совместной работы MediaWiki, связанная с межсайтовой фальсификацией запросов, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а та... |
| BDU:2019-03801 | Уязвимость веб-интерфейса управления микропрограммного обеспечения маршрутизаторов Cisco Small Business серии 250, 350, 550X, позволяющая нарушителю изменить конфигурацию устройства или вызвать отказ в обслуживании |
| BDU:2019-04000 | Уязвимость веб-приложения для администрирования систем управления базами данных phpMyAdmin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю удалить любой сервер на странице установки |
| BDU:2019-04117 | Уязвимость веб-интерфейса управления систем обработки вызовов Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IMP) Service и... |
| BDU:2019-04245 | Уязвимость компонента Security программной платформы для разработки и управления веб-приложениями Symfony, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2019-04291 | Уязвимость функции Reader View браузера Firefox, позволяющая нарушителю выполнить произвольный код |
| BDU:2019-04477 | Уязвимость микропрограммного обеспечения системы удалённого управления солнечными батареями SMA Solar Sunny WebBox, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегии |
| BDU:2019-04839 | Уязвимость веб-интерфейса vManage программно-определяемой сети Cisco SD-WAN, позволяющая нарушителю обойти процедуру аутентификации и получить доступ к системным файлам |
| BDU:2020-00061 | Уязвимость функции "Forgot Password" приложения для управления серверами CentOS Web Panel, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2020-00336 | Уязвимость веб-интерфейса операционных систем Cisco IOS XE и Cisco IOS, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2020-00613 | Уязвимость веб-интерфейса программного средства Cisco Hosted Collaboration Mediation Fulfillment, позволяющая нарушителю выполнить произвольные действия в контексте текущего пользователя |
| BDU:2020-00616 | Уязвимость веб-интерфейса администрирования системы управления IP-телефонией Cisco Unified Communications Manager, позволяющая нарушителю выполнить произвольные действия в контексте текущего пользователя |
| BDU:2020-00630 | Уязвимость платформы интеграции сценариев производственных операций SAP Manufacturing Integration and Intelligence, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить доступ к уязвимому приложению |
| BDU:2020-00966 | Уязвимость веб-интерфейса управления системы сетевого управления центром обработки данных Cisco Data Center Network Manager (DCNM), позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2020-00986 | Уязвимость веб-интерфейса средства управления сетевыми сервисами Cisco Prime Network Registrar, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2020-01058 | Уязвимость расширения OAuth2 программного средства для реализации гипертекстовой среды MediaWiki, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2020-01059 | Уязвимость плагина svg-vector-icon-plugin (WP SVG Icons) системы управления содержимым WordPress, позволяющая нарушителю загрузить произвольный ZIP-архив (содержащий файл .php) |
| BDU:2020-01244 | Уязвимость веб-интерфейса сотовых IP-шлюзов серии Moxa OnCell G3100-HSPA, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2020-01286 | Уязвимость компонента SiTex-Госуслуги платформы разработки распределенных приложений SiTex, связанная с отсутствием CSRF-токена в веб-формах, позволяющая выполнять действия от имени пользователей, в том числе администраторов |
| BDU:2020-01383 | Уязвимость протокола WebSocket веб-сервера Engine.IO, связанная с подделкой межсайтовых закпросов, позволяющая нарушителю выполнять произвольные действия в уязвимой системе |
| BDU:2020-01716 | Уязвимость перекрестного запроса "CSRF" программы для шифрования информации и создания электронных цифровых подписей GNU Privacy Guard (GnuPG), позволяющая нарушителю совершить атаку типа отказ в обслуживании |
| BDU:2020-01858 | Уязвимость параметра append_domain прокси-сервера Squid, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность |
| BDU:2020-01950 | Уязвимость системы управления содержимым сайта WordPress, связанная с межсайтовой фальсификацией запросов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании |
| BDU:2020-01981 | Уязвимость множества элементов сервера обмена календарями DAViCal, связанная с недостатками механизмов противодействия межсайтовой фальсификации, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в об... |
| BDU:2020-02162 | Уязвимость сервера автоматизации Jenkins, связанная с межсайтовой фальсификацией запросов, позволяющая нарушителю оказать воздействие на целостность, конфиденциальность и доступность защищаемой информации |
| BDU:2020-02423 | Уязвимость веб-интерфейса управления программного обеспечения Cisco Mobility Express точек доступа Cisco Aironet Access Points (AP) серий 1540, 1560, 1800, 2800, 3800, 4800, Cisco Catalyst 9100 и Cisco 6300, позволяющая нарушителю выполнить произволь... |
| BDU:2020-02700 | Уязвимость сервера автоматизации Jenkins, связанная с отсутствием защиты от межсайтовой подмены запросов (CSRF), позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2020-02720 | Уязвимость микропрограммного обеспечения модульного контроллера для автоматизации трансформаторных подстанций Schneider Electric Easergy T300 (HU250), связанная с подделкой межсайтовых запросов, позволяющая нарушителю выполнить вредоносные команды от... |
| BDU:2020-03050 | Уязвимость компонента журнала аудита системы управления сетью Cisco Digital Network Architecture (DNA) Center, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2020-03064 | Уязвимость веб-интерфейса микропрограммного обеспечения маршрутизатора D-Link DIR-865L, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных |
| BDU:2020-03209 | Уязвимость встроенного программного обеспечения маршрутизаторов NETGEAR RBK752, NETGEAR RBK753, NETGEAR RBK753S, NETGEAR RBR750, NETGEAR RBS750, NETGEAR RBK842, NETGEAR RBR840, NETGEAR RBS840, NETGEAR RBK852, NETGEAR RBK853, NETGEAR RBR850, NETGEAR R... |
| BDU:2020-03287 | Уязвимость инструмента миграции конфигурации The Expedition Migration tool, связанная с подделкой межсайтовых запросов, позволяющая нарушителю подменить пользователя в ходе сессии и выполнить произвольный код |
| BDU:2020-03447 | Уязвимость веб-интерфейса конфигурации LuCI встраиваемой операционной системы OpenWrt, позволяющая нарушителю осуществить подделку межсайтовых запросов |
| BDU:2020-03500 | Уязвимость модулей spring-webmvc, spring-webflux программной платформы Spring Framework, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2020-03934 | Уязвимость функции wp_ajax_replyto_comment (ajax-actions.php) и wp_handle_comment_submission (comment.php) системы управления содержимым сайта WordPress, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а так... |
| BDU:2020-03991 | Уязвимость решения для IMAP-серверов на основе AJAX Roundcube, связанная с недостатками механизмов противодействия межсайтовой фальсификации, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2020-04326 | Уязвимость службы Windows DNS операционных систем Windows, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2020-04629 | Уязвимость CMS-системы Drupal, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю выполнить произвольный код |
| BDU:2020-05688 | Уязвимость интерфейса мониторинга и управления операционной системы Cisco FXOS межсетевого экрана Cisco Firepower, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2021-00641 | Уязвимость веб-интерфейса управления центра управления сетью Cisco DNA Center, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2021-01018 | Уязвимость библиотеки для работы с SVG-изображениями Apache Batik, связанная с некорректной обработкой данных в атрибутах "xlink: href", позволяющая нарушителю осуществлять CSRF-атаки |
| BDU:2021-01087 | Уязвимость функции NX-API сетевой операционной системы Cisco NX-OS маршрутизаторов Cisco, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2021-01539 | Уязвимость компонента интеграции программной платформы для разработки и управления онлайн магазинами Magento Commerce, связанная с отсутствием защиты от межсайтовой подмены запросов, позволяющая нарушителю выполнить несанкционированное изменение мета... |
| BDU:2021-01735 | Уязвимость системы управления содержимым сайта WordPress, связанная с недостатками механизмов противодействия межсайтовой фальсификации, позволяющая нарушителю оказать воздействие на целостность данных |
| BDU:2021-01801 | Уязвимость функции "Deflake this build" плагина Jenkins Flaky Test Handler Plugin, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2021-01829 | Уязвимость драйвера EEM (Ethernet Emulation Mode) микропрограммного обеспечения устройств для считывания смарт-карт серии OMNIKEY 5427 и серии OMNIKEY 5127, позволяющая нарушителю проводить межсайтовые сценарные атаки |
| BDU:2021-02130 | Уязвимость реестра для Docker-контейнеров Harbor, связанная с подделкой межсайтовых запросов, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2021-02600 | Уязвимость программной платформы для управления виртуальными средами CloudForms Management Engine, связанная с отсутствием защиты от межсайтовой подмены запросов (CSRF), позволяющая нарушителю выполнить произвольные действия в контексте текущего поль... |
| BDU:2021-03109 | Уязвимость плагина ARPrice Lite системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2021-03782 | Уязвимость системы управления контентом и медиа-данными Adobe Experience Manager, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить конфиденциальную информацию пользователя |
| BDU:2021-04269 | Уязвимость микропрограммного обеспечения измерителей мощности и счетчиков электроэнергии PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000, PM800, связанная с недостаточной проверкой подлинности выполняемых запросов, позв... |
| BDU:2021-04503 | Уязвимость реализации сценария /woocommerce-stock-manager/trunk/admin/views/import-export.php функции импорта/экспорта плагина WooCommerce Stock Manager системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2021-04646 | Уязвимость формы конфигурации CKEditor веб-системы отслеживания связей и управления взаимодействием CiviCRM, связанная с подделкой межсайтовых запросов, позволяющая нарушителю оказать воздействие на целостность данных |
| BDU:2021-04718 | Уязвимость файла video_list.php системы управления контентом AikCms, позволяющая нарушителю удалить информацию |
| BDU:2021-04898 | Уязвимость веб-фреймворка для создания API с помощью языка программирования Python FastAPI, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность |
| BDU:2021-05612 | Уязвимость реализации HTTP- или FTP-протокола консольного графического редактора ImageMagick, позволяющая нарушителю осуществить SSRF-атаку |
| BDU:2021-05927 | Уязвимость веб-интерфейса управления систем обработки вызовов Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition и Cisco Unified Communications Manager IM Presence Service, позволяющая нарушителю ока... |
| BDU:2021-06190 | Уязвимость функции "delete related badge" системы управления Moodle, связанная с межсайтовыми фольсификациями запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-00492 | Уязвимость программы мгновенного обмена сообщениями Adobe Connect, связанная с подделкой межсайтовых запросов, позволяющая нарушителю записать произвольные файлы в файловую систему устройства |
| BDU:2022-00592 | Уязвимость пакета управления рассылками электронных писем GNU Mailman, связанная с недостаточной проверкой источника HTTP-запроса, позволяющая нарушителю выполнять атаки с подделкой межсайтовых запросов |
| BDU:2022-00881 | Уязвимость функции интеграции приложений программного обеспечения для веб-конференцсвязи Cisco Webex Meetings, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2022-01916 | Уязвимость HTTP-демона микропрограммного обеспечения Wi‑Fi роутеров ZyXEL NBG6816 (Armor Z1) и NBG6817 (Armor Z2), позволяющая нарушителю выполнить произвольные команды |
| BDU:2022-02031 | Уязвимость платформы администрирования приложений VMware Workspace ONE Access, платформы виртуализации VMware Cloud Foundation, средства управления виртуальной инфраструктурой VMware vRealize Automation, программного средства управления жизненным цик... |
| BDU:2022-02149 | Уязвимость компонент API GraphQL программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю оказать воздействие на целостность данных |
| BDU:2022-02208 | Уязвимость микропрограммного обеспечения программируемых логических контроллеров WAGO 750-8212 (PFC200), связанная с подделкой межсайтовых запросов, позволяющая нарушителю проводить межсайтовые сценарные атаки |
| BDU:2022-02397 | Уязвимость системы управления контентом Umbraco CMS, связанная с подделкой межсайтовых запросов, позволяющая нарушителю активировать, деактивировать или удалять учетные записи пользователей |
| BDU:2022-02433 | Уязвимость веб-интерфейса управления микропрограммного обеспечения IP-телефонов Cisco IP Phone 6800, Cisco IP Phone 7800 и Cisco IP Phone 8800, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-02691 | Уязвимость scada-сервера Elcomplus SmartPPT, связанная с недостаточной проверкой источника HTTP-запроса, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-02828 | Уязвимость расширения Report программного средства для реализации гипертекстовой среды MediaWiki, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2022-02927 | Уязвимость веб-интерфейса управления систем обработки вызовов Cisco Unified Communications Manager (CM) и Cisco Unified Communications Manager Session Management Edition (SME), позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-03103 | Уязвимость веб-интерфейса управления централизованной системой управления сетью Cisco Catalyst SD-WAN Manager, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-03570 | Уязвимость микропрограммного обеспечения мобильных маршрутизаторов iRZ, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-03575 | Уязвимость механизма синхронизации форм браузера Yandex Browser, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-03591 | Уязвимость микропрограммного обеспечения маршрутизатора Trendnet TEW-831DR, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-03877 | Уязвимость веб-инструмента управления ИТ-услугами iTop, связанная с повторным использованием CSRF-токенов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-04089 | Уязвимость компонента /admin/service/stop/ программного обеспечения TrueConf Server, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-04253 | Уязвимость микропрограммного обеспечения устройства связи и мониторинга Schneider Electric Conext ComBox, связанная с подделкой межсайтовых запросов, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2022-04324 | Уязвимость встроенного веб-сервера микропрограммного обеспечения промышленных коммутаторов SCALANCE X302-7, SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X310, SCALANCE X320-1,... |
| BDU:2022-04575 | Уязвимость веб-интерфейса платформы аналитики и автоматизации работы с многооблачными сетями дата-центров Cisco Nexus Dashboard, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-04843 | Уязвимость плагина Jenkins Google Cloud Backup Plugin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю копировать произвольные файлы |
| BDU:2022-04848 | Уязвимость плагина Jenkins Openstack Heat Plugin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-04854 | Уязвимость плагина Jenkins External Monitor Job Type Plugin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-04857 | Уязвимость плагина Jenkins Coverity Plugin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-04859 | Уязвимость плагина Jenkins OpenShift Deployer Plugin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-04862 | Уязвимость плагина Jenkins Job Configuration History Plugin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-05034 | Уязвимость менеджера паролей Passwork, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-05212 | Уязвимость CAS-сервера General Bytes Crypto Application Server, связанная с подделкой межсайтовых запросов, позволяющая нарушителю создать пользователя c привилегиями admin и изменить произвольные данные на сервере |
| BDU:2022-05668 | Уязвимость компонента Controller File System Handler плагина Jenkins OpenShift Deployer Plugin, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2022-05908 | Уязвимость реализации механизма проверки токенов программной платформы Apache Struts, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-06071 | Уязвимость плагина Jenkins Security Inspector Plugin, связанная с недостаточной проверкой подлинности выполняемых POST запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-06115 | Уязвимость компонента Central Management Console (CMC) платформы бизнес-аналитики SAP BusinessObjects Business Intelligence, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании |
| BDU:2022-06206 | Уязвимость компонента Build Handler плагина Jenkins Git Plugin, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2022-06217 | Уязвимость веб-интерфейса HTTP программного обеспечения cистемы измерения производительности высоковольтных распределительных устройств Hitachi Modular Switchgear Monitoring (MSM), позволяющая нарушителю выполнить произвольный код |
| BDU:2022-06218 | Уязвимость веб-интерфейса HTTP программного обеспечения cистемы измерения производительности высоковольтных распределительных устройств Hitachi Modular Switchgear Monitoring (MSM), позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-06302 | Уязвимость CMS-системы Drupal, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю выполнить произвольный код |
| BDU:2022-06331 | Уязвимость веб-интерфейса управления микропрограммного обеспечения шлюзов Cisco Expressway и микропрограммного обеспечения устройств управления вызовами Cisco TelePresence Video Communication Server, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-06503 | Уязвимость интерфейса системы управления безопасностью FortiSIEM, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-06835 | Уязвимость веб-интерфейса управления платформы управления политиками соединений Cisco Identity Services Engine (ISE), позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-06935 | Уязвимость интерфейса iControl SOAP средств контроля доступа и удаленной аутентификации BIG-IP и серверного программного обеспечения BIG-IQ Centralized Management, позволяющая нарушителю выполнить произвольные команд с повышенными привилегиями |
| BDU:2022-07405 | Уязвимость системы управления курсами Moodle, связанная с недостаточной проверкой источника HTTP-запроса в URL-адресе перенаправления курса, позволяющая нарушителю выполнять атаки с подделкой межсайтовых запросов |
| BDU:2023-00752 | Уязвимость функции ajax_save_state() плагина Wicked Folders системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-00753 | Уязвимость функции ajax_edit_folder() плагина Wicked Folders системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-00858 | Уязвимость веб-интерфейса управления cредства управления информационной инфраструктурой Cisco Application Policy Infrastructure Controller, позволяющая нарушителю реализовать CSRF-атаку |
| BDU:2023-01043 | Уязвимость встроенного программного обеспечения маршрутизаторов NETGEAR R6250, NETGEAR R6400, NETGEAR R6700, NETGEAR R6900, NETGEAR R7000, NETGEAR R7100LG, NETGEAR R7300DST, NETGEAR R7900, NETGEAR R8000, NETGEAR D6220, NETGEAR D6400, NETGEAR D7000, с... |
| BDU:2023-01681 | Уязвимость метода init() универсальной системы мониторинга Zabbix, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании |
| BDU:2023-01732 | Уязвимость микропрограммного обеспечения маршрутизаторов Nighthawk WiFi 6 Router (RAX30), связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-01791 | Уязвимость микропрограммного обеспечения логических контроллеров для управления зданиями и сооружениями Schneider Electric spaceLYnk, Wiser for KNX (ранее - homeLYnk), FellerLYnk, позволяющая нарушителю выполнить переопределение конфигураций системы |
| BDU:2023-01842 | Уязвимость веб-интерфейса управления централизованной системой управления сетью Cisco SD-WAN vManage, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-01914 | Уязвимость веб-интерфейса управления системы мониторинга и управления сетевым оборудованием Cisco Prime Infrastructure и программного средства управления сетевыми сервисами Cisco Evolved Programmable Network Manager (EPNM), позволяющая нарушителю осу... |
| BDU:2023-01935 | Уязвимость плагина Convert To Pipeline Plugin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю выполнить произвольный код |
| BDU:2023-02417 | Уязвимость интерфейса системы управления Git-репозиториями Gitea, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-02703 | Уязвимость микропрограммного обеспечения программируемого логического контроллера Schneider Electric Modicon M340, Modicon Quantum, Modicon Premium, позволяющая нарушителю получить доступ к конфиденциальным данным |
| BDU:2023-02897 | Уязвимость программного обеспечения парковочных зарядных станций EVlink City. EVlink Parking и EVlink Smart Wallbox, связанная с подделкой межсайтовых запросов, позволяющая нарушителю выдать себя за пользователя, управляющего зарядной станцией |
| BDU:2023-03065 | Уязвимость компонентов hedwig.cgi и pigwidgeon.cgi микропрограммного обеспечения маршрутизаторов D-Link DIR-868L, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-03093 | Уязвимость программное обеспечение для собора данных FactoryTalk VantagePoint, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2023-03514 | Уязвимость плагина Reverse Proxy Auth прокси-сервера Jenkins, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-03533 | Уязвимость программно-аппаратных средств контроля и защиты SCADA-систем ABB Pulsar Plus System Controller NE843_S, Infinity DC Power Plant H5692448 G104, Infinity DC Power Plant H5692448 G842, Infinity DC Power Plant H5692448 G224L, Infinity DC Power... |
| BDU:2023-03541 | Уязвимость веб-интерфейса управления многофункциональных измерительных устройств Siemens SICAM Q200, позволяющая нарушителю выполнить произвольные действия |
| BDU:2023-03758 | Уязвимость веб-интерфейса программного обеспечения для веб-конференцсвязи Cisco Webex Meetings, позволяющая нарушителю реализовать CSRF-атаку |
| BDU:2023-03788 | Уязвимость функции start/restart (blogger-importer.php) плагина Blogger Importer системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-04191 | Уязвимость компонента Ajax Controller анализатора производительности PNP4Nagios системы мониторинга сети Nagios, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-04380 | Уязвимость реализации прикладного программного интерфейса программного обеспечения управления процессами и мониторинга систем автоматизации Rockwell Automation Enhanced HIM, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-04702 | Уязвимость плагина Sitemap by click5 системы управления содержимым сайта WordPress, позволяющая нарушителю создать учетную запись с правами администратора и осуществить CSRF-атаку |
| BDU:2023-04776 | Уязвимость веб-интерфейса управления микропрограммного обеспечения IP-телефонов Cisco IP Phone 6800, Cisco IP Phone 7800, Cisco IP Phone 8800 и видеотелефона Cisco Video Phone 8875, связанная подделкой межсайтовых запросов, позволяющая нарушителю осу... |
| BDU:2023-05131 | Уязвимость программного интерфейса платформы создания совместных веб-приложений XWiki Platform XWiki, позволяющая нарушителю выполнить произвольный код |
| BDU:2023-05265 | Уязвимость интерфейса интеграции CKEditor платформы создания совместных веб-приложений XWiki Platform XWiki , связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-05272 | Уязвимость платформы создания совместных веб-приложений XWiki Platform XWik , связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-05366 | Уязвимость реализации протокола RADIUS (Remote Authentication in Dial-In User Service) платформы Cisco Identity Services Engine (ISE), позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2023-05710 | Уязвимость программной платформы для разработки и управления веб-приложениями Symfony , связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-05820 | Уязвимость программного конфигуратора для создания, управления и развертывания энергосистем SEL-5037 SEL Grid Configurator, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-05923 | Уязвимость веб-приложения управления модульного источника бесперебойного питания MODULYS GP (MOD3GP-SY-120K), позволяющая нарушителю выполнить произвольные действия |
| BDU:2023-06392 | Уязвимость программного средства управления доступом к беспроводной сети IoT Cassia Access Controller, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-06464 | Уязвимость программного обеспечения защиты данных Acronis Cyber Protect 15, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2023-06465 | Уязвимость программного обеспечения защиты данных Acronis Cyber Protect 15, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю получить доступ к конфиденциальной информации |
| BDU:2023-06505 | Уязвимость веб-интерфейса микропрограммного обеспечения платформ маршрутизации и коммутации RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE и RUGGEDCOM ROX RX1400, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-06603 | Уязвимость WSGI-сервера gevent.pywsgi библиотеки Python Gevent, позволяющая нарушителю оказать влияние на целостность, доступность и конфиденциальность защищаемой информации |
| BDU:2023-06725 | Уязвимость плагина Jenkins Fortify Plugin, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-07071 | Уязвимость веб-интерфейса микропрограммного обеспечения маршрутизатора Connectize G6 AC2100, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-07532 | Уязвимость плагина управления учетными данными Jenkins Azure Credentials, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-07846 | Уязвимость почтового сервера modoboa/modoboa, связанная с подделкой межсайтовых запросов, позволяющая нарушителю оказать воздействие на целостность и доступность защищаемой информации |
| BDU:2023-08502 | Уязвимость инструмента мониторинга виртуальной инфраструктуры vRealize Operations (vROps), связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-08632 | Уязвимость программного обеспечения для создания заметок Sticky Notes App, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить доступ к конфиденциальной информации |
| BDU:2023-09067 | Уязвимость веб-сервера микропрограммного обеспечения универсального контроллера ввода-вывода ioLogik, позволяющая нарушителю выполнить запрос от имени легитимного пользователя |
| BDU:2024-00001 | Уязвимость интерфейса командной строки системы защиты электронной почты FortiMail, веб-приложений FortiWeb, программно-аппаратного средства защиты информации на базе технологий ИИ и глубинных нейросетей (DNN) Fortinet FortiNDR (Network Detection and... |
| BDU:2024-00227 | Уязвимость компонента /plugins/playbooks/api/v0/telemetry/run/ приложения для обмена мгновенными сообщениями Mattermost, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-00230 | Уязвимость настраиваемых разделов администрирования платформы создания совместных веб-приложений XWiki Platform XWiki, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-00508 | Уязвимость операционной системы NEXO-OS инструментов для монтажных работ на производственных линиях Bosch Nexo cordless nutrunner и Bosch Nexo special cordless nutrunner, позволяющая нарушителю удалять произвольные файлы в файловой системе |
| BDU:2024-00577 | Уязвимость программного обеспечения создания, мониторинга и оркестрации сценариев обработки данных Airflow , связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-00648 | Уязвимость плагина PostRatings системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-00734 | Уязвимость интерфейса декларативного инструмента непрерывной доставки GitOps для Kubernetes Argo CD, позволяющая нарушителю обойти ограничения безопасности и осуществить CSRF-атаку |
| BDU:2024-00894 | Уязвимость плагина Jenkins GitLab Branch Source Plugin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-00972 | Уязвимость платформы создания совместных веб-приложений XWiki Platform XWiki, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю подменить отображаемый URL |
| BDU:2024-01075 | Уязвимость программного обеспечения для загрузки файлов pyload, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-01084 | Уязвимость прикладного программного интерфейса устройств управления конференц-связью Cisco Expressway Series и Cisco Telepresence VCS, позволяющая нарушителю выполнять произвольные команды |
| BDU:2024-01271 | Уязвимость инструмента администрирования XWiki Admin Tools платформы создания совместных веб-приложений XWiki Platform XWiki, позволяющая нарушителю выполнить произвольные команды |
| BDU:2024-01272 | Уязвимость приложения XWiki Admin Tools платформы создания совместных веб-приложений XWiki Platform XWiki, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2024-01273 | Уязвимость платформы создания совместных веб-приложений XWiki Platform XWiki, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю получить права текущего пользователя |
| BDU:2024-01333 | Уязвимость программного обеспечения шифрования электронной почты для Jira S/Notify, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-01336 | Уязвимость прикладного программного интерфейса устройств управления конференц-связью Cisco Expressway Series и Cisco Telepresence VCS, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-01373 | Уязвимость реализации прикладного программного интерфейса микропрограммного обеспечения шлюзов Cisco Expressway и микропрограммного обеспечения устройств управления вызовами Cisco TelePresence Video Communication Server, позволяющая нарушителю осущес... |
| BDU:2024-01487 | Уязвимость микропрограммного обеспечения контроллеров для управления насосными станциями Osprey Pump Controller, позволяющая нарушителю выполнять произвольные команды |
| BDU:2024-01529 | Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source и Adobe Commerce, связанная с подделкой межсайтовых запросов, позволяющая нарушителю обойти существующие ограничения безопасности |
| BDU:2024-01566 | Уязвимость плагина Simple Mobile URL Redirect Plugin системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-01944 | Уязвимость программного средства разработки приложений IBM Engineering Requirements Management DOORS, связанная с подделкой межсайтовых запросов, позволяющая нарушителю выполнить произвольные команды |
| BDU:2024-01965 | Уязвимость функции process_delete компонента class-DNSMPD.php плагина GDPR/CCPA Cookie Consent системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-02118 | Уязвимость библиотеки axios, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить несанкционированный доступ к токену XSRF-TOKEN |
| BDU:2024-02144 | Уязвимость функции fromSysToolRestoreSet() (/goform/SysToolRestoreSet) микропрограммного обеспечения маршрутизаторов Tenda AC18, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-02145 | Уязвимость функции fromSysToolReboot() (/goform/SysToolReboot) микропрограммного обеспечения маршрутизаторов Tenda AC18, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-02312 | Уязвимость компонента /core/tools/add_translation.php системы управления содержимым CMS flusity, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-02331 | Уязвимость функции fromSysToolReboot() (/goform/SysToolReboot) микропрограммного обеспечения маршрутизаторов Tenda AC15, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2024-02332 | Уязвимость функции fromSysToolRestoreSet() (/goform/SysToolRestoreSet) микропрограммного обеспечения маршрутизаторов Tenda AC15, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2024-02450 | Уязвимость фреймворка для создания веб-приложений на языке Java Apache Wicket, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-02540 | Уязвимость компонента login_password сервера FreeIpa, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-02564 | Уязвимость системы управления сайтам Netcat Extra связанная с подделкой межсайтовых запросов, позволяющая нарушителю обойти существующие ограничения безопасности и повысить свои привилегии в системе |
| BDU:2024-02597 | Уязвимость платформы для мониторинга и наблюдения Grafana, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегий |
| BDU:2024-02747 | Уязвимость расширения SportsTeams программного средства для реализации гипертекстовой среды MediaWiki, позволяющая нарушителю воздействовать на целостность защищаемой информации |
| BDU:2024-02882 | Уязвимость функции admin_notice() плагина ProfilePress системы управления содержимым сайта WordPress, позволяющая нарушителю реализовать CSRF-атаку |
| BDU:2024-02956 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю внедрить произвольный javascript-код |
| BDU:2024-02957 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю изменить политику безопасности веб-приложения |
| BDU:2024-02958 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю провести инъекцию PHP-кода |
| BDU:2024-02959 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код |
| BDU:2024-02960 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код |
| BDU:2024-02962 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю создать нового пользователя с правами администратора |
| BDU:2024-02963 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код |
| BDU:2024-02964 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код |
| BDU:2024-02966 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к веб-приложению |
| BDU:2024-02967 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю изменять права доступа в файловом менеджере |
| BDU:2024-03355 | Уязвимость функции erase_tutor_data() плагина Tutor LMS системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-03369 | Уязвимость плагина WordPress Automatic Plugin системы управления содержимым сайта WordPress, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-03371 | Уязвимость плагина WordPress Automatic Plugin системы управления содержимым сайта WordPress, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-03400 | Уязвимость плагина Jenkins SAML Single Sign On(SSO), связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-03522 | Уязвимость плагина Herd Effects системы управления содержимым сайта WordPress, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-03540 | Уязвимость платформы для развертывания и управления приложениями LoadMaster, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-03568 | Уязвимость системы управления контентом CMS Zaptrade, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить межсайтовые сценарии атаки |
| BDU:2024-03629 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить доступ к импорту данных или выполнить произвольный код |
| BDU:2024-03952 | Уязвимость микропрограммного обеспечения маршрутизатора D-Link DIR-600, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-04174 | Уязвимость веб-интерфейса сервера управления и мониторинга экстренных вызовов Cisco Emergency Responder, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-04255 | Уязвимость веб-интерфейса управления платформы управления политиками соединений Cisco Identity Services Engine (ISE), позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-04256 | Уязвимость веб-интерфейса управления платформы аналитики и автоматизации работы с многооблачными сетями дата-центров Cisco Nexus Dashboard, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-04321 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю установить произвольные значение данных аутентификации и выполнить произвольный код |
| BDU:2024-04669 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-04968 | Уязвимость средства разработки на базе искусственного интеллекта Devika, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-05084 | Уязвимость веб-интерфейса программного средства мониторинга и анализа сетевого трафика в промышленных сетях SINEC Traffic Analyzer, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-05347 | Уязвимость программной платформы интеграции данных IBM InfoSphere Information Server, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-05596 | Уязвимость функции wptodo_addcomment плагина WordPress To Do plugin системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-05675 | Уязвимость системы управления контентом Арфа-CMS, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-06168 | Уязвимость веб-интерфейса exacqVision Web Service системы видеонаблюдения exacqVision, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-06237 | Уязвимость графического пользовательского интерфейса программного средства выявления угроз безопасности на основе искусственного интеллекта FortiAIOps, осуществить CSRF-атаку |
| BDU:2024-06383 | Уязвимость модуля netshop CMS-системы Netcat, позволяющая нарушителю выполнить произвольный JavaScript-код |
| BDU:2024-06384 | Уязвимость параметра pricerule модуля netshop CMS-системы Netcat, позволяющая нарушителю выполнить произвольный JavaScript-код |
| BDU:2024-06387 | Уязвимость функции alter_form.php CMS-системы Netcat, позволяющая нарушителю выполнить произвольный JavaScript-код |
| BDU:2024-06389 | Уязвимость модуля filemanager CMS-системы Netcat, позволяющая нарушителю выполнить произвольный JavaScript-код |
| BDU:2024-06390 | Уязвимость параметра market модуля netshop CMS-системы Netcat, позволяющая нарушителю выполнить произвольный JavaScript-код |
| BDU:2024-06396 | Уязвимость модуля calendar CMS-системы Netcat, позволяющая нарушителю выполнить произвольный JavaScript-код |
| BDU:2024-06399 | Уязвимость параметра promotion_discount модуля netshop CMS-системы Netcat, позволяющая нарушителю выполнить произвольный JavaScript-код |
| BDU:2024-06448 | Уязвимость модуля ajaxterm панели управления хостингом Webmin, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-06591 | Уязвимость веб-интерфейса администрирования платформы управления политиками соединений Cisco Identity Services Engine, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-06712 | Уязвимость платформы обмена сообщениями Tinode Chat, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-06803 | Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source и Adobe Commerce, связанная с подделкой межсайтовых запросов, позволяющая нарушителю обойти ограничения безопасности и осуществить CSRF-атаку |
| BDU:2024-06821 | Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source и Adobe Commerce, связанная с подделкой межсайтовых запросов, позволяющая нарушителю обойти ограничения безопасности и осуществить CSRF-атаку |
| BDU:2024-06822 | Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source и Adobe Commerce, связанная с подделкой межсайтовых запросов, позволяющая нарушителю обойти ограничения безопасности и осуществить CSRF-атаку |
| BDU:2024-07583 | Уязвимость микропрограммного обеспечения программируемого логического контроллера (ПЛК) Advantech ADAM-5630, связанная с подделкой межсайтовых запросов, позволяющая нарушителю перехватить пользовательский сеанс |
| BDU:2024-07914 | Уязвимость веб-интерфейса управления операционных систем Cisco IOS XE, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-08494 | Уязвимость компонента Splunk Web платформы для операционного анализа Splunk Enterprise, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-08609 | Уязвимость встроенного веб-клиента GraphQL корпоративной системы управления электронной почтой Zimbra Collaboration Suite (ZCS), позволяющая нарушителю осуществить CSRF-атаку и раскрыть защищаемую информацию |
| BDU:2024-08663 | Уязвимость системы управления контентом (CMS) iCMS, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-08700 | Уязвимость веб-интерфейса управления микропрограммного обеспечения устройств IP-телефонии Cisco Analog Telephone Adapter (ATA) серии 190, позволяющая нарушителю осуществить CSRF-атаку и выполнить произвольные действия |
| BDU:2024-09161 | Уязвимость веб-интерфейса операционных систем Cisco IOS и IOS XE, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-09315 | Уязвимость системы управления контентом Amiro.CMS, связанная с подделкой межсайтовых запросов, позволяющая нарушителю создать учетную запись администратора |
| BDU:2024-10171 | Уязвимость программного обеспечения планирования ресурсов предприятия Apache OFBiz, связанная с неверным управлением генерацией кода, позволяющая нарушителю осуществить SSRF-атаку |
| BDU:2024-10186 | Уязвимость виртуальной обучающей среды Moodle, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-10888 | Уязвимость микропрограммного обеспечения встраиваемых сетевых контроллеров управления зданиями ASPECT Enterprise, NEXUS Series, MATRIX Series, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-11414 | Уязвимость веб-интерфейса микропрограммного обеспечения маршрутизаторов DrayTek Vigor, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-00234 | Уязвимость модуля Symfony Mailer Lite CMS-системы Drupal, связанная с подделкой межсайтовых запросов. позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-00258 | Уязвимость модуля Minify JS CMS-системы Drupal, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-00478 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-00590 | Уязвимость компонента Active Directory Federation Server операционной системы Windows, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-00662 | Уязвимость компонента Web Runtime SEC системы управления ресурсами предприятия JD Edwards EnterpriseOne Tools, позволяющая нарушителю получить доступ на чтение, изменение и удаление файлов |
| BDU:2025-00765 | Уязвимость модуля UI сервиса для управления бизнесом Битрикс24 и системы управления содержимым сайтов (CMS) 1С-Битрикс: Управление сайтом, позволяющая нарушителю выполнить произвольный код |
| BDU:2025-00860 | Уязвимость модуля Migrate queue importer CMS-системы Drupal, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-00862 | Уязвимость модуля Migrate Tools CMS-системы Drupal, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-00867 | Уязвимость модуля Acquia DAM CMS-системы Drupal, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку или вызвать отказ в обслуживании |
| BDU:2025-00901 | Уязвимость веб-интерфейса микропрограммного обеспечения маршрутизаторов EDIMAX BR-6476AC, позволяющая нарушителю повысить свои привилегии и выполнить произвольные команды |
| BDU:2025-00929 | Уязвимость инструмента распределенного выполнения тестов Selenium Server (Grid), связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-01028 | Уязвимость модуля POST File CMS-системы Drupal, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-01101 | Уязвимость файла /admin/tag/save системы управления контентом Jfinal CMS, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-01161 | Уязвимость веб-интерфейса микропрограммного обеспечения платформ маршрутизации и коммутации RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE и RUGGEDCOM ROX RX1400, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-01164 | Уязвимость модуля Gutenberg CMS-системы Drupal, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-01223 | Уязвимость компонента Web Runtime SEC системы управления ресурсами предприятия JD Edwards EnterpriseOne Tools, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-01233 | Уязвимость средства управления доступом Symantec Privileged Access Management, связанная с подделкой межсайтовых запросов, позволяющая нарушителю выполнить перехват сеанса пользователя |
| BDU:2025-01562 | Уязвимость веб-интерфейса микропрограммного обеспечения программируемых логических контроллеров SIMATIC S7-1200, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-01577 | Уязвимость конфигурации JWT OmniAuth provider программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS) |
| BDU:2025-01755 | Уязвимость платформы управления mySCADA myPRO Manager, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-02399 | Уязвимость плагина интеграции Jenkins Bitbucket Server Integration Plugin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-02545 | Уязвимость платформы защищённого обмена данными MFlash, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-03526 | Уязвимость веб-интерфейса Splunk Web платформы для операционного анализа Splunk Enterprise, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-03588 | Уязвимость протокола 3DSecure (3DS2), связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-03794 | Уязвимость программно-аппаратного средства защиты информации на базе технологий ИИ и глубинных нейросетей (DNN) Fortinet FortiNDR (Network Detection and Response), связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-ат... |
| BDU:2025-03852 | Уязвимость компонента Sherpa Orchestrator платформы для автоматизации процессов Sherpa RPA, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-03918 | Уязвимость библиотеки для разработки веб-приложений Werkzeug, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании |
| BDU:2025-04026 | Уязвимость программного интерфейса платформы создания совместных веб-приложений XWiki Platform XWiki, связанная с непринятием мер по нейтрализации инструкций в динамически исполняемом коде, позволяющая нарушителю выполнить произвольный код |
| BDU:2025-04274 | Уязвимость компонента Data Manager микропрограммного обеспечения многофункциональных приборов измерения параметров электрических сетей Siemens SENTRON 7KT PAC1260, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-04743 | Уязвимость виртуальной обучающей среды Moodle, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-04783 | Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source, Adobe Commerce и Adobe Commerce B2B, связанная с подделкой межсайтовых запросов, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2025-04960 | Уязвимость сервера автоматизации Jenkins, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-05104 | Уязвимость компонента Brickfield виртуальной обучающей среды Moodle, позволяющая нарушителю оказать влияние на целостность защищаемой информации |
| BDU:2025-05107 | Уязвимость виртуальной обучающей среды Moodle, связанная с подделкой межсайтовых запросов, позволяющая нарушителю оказать влияние на целостность защищаемой информации |
| BDU:2025-05286 | Уязвимость системы управления содержимым сайта PARTS SOFT СMS, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-05382 | Уязвимость интерфейса Storage Access API браузера Mozilla Firefox и почтового клиента Thunderbird, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-06131 | Уязвимость программного обеспечения видеоконференцсвязи VideoGrace, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-06205 | Уязвимость конфигуратора системных настроек Segnetics SMConfig, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-06352 | Уязвимость программных продуктов для проведения видеоконференций Zoom Workplace, связанная с подделкой межсайтовых запросов, позволяющая нарушителю оказать влияние на целостность защищаемой информации |
| BDU:2025-06354 | Уязвимость программных продуктов для проведения видеоконференций Zoom Workplace, связанная с подделкой межсайтовых запросов, позволяющая нарушителю оказать влияние на целостность защищаемой информации |
| BDU:2025-06664 | Уязвимость компонента Web Access приложения для управления проектами Oracle Primavera P6 Enterprise Project Portfolio Management, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2025-06717 | Уязвимость функции fromSysToolRestoreSet() микропрограммного обеспечения маршрутизаторов Tenda AC9, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-06812 | Уязвимость веб-интерфейса платформ управления рисками на предприятии IBM OpenPages и IBM OpenPages with Watson, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-07201 | Уязвимость функции OData программной платформы SAP S/4HANA, позволяющая нарушителю оказывать влияние на целостность и конфиденциальность защищаемой информации |
| BDU:2025-07596 | Уязвимость интерфейса GraphQL API программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-07630 | Уязвимость гибридного облачного решения для управления тонкими клиентами Dell Wyse Management Suite, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-08206 | Уязвимость программных продуктов обработки данных Atlassian Jira, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-08211 | Уязвимость веб-интерфейса микропрограммного обеспечения IP-камер, цифровых и сетевых видеорегистраторов Avtech, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-08593 | Уязвимость программной платформы Ruby on Rails, связанная с подделкой межсайтовых запросов, позволяющая нарушителю отправлять токены CSRF на неправильные домены |
| BDU:2025-08595 | Уязвимость программной платформы Ruby on Rails, связанная с подделкой межсайтовых запросов, позволяющая нарушителю подделать действующий токен CSRF |
| BDU:2025-08638 | Уязвимость компонента General сервиса данных Oracle REST Data Services, позволяющая нарушителю получить доступ на чтение, изменение и удаление информации |
| BDU:2025-08719 | Уязвимость компонента Device Integration программного средства управления производственными процессами Oracle MES for Process Manufacturing системы автоматизации деятельности предприятия Oracle E-Business Suite, позволяющая нарушителю получить доступ... |
| BDU:2025-08778 | Уязвимость программного обеспечения для организации и управления базами знаний и документацией KBPublisher, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-08889 | Уязвимость программного обеспечения для проведения видеоконференций Zoom, связанная с подделкой межсайтовых запросов, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-09153 | Уязвимость интерфейса GraphQL системы непрерывной интеграции и доставки приложений (CI/CD) JetBrains TeamCity, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-09158 | Уязвимость системы непрерывной интеграции и доставки приложений (CI/CD) JetBrains TeamCity, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-09169 | Уязвимость системы непрерывной интеграции и доставки приложений (CI/CD) JetBrains TeamCity, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-09727 | Уязвимость компонента Personalization программной платформы Oracle Applications Framework, позволяющая нарушителю получить несанкционированный доступ на изменение, чтение и удаление защищаемой информации |
| BDU:2025-10324 | Уязвимость веб-интерфейса управления операционных систем Cisco IOS XE, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-10631 | Уязвимость компонента Splunk Web платформы для операционного анализа Splunk Enterprise, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2025-10632 | Уязвимость компонента Splunk Web платформы для операционного анализа Splunk Enterprise, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-10818 | Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source, Adobe Commerce и Adobe Commerce B2B, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить несанкционированный доступ к защищаемо... |
| BDU:2025-11550 | Уязвимость модуля Incubator PHP фреймворка Icinga Web 2, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-11692 | Уязвимость HTML-редактора Adobe Dreamweaver, связанная с подделкой межсайтовых запросов, позволяющая нарушителю выполнить произвольный код |
| BDU:2025-11705 | Уязвимость микропрограммного обеспечения промышленного цифрового газоанализатора MEAC300-FNADE4, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-11753 | Уязвимость HTTP-библиотеки защиты от подделки межсайтовых запросов gorilla/csrf, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-11986 | Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить доступ к конфиденциальным данным |
| BDU:2025-11987 | Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании |
| BDU:2025-12712 | Уязвимость веб-интерфейса управления систем обработки вызовов Cisco Unified Communications Manager (CM) и Cisco Unified Communications Manager Session Management Edition (SME), позволяющая нарушителю выполнить произвольный код |
| BDU:2025-12727 | Уязвимость встроенного веб-клиента GraphQL корпоративной системы управления электронной почтой Zimbra Collaboration Suite (ZCS), позволяющая нарушителю осуществить CSRF-атаку и раскрыть защищаемую информацию |
| BDU:2025-12756 | Уязвимость программного обеспечения автоматизации HR-процессов Websoft HCM, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-12950 | Уязвимость программного интерфейса платформы создания совместных веб-приложений XWiki Platform XWiki, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-13414 | Уязвимость пакета интеграции devtools-integration платформы Nest для создания масштабируемых серверных приложений Node.js, позволяющая нарушителю выполнить произвольный код |
| BDU:2025-13518 | Уязвимость механизма обработки доменных имен idna метода преобразования символов Punycode, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-14514 | Уязвимость операционной системы KeeneticOS, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-14533 | Уязвимость функции Replay инструмента визуализации данных Hypermap инструмента для мониторинга ИТ-инфраструктуры Nagios XI, позволяющая нарушителю проводить межсайтовые сценарные (XSS) |
| BDU:2025-14626 | Уязвимость ядра Arduino программного обеспечения микроконтроллеров arduino-esp32, связанная с подделкой межсайтовых запросов, позволяющая нарушителю выполнить произвольный код |
| BDU:2025-14761 | Уязвимость FTP-сервера для управления файлами Rumpus, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-14769 | Уязвимость фреймворка для масштабирования приложений AI и Python Ray, связанная с подделкой межсайтовых запросов, позволяющая нарушителю выполнить произвольный код |
| BDU:2025-16000 | Уязвимость микропрограммного обеспечения ленточного накопителя IBM Storage TS4500, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-16011 | Уязвимость мобильного приложения для обмена мгновенными сообщениями Mattermost Mobile Apps, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-16038 | Уязвимость промышленной сетевой точки доступа Wi-Fi Rockwell Automation 1783-NATR, связанная с подделкой межсайтовых запросов, позволяющая нарушителю изменить конфигурацию устройства |
| BDU:2025-16337 | Уязвимость функции handleServeStandalone() плагина Mattermost Calls приложения для обмена мгновенными сообщениями Mattermost, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2026-00210 | Уязвимость хостинга для игровых стримов Sunshine, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку с помощью специально созданной веб-страницы |
| BDU:2026-00279 | Уязвимость системы управления контентом на основе технологии Java OFCMS, связаная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2026-00314 | Уязвимость сервера автоматизации Jenkins, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2026-00764 | Уязвимость веб-приложения SAP Fiori App, связанная с подделкой межсайтовых запросов, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2026-00917 | Уязвимость микропрограммного обеспечения беспроводных Wi-Fi маршрутизаторов Tenda W30E, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2026-01026 | Уязвимость административной панели платформы управления мобильными устройствами Telpo MDM, связаная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2026-01713 | Уязвимость библиотеки node-tar программной платформы Node.js, позволяющая нарушителю получить доступ на изменение и запись произвольных файлов |
| BDU:2026-01828 | Уязвимость компонента Animation браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2026-01901 | Уязвимость SCADA-системы FAST/TOOLS, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2026-02082 | Уязвимость многоплатформенного веб-решения для создания Scada-систем Scada-LTS, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю обойти ограничения безопасности и осуществить CSRF-атаку |
| BDU:2026-02355 | Уязвимость онлайн-службы для управления прачечной Laundry, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2026-02451 | Уязвимость почтового клиента Active! mail, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
Идентификаторы CVE уязвимостей
Идентификатор, базы данных общеизвестных уязвимостей информационной безопасности
| Идентификатор | Описание |
|---|---|
| CVE-2012-10010 | BestWebSoft Contact Form contact_form.php cntctfrm_settings_page cross-site request forgery |
| CVE-2012-10012 | BestWebSoft Facebook Like Button facebook-button-plugin.php fcbk_bttn_plgn_settings_page cross-site request forgery |
| CVE-2012-10015 | BestWebSoft Twitter Plugin Settings Page twitter.php twttr_settings_page cross-site request forgery |
| CVE-2012-10017 | BestWebSoft Portfolio Plugin cross-site request forgery |
| CVE-2013-10025 | Exit Strategy Plugin exitpage.php exitpageadmin cross-site request forgery |
| CVE-2013-10027 | Blogger Importer Plugin blogger-importer.php restart cross-site request forgery |
| CVE-2013-10029 | Exit Box Lite Plugin wordpress-exit-box-lite.php exitboxadmin cross-site request forgery |
| CVE-2014-0594 | CSRF protection incorrectly disabled |
| CVE-2014-125028 | valtech IDP Test Client main.py cross-site request forgery |
| CVE-2014-2358 | Fox-IT DataDiode Appliance CSRF |
| CVE-2014-2369 | Omron NS Series HMI Cross-Site Request Forgery |
| CVE-2015-10001 | WP-Stats < 2.5.2 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2015-10081 | arnoldle submitByMailPlugin edit_list.php cross-site request forgery |
| CVE-2015-10108 | meitar Inline Google Spreadsheet Viewer Plugin inline-gdocs-viewer.php displayShortcode cross-site request forgery |
| CVE-2015-10109 | Video Playlist and Gallery Plugin wp-media-cincopa.php cross-site request forgery |
| CVE-2015-10116 | RealFaviconGenerator Favicon Plugin class-favicon-by-realfavicongenerator-admin.php install_new_favicon cross-site request fo... |
| CVE-2015-10125 | WP Ultimate CSV Importer Plugin cross-site request forgery |
| CVE-2015-20105 | ClickBank Affiliate Ads <= 1.20 - CSRF to Stored Cross-Site Scripting |
| CVE-2015-9284 | The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part... |
| CVE-2016-10522 | rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating... |
| CVE-2016-10529 | Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a s... |
| CVE-2016-15009 | OpenACS bug-tracker Search nav-bar.adp cross-site request forgery |
| CVE-2016-3098 | Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user'... |
| CVE-2016-6557 | The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgery |
| CVE-2016-6578 | CodeLathe FileCloud, version 13.0.0.32841 and earlier, is vulnerable to cross-site request forgery (CSRF) |
| CVE-2016-7067 | Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an atta... |
| CVE-2016-9127 | Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is... |
| CVE-2016-9455 | Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user in... |
| CVE-2016-9456 | Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security au... |
| CVE-2017-0933 | Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker w... |
| CVE-2017-12253 | A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted... |
| CVE-2017-12271 | A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwant... |
| CVE-2017-14011 | A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does... |
| CVE-2017-20020 | Solare Solar-Log cross-site request forgery |
| CVE-2017-20045 | Navetti PricePoint cross-site request forgery |
| CVE-2017-20053 | XYZScripts Contact Form Manager Plugin cross-site request forgery |
| CVE-2017-20062 | Elefant CMS cross-site request forgery |
| CVE-2017-20065 | Supsystic Popup Plugin cross-site request forgery |
| CVE-2017-20088 | Atahualpa Theme cross-site request forgery |
| CVE-2017-20090 | Global Content Blocks Plugin cross-site request forgery |
| CVE-2017-20091 | File Manager Plugin cross-site request forgery |
| CVE-2017-20093 | Download Manager Plugin cross-site request forgery |
| CVE-2017-20120 | TrueConf Server cross-site request forgery |
| CVE-2017-2682 | The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cro... |
| CVE-2017-2688 | The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform... |
| CVE-2017-3187 | The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery |
| CVE-2017-5187 | A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Mic... |
| CVE-2017-5244 | Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests s... |
| CVE-2017-5263 | Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF att... |
| CVE-2017-5264 | Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Action... |
| CVE-2017-6038 | A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior ve... |
| CVE-2017-6042 | A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirL... |
| CVE-2017-6634 | A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches 1.3 could allow an unau... |
| CVE-2017-6756 | A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unau... |
| CVE-2017-7423 | A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server... |
| CVE-2017-7556 | Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to... |
| CVE-2017-7906 | In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticat... |
| CVE-2017-7917 | A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions,... |
| CVE-2017-7926 | A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability all... |
| CVE-2017-9641 | PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft reco... |
| CVE-2018-0107 | A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execut... |
| CVE-2018-0146 | A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to c... |
| CVE-2018-0148 | A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controll... |
| CVE-2018-0210 | A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, re... |
| CVE-2018-0215 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated,... |
| CVE-2018-0216 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated,... |
| CVE-2018-0255 | A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, rem... |
| CVE-2018-0259 | A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker... |
| CVE-2018-0270 | A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenti... |
| CVE-2018-0363 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly... |
| CVE-2018-0364 | A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthent... |
| CVE-2018-0365 | A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, re... |
| CVE-2018-0413 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated,... |
| CVE-2018-0439 | Cisco Meeting Server Cross-Site Request Forgery Vulnerability |
| CVE-2018-0444 | Cisco Packaged Contact Center Enterprise Cross-Site Scripting Vulnerability |
| CVE-2018-0445 | Cisco Packaged Contact Center Enterprise Cross-Site Request Forgery Vulnerability |
| CVE-2018-0446 | Cisco Industrial Network Director Cross-Site Request Forgery Vulnerability |
| CVE-2018-0451 | Cisco Tetration Analytics Cross-Site Request Forgery Vulnerability |
| CVE-2018-10884 | Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py... |
| CVE-2018-10895 | qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*'... |
| CVE-2018-1098 | A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a... |
| CVE-2018-11448 | A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored C... |
| CVE-2018-1230 | Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated us... |
| CVE-2018-12540 | In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSR... |
| CVE-2018-13800 | A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could... |
| CVE-2018-14783 | NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery c... |
| CVE-2018-15401 | Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability |
| CVE-2018-15402 | Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability |
| CVE-2018-15438 | Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability |
| CVE-2018-15445 | Cisco Energy Management Suite Cross-Site Request Forgery Vulnerability |
| CVE-2018-15612 | Orchestration Designer Runtime Config CSRF |
| CVE-2018-16854 | A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is no... |
| CVE-2018-19948 | The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (C... |
| CVE-2018-25096 | MdAlAmin-aol Own Health Record logout.php cross-site request forgery |
| CVE-2018-4066 | An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES4... |
| CVE-2018-7524 | A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopF... |
| CVE-2018-8844 | Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently veri... |
| CVE-2019-10176 | A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster conso... |
| CVE-2019-10186 | A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML load... |
| CVE-2019-10199 | It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attack... |
| CVE-2019-12624 | Cisco IOS XE NGWC Legacy Wireless Device Manager GUI Cross-Site Request Forgery Vulnerability |
| CVE-2019-12636 | Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability |
| CVE-2019-13529 | An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions wit... |
| CVE-2019-13920 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web applicat... |
| CVE-2019-13930 | A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow a Cross-Site Request Forg... |
| CVE-2019-16002 | Cisco SD-WAN Solution vManage Cross-Site Request Forgery Vulnerability |
| CVE-2019-16009 | Cisco IOS and Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability |
| CVE-2019-1632 | Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability |
| CVE-2019-1658 | Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability |
| CVE-2019-1713 | Cisco Adaptive Security Appliance Software Cross-Site Request Forgery Vulnerability |
| CVE-2019-1722 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability |
| CVE-2019-17633 | For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigge... |
| CVE-2019-1764 | Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability |
| CVE-2019-1797 | Cisco Wireless LAN Controller Software Cross-Site Request Forgery Vulnerability |
| CVE-2019-18271 | OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to a cross-site request forger... |
| CVE-2019-1857 | Cisco HyperFlex HX-Series Web-Based Management Interface Cross-Site Request Forgery Vulnerability |
| CVE-2019-1874 | Cisco Prime Service Catalog Cross-Site Request Forgery Vulnerability |
| CVE-2019-1881 | Cisco Industrial Network Director Cross-Site Request Forgery Vulnerability |
| CVE-2019-1904 | Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability |
| CVE-2019-1915 | Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability |
| CVE-2019-19289 | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow a Cross-Site Request Forgery (... |
| CVE-2019-1958 | Cisco HyperFlex Software Cross-Site Request Forgery Vulnerability |
| CVE-2019-25064 | CoreHR Core Portal cross-site request forgery |
| CVE-2019-3809 | A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed sett... |
| CVE-2019-3864 | A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a sp... |
| CVE-2019-3876 | A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI... |
| CVE-2019-5430 | In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on t... |
| CVE-2019-5431 | This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable... |
| CVE-2019-6561 | Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions... |
| CVE-2019-9882 | Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources... |
| CVE-2019-9883 | Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specif... |
| CVE-2020-10734 | A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shippe... |
| CVE-2020-10771 | A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using... |
| CVE-2020-10890 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947... |
| CVE-2020-10892 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947... |
| CVE-2020-11003 | CSRF and DNS Rebinding in Oasis |
| CVE-2020-11069 | Cross-Site Request Forgery in TYPO3 CMS |
| CVE-2020-12502 | Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products |
| CVE-2020-12511 | Pepper+Fuchs Comtrol IO-Link Master Cross-Site Request Forgery |
| CVE-2020-12781 | Combodo iTop - CSRF |
| CVE-2020-13186 | An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form,... |
| CVE-2020-13527 | An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9,... |
| CVE-2020-13569 | A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (c... |
| CVE-2020-13673 | The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter... |
| CVE-2020-13674 | The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some cir... |
| CVE-2020-14368 | A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies a... |
| CVE-2020-14369 | This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execu... |
| CVE-2020-14506 | Philips Clinical Collaboration Platform Cross-site Request Forgery |
| CVE-2020-15135 | CSRF vulnerability in save-server |
| CVE-2020-15156 | XSS due to lack of CSRF validation for replying/publishing |
| CVE-2020-15182 | Cross-site Request Forgery leading to RCE in SOY CMS |
| CVE-2020-15259 | CSRF in Auth0 ad-ldap-connector |
| CVE-2020-15789 | A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Si... |
| CVE-2020-16208 | The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurati... |
| CVE-2020-1692 | Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course. |
| CVE-2020-1977 | Expedition Migration Tool: Insufficient Cross Site Request Forgery protection. |
| CVE-2020-28398 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions <... |
| CVE-2020-29030 | Insufficient CSRF guards |
| CVE-2020-3114 | Cisco Data Center Network Manager Cross-Site Request Forgery Vulnerability |
| CVE-2020-3124 | Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability |
| CVE-2020-3135 | Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability |
| CVE-2020-3148 | Cisco Prime Network Registrar Cross-Site Request Forgery Vulnerability |
| CVE-2020-3261 | Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability |
| CVE-2020-3456 | Cisco FXOS Software Firepower Chassis Manager Cross-Site Request Forgery Vulnerability |
| CVE-2020-36504 | WP-Pro-Quiz <= 0.37 - Arbitrary Quiz Deletion via CSRF |
| CVE-2020-36505 | Delete All Comments Easily <= 1.3 - All Comments Deletion via CSRF |
| CVE-2020-36534 | easyii CMS out cross-site request forgery |
| CVE-2020-36633 | moodle-block_sitenews block_sitenews.php get_content cross-site request forgery |
| CVE-2020-36836 | WP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2020-36839 | WP Lead Plus X <= 0.99 - Cross-Site Request Forgery |
| CVE-2020-4040 | CSRF issue on preview pages in Bolt CMS |
| CVE-2020-5335 | RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated... |
| CVE-2020-5397 | CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux |
| CVE-2020-5402 | UAA fails to check the state parameter when authenticating with external IDPs |
| CVE-2020-6776 | CSRF in Bosch PRAESIDEO and Bosch PRAESENSA Management Interface |
| CVE-2020-7005 | In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which... |
| CVE-2020-7029 | Avaya Product System Management Interface Cross-Site Request Forgery Vulnerability |
| CVE-2020-7304 | DLP ePO extension - Cross-site request forgery |
| CVE-2020-7332 | Cross-Site Request Forgery (CSRF) in firewall ePO extension of McAfee Endpoint Security (ENS) |
| CVE-2020-7336 | Network Security Management (NSM) - Cross Site Request Forgery vulnerability |
| CVE-2020-7503 | A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which co... |
| CVE-2020-7534 | A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitiv... |
| CVE-2020-8166 | A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global... |
| CVE-2020-8167 | A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domain... |
| CVE-2020-8168 | We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities fou... |
| CVE-2020-8282 | A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attack... |
| CVE-2020-8976 | ZGR TPS200 Cross-Site Request Forgery (CSRF) |
| CVE-2021-1227 | Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability |
| CVE-2021-1257 | Cisco DNA Center Cross-Site Request Forgery Vulnerability |
| CVE-2021-21027 | Magento Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Data Modification |
| CVE-2021-21241 | CSRF can expose users authentication token in Flask-Security-Too |
| CVE-2021-21275 | CSRF in MediaWiki Report extension |
| CVE-2021-21395 | Magneto-lts vulnerable to Cross-Site Request Forgery |
| CVE-2021-21407 | Portal : the CSRF token isn't validated |
| CVE-2021-21549 | Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attac... |
| CVE-2021-22512 | Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vuln... |
| CVE-2021-22701 | A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, I... |
| CVE-2021-22949 | A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and... |
| CVE-2021-22950 | Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be delet... |
| CVE-2021-22953 | A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exh... |
| CVE-2021-22954 | A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf... |
| CVE-2021-23026 | BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions... |
| CVE-2021-23050 | On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all ve... |
| CVE-2021-23163 | JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpo... |
| CVE-2021-23227 | WordPress PHP Everywhere Plugin <= 2.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2021-23849 | Cross Site Request Forgery (CSRF) vulnerability in web based management interface |
| CVE-2021-24133 | ActiveCampaign < 8.0.2 - Cross-Site Request Forgery in Settings |
| CVE-2021-24159 | Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-24161 | Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload |
| CVE-2021-24162 | Responsive Menu < 4.0.4 - CSRF to Settings Update |
| CVE-2021-24166 | Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection |
| CVE-2021-24172 | VM Backups <= 1.0 - CSRF to Database Backup Download |
| CVE-2021-24173 | VM Backups <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24174 | Database Backups <= 1.2.2.6 - CSRF to Backup Download |
| CVE-2021-24178 | Business Directory Plugin < 5.11.1 - Arbitrary Add/Edit/Delete Form Field to Stored XSS |
| CVE-2021-24179 | Business Directory Plugin < 5.11 - Arbitrary File Upload to RCE |
| CVE-2021-24218 | Facebook for WordPress 3.0.0-3.0.3 - CSRF to Stored XSS and Settings Deletion |
| CVE-2021-24230 | Patreon WordPress < 1.7.0 - CSRF to Overwrite/Create User Meta |
| CVE-2021-24231 | Patreon WordPress < 1.7.0 - CSRF to Disconnect Sites From Patreon |
| CVE-2021-24249 | Business Directory Plugin < 5.11.2 - Arbitrary Listing Export |
| CVE-2021-24251 | Business Directory Plugin < 5.11.2 - Arbitrary Payment History Update |
| CVE-2021-24272 | Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS) |
| CVE-2021-24324 | 404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24328 | WP Login Security and History <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24333 | Content Copy Protection & Prevent Image Save <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24349 | Gallery From Files <= 1.6.0 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24380 | Shantz WordPress QOTD <= 1.2.2 - Arbitrary Setting Update via CSRF |
| CVE-2021-24388 | Vik Rent Car < 1.1.7 - CSRF to Stored XSS |
| CVE-2021-24410 | Telugu Bible Verse Daily <= 1.0 - CSRF to Stored XSS |
| CVE-2021-24411 | Social Tape <= 1.0 - CSRF to Stored XSS |
| CVE-2021-24431 | Language Bar Flags <= 1.0.8 - CSRF to Stored XSS |
| CVE-2021-24434 | Glass <= 1.3.2 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24446 | Remove Footer Credit < 1.0.6 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24466 | Verse-O-Matic <= 4.1.1 - CSRF to Stored XSS |
| CVE-2021-24467 | Leaflet Map < 3.0.0 - Arbitrary Settings Update via CSRF Leading to Stored XSS |
| CVE-2021-24477 | Migrate Users <= 1.0.1 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24487 | St Daily Tip <= 4.7 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24490 | Email Artillery <= 4.1 - Arbitrary File Upload |
| CVE-2021-24491 | Fileviewer <= 2.2 - Arbitrary File Upload/Deletion via CSRF |
| CVE-2021-24504 | WP LMS <= 1.1.2 - Stored Cross-Site Scripting (XSS) |
| CVE-2021-24535 | Light Messages <= 1.0 - CSRF to Stored XSS |
| CVE-2021-24536 | Custom Login Redirect <= 1.0.0 - CSRF to Stored XSS |
| CVE-2021-24543 | jQuery Reply to Comment <= 1.31 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24555 | Diary & Availability Calendar <= 1.0.3 - Authenticated (subscriber+) SQL Injection |
| CVE-2021-24559 | Qyrr < 0.7 - Authenticated (contributor+) Stored XSS |
| CVE-2021-24565 | Contact Form 7 Captcha < 0.0.9 - CSRF to Stored XSS |
| CVE-2021-24570 | Paypal Donation < 1.3.1 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24572 | Paypal Donation < 1.3.1 - CSRF to Arbitrary Post Deletion |
| CVE-2021-24581 | Blue Admin <= 21.06.01 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24584 | Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Update |
| CVE-2021-24586 | Per Page Add to Head < 1.4.4 - CSRF to Stored XSS |
| CVE-2021-24595 | WP Cookie Choice <= 1.1.0 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24611 | Keywords & Meta <= 3.0 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24615 | Wechat Reward <= 1.7 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24618 | Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting |
| CVE-2021-24626 | Chameleon CSS <= 1.2 - Subscriber+ SQL Injection |
| CVE-2021-24636 | Print My Blog < 3.4.2 - Plugin Deactivation via CSRF |
| CVE-2021-24639 | OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion |
| CVE-2021-24641 | Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF) |
| CVE-2021-24642 | Scroll Baner <= 1.0 - CSRF to RCE |
| CVE-2021-24668 | MAZ Loader < 1.4.1 - Arbitrary Loader Deletion via CSRF |
| CVE-2021-24674 | Genie WP Favicon <= 0.5.2 - Arbitrary Favicon Change via CSRF |
| CVE-2021-24675 | One User Avatar < 2.3.7 - Avatar Update via CSRF |
| CVE-2021-24683 | Weather Effect < 1.3.4 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24685 | Flat Preloader < 1.5.4 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24696 | Simple Download Monitor < 3.9.9 - Multiple CSRF |
| CVE-2021-24704 | Orange Form <= 1.0 - SQL Injection via CSRF |
| CVE-2021-24705 | NEX-Forms < 8.4.3 - Stored Cross-Site Scripting via CSRF |
| CVE-2021-24711 | Software License Manager < 4.5.1 - Arbitrary Domain Deletion via CSRF |
| CVE-2021-24725 | Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF |
| CVE-2021-24730 | Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update |
| CVE-2021-24735 | Compact WP Audio Player < 1.9.7 - Setting Change via CSRF |
| CVE-2021-24749 | URL Shortify < 1.5.1 - Arbitrary Link/Group Deletion via CSRF |
| CVE-2021-24761 | Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF |
| CVE-2021-24766 | 404 to 301 < 3.0.9 - Logs Deletion via CSRF |
| CVE-2021-24767 | Redirect 404 Error Page to Homepage or Custom Page with Logs < 1.7.9 - Log Deletion via CSRF |
| CVE-2021-24776 | WP Performance Score Booster < 2.1 - Settings Change via CSRF |
| CVE-2021-24780 | Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF |
| CVE-2021-24784 | WP Admin Logo Changer <= 1.0 - Plugin's Settings Update via CSRF |
| CVE-2021-24795 | Filter Portfolio Gallery <= 1.5 - Arbitrary Gallery Deletion via CSRF |
| CVE-2021-24799 | Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF |
| CVE-2021-24802 | Colorful Categories < 2.0.15 - Arbitrary Colors Update via CSRF |
| CVE-2021-24803 | Core Tweaks WP Setup <= 4.1 - Arbitrary Admin Account Creation / Admin Email Update via CSRF |
| CVE-2021-24804 | Simple JWT Login < 3.2.1 - Arbitrary Settings Update to Site Takeover via CSRF |
| CVE-2021-24805 | DW Question & Answer Pro <= 1.3.4 - Multiple CSRF |
| CVE-2021-24806 | wpDiscuz < 7.3.4 - Arbitrary Comment Addition/Edition/Deletion via CSRF |
| CVE-2021-24809 | BP Better Messages < 1.9.9.41 - Multiple CSRF |
| CVE-2021-24818 | WP Limits <= 1.0 - Plugin's Settings Update via CSRF |
| CVE-2021-24822 | Stylish Cost Calculator < 7.04 - Subscriber+ Unauthorised AJAX Calls to Stored XSS |
| CVE-2021-24823 | Support Board < 3.3.6 - Arbitrary File Deletion via CSRF |
| CVE-2021-24832 | WP SEO Redirect 301 < 2.3.2 - Redirect Deletion via CSRF |
| CVE-2021-24836 | Temporary Login Without Password < 1.7.1 - Subscriber+ Plugin's Settings Update |
| CVE-2021-24843 | SupportCandy < 2.2.7 - Arbitrary Ticket Deletion via CSRF |
| CVE-2021-24852 | MouseWheel Smooth Scroll < 5.7 - Plugin's Setting Update via CSRF |
| CVE-2021-24870 | WP Fastest Cache < 0.9.5 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24879 | SupportCandy < 2.2.7 - CSRF to Cross-Site Scripting |
| CVE-2021-24890 | Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload |
| CVE-2021-24912 | Transposh WordPress Translation < 1.0.8 - CSRF to Stored XSS |
| CVE-2021-24913 | Logo Showcase with Slick Slider < 2.0.1 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF |
| CVE-2021-24922 | Pixel Cat Lite < 2.6.2 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24936 | WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24981 | Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload |
| CVE-2021-24989 | Accept Donations with PayPal < 1.3.4 - Arbitrary Post Deletion via CSRF |
| CVE-2021-25010 | Post Snippets < 3.1.4 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-25025 | Event Calendar < 1.1.51 - Subscriber+ Event Creation |
| CVE-2021-25032 | PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise |
| CVE-2021-25051 | Modal Window < 5.2.2 - RFI leading to RCE via CSRF |
| CVE-2021-25052 | Button Generator < 2.3.3 - RFI leading to RCE via CSRF |
| CVE-2021-25053 | WP Coder < 2.5.2 - RFI leading to RCE via CSRF |
| CVE-2021-25072 | NextScripts: Social Networks Auto-Poster < 4.3.25 - Arbitrary Post Deletion via CSRF |
| CVE-2021-25073 | WP125 < 1.5.5 - Arbitrary Ad Deletion via CSRF |
| CVE-2021-25081 | WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF |
| CVE-2021-25092 | Link Library < 7.2.8 - Library Settings Reset via CSRF |
| CVE-2021-25095 | IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban |
| CVE-2021-25097 | LabTools <= 1.0 - Subscriber+ Arbitrary Publication Deletion |
| CVE-2021-25098 | Easy Pricing Tables < 3.1.3 - Arbitrary Post Removal via CSRF |
| CVE-2021-25108 | IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF |
| CVE-2021-25116 | Enqueue Anything <= 1.0.1 - Subscriber+ Arbitrary Asset/Post Deletion |
| CVE-2021-25117 | WP Postratings < 1.86.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-25965 | Calibre-web - Admin Account Takeover via Cross-Site Request Forgery (CSRF) |
| CVE-2021-25976 | Piranha CMS - Site-wide Cross-Site Request Forgery (CSRF) |
| CVE-2021-26296 | Cross-Site Request Forgery (CSRF) vulnerability in Apache MyFaces |
| CVE-2021-27758 | There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after atta... |
| CVE-2021-27759 | This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the... |
| CVE-2021-28656 | Apache Zeppelin: CSRF vulnerability in the Credentials page |
| CVE-2021-29435 | Cross-Site Request Forgery (CSRF) in trestle-auth |
| CVE-2021-29436 | Cross site request forgery vulnerability |
| CVE-2021-32632 | CSRF allowing modification of commands, modules, banphrases through hidden iFrames |
| CVE-2021-32677 | Cross-Site Request Forgery (CSRF) in FastAPI |
| CVE-2021-32730 | No CSRF protection on the password change form |
| CVE-2021-32732 | Cross-Site Request Forgery in xwiki-platform |
| CVE-2021-32774 | Cross-Site Request Forgery (CSRF) in DataDump |
| CVE-2021-32776 | No CSRF form token cleanup on Windows servers |
| CVE-2021-32929 | Uffizio GPS Tracker Cross-site Request Forgery |
| CVE-2021-32991 | Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker... |
| CVE-2021-34358 | CSRF Vulnerability in QmailAgent |
| CVE-2021-34360 | CSRF Bypass in Proxy Server |
| CVE-2021-34619 | Cross-Site Request Forgery in WooCommerce Stock Manager WordPress Plugin |
| CVE-2021-34620 | CSRF in WP Fluent Forms < 3.6.67 allows stored XSS and Privilege Escalation |
| CVE-2021-34628 | Admin Custom Login <= 3.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34631 | NewsPlugin <= 1.0.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34632 | SEO Backlinks <= 4.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34633 | Youtube Feeder <= 2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34634 | Nifty Newsletters <= 4.0.23 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34636 | Countdown and CountUp, WooCommerce Sales Timer <= 1.5.7 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34637 | Post Index <= 0.7.5 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34645 | Shopping Cart & eCommerce Store <= 5.1.0 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34661 | WP Fusion Lite <= 3.37.18 Cross-Site Request Forgery to Data Deletion |
| CVE-2021-34743 | Cisco Webex Software Application Authorization Bypass Vulnerability |
| CVE-2021-34773 | Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability |
| CVE-2021-35242 | A valid CSRF token is present in response to an invalid request |
| CVE-2021-3683 | Cross-Site Request Forgery (CSRF) in star7th/showdoc |
| CVE-2021-36850 | WordPress Media File Renamer – Auto & Manual Rename plugin <= 5.1.9 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36852 | WordPress WP Hotel Booking plugin <= 1.10.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36854 | WordPress Booking Ultra Pro plugin <= 1.1.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2021-36855 | WordPress Booking Ultra Pro plugin <= 1.1.4 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36861 | WordPress Rich Reviews by Starfish plugin <= 1.9.14 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36876 | WordPress uListing plugin <= 2.0.5 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2021-36877 | WordPress uListing plugin <= 2.0.5 - Modify User Roles via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36878 | WordPress uListing plugin <= 2.0.5 - Settings Update via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36886 | WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36887 | WordPress tarteaucitron.js – Cookies legislation & GDPR plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability lea... |
| CVE-2021-36890 | WordPress Social Share Buttons by Supsystic plugin <= 2.2.2 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36891 | WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change |
| CVE-2021-36908 | WordPress WP Reset PRO Premium Plugin <= 5.98 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36914 | WordPress CalderaWP License Manager plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected C... |
| CVE-2021-36915 | WordPress Profile Builder plugin <= 3.6.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-37198 | A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions... |
| CVE-2021-37201 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerab... |
| CVE-2021-3728 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-3729 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-3730 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-3775 | Cross-Site Request Forgery (CSRF) in star7th/showdoc |
| CVE-2021-3776 | Cross-Site Request Forgery (CSRF) in star7th/showdoc |
| CVE-2021-3819 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-38342 | Nested Pages <= 3.1.15 Cross-Site Request Forgery to Arbitrary Post Deletion and Modification |
| CVE-2021-38480 | InHand Networks IR615 Router |
| CVE-2021-3858 | Cross-Site Request Forgery (CSRF) in snipe/snipe-it |
| CVE-2021-3900 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-3901 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-39133 | Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server |
| CVE-2021-39197 | Cross-Site Request Forgery in better_errors |
| CVE-2021-39198 | The disqualify lead action may be executed without CSRF token check |
| CVE-2021-39209 | Bypassable CSRF protection |
| CVE-2021-3921 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-3931 | Cross-Site Request Forgery (CSRF) in snipe/snipe-it |
| CVE-2021-3932 | Cross-Site Request Forgery (CSRF) in area17/twill |
| CVE-2021-39353 | Easy Registration Forms <= 2.1.1 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-3944 | Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack |
| CVE-2021-3957 | Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 |
| CVE-2021-3963 | Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 |
| CVE-2021-3976 | Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 |
| CVE-2021-39864 | Adobe Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Cart Addition |
| CVE-2021-3993 | Cross-Site Request Forgery (CSRF) in star7th/showdoc |
| CVE-2021-4005 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-4015 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-4017 | Cross-Site Request Forgery (CSRF) in star7th/showdoc |
| CVE-2021-4030 | A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to ex... |
| CVE-2021-4033 | Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 |
| CVE-2021-40335 | Cross Site Request Forgery (CSRF) in Hitachi Energy’s MSM Product |
| CVE-2021-4049 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat |
| CVE-2021-4082 | Cross-Site Request Forgery (CSRF) in pimcore/pimcore |
| CVE-2021-4092 | Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm |
| CVE-2021-4096 | Fancy Product Designer <= 4.7.5 - Cross-Site Request Forgery to Arbitrary File Upload |
| CVE-2021-41083 | CSRF Vulnerability in dada-mail 11.15.1 and below |
| CVE-2021-41113 | Cross-Site-Request-Forgery in Backend URI Handling in Typo3 |
| CVE-2021-41176 | logout CSRF in Pterodactyl Panel |
| CVE-2021-4123 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat |
| CVE-2021-41245 | Possible Cross-Site Request Forgery in Combodo iTop |
| CVE-2021-41260 | Missing CSRF checks in Galette |
| CVE-2021-41273 | Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys |
| CVE-2021-41274 | Authentication Bypass by CSRF Weakness |
| CVE-2021-41275 | Authentication Bypass by CSRF Weakness |
| CVE-2021-41295 | ECOA BAS controller - Cross-Site Request Forgery (CSRF) |
| CVE-2021-4130 | Cross-Site Request Forgery (CSRF) in snipe/snipe-it |
| CVE-2021-4131 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat |
| CVE-2021-4162 | Cross-Site Request Forgery (CSRF) in archivy/archivy |
| CVE-2021-4164 | Cross-Site Request Forgery (CSRF) in janeczku/calibre-web |
| CVE-2021-4168 | Cross-Site Request Forgery (CSRF) in star7th/showdoc |
| CVE-2021-42358 | Contact Form With Captcha <= 1.6.2 Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2021-42364 | Stetic <= 1.0.6 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-43353 | Crisp Live Chat <= 0.31 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-43559 | A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "d... |
| CVE-2021-43777 | Vulnerability in Redash OAuth2 flows due to misuse of state field (should be a nonce) |
| CVE-2021-43846 | CSRF forgery protection bypass for Spree::OrdersController#populate |
| CVE-2021-44777 | WordPress Email Tracker plugin <= 5.2.6 - Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail... |
| CVE-2022-0088 | Cross-Site Request Forgery (CSRF) in yourls/yourls |
| CVE-2022-0134 | AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF |
| CVE-2022-0141 | Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF |
| CVE-2022-0164 | Coming soon and Maintenance mode < 3.6.7 - Subscriber+ Arbitrary Email Sending to Subscribed Users |
| CVE-2022-0191 | Ad Invalid Click Protector (AICP) < 1.2.7 - Arbitrary Ban Deletion via CSRF |
| CVE-2022-0196 | Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite |
| CVE-2022-0197 | Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite |
| CVE-2022-0199 | Coming soon and Maintenance mode < 3.6.8 - Arbitrary Email Sending to Subscribed Users via CSRF |
| CVE-2022-0215 | XootiX Plugins <= Various Versions Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2022-0226 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat |
| CVE-2022-0229 | miniOrange's Google Authenticator < 5.5 - Unauthenticated Arbitrary Options Deletion |
| CVE-2022-0231 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat |
| CVE-2022-0238 | Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite |
| CVE-2022-0245 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat |
| CVE-2022-0269 | Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm |
| CVE-2022-0313 | Float Menu < 4.3.1 - Arbitrary Menu Deletion via CSRF |
| CVE-2022-0328 | Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF |
| CVE-2022-0335 | A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "d... |
| CVE-2022-0345 | Better Notifications for WP < 1.8.7 - Email Address Disclosure |
| CVE-2022-0363 | myCred < 2.4.4 - Subscriber+ Arbitrary Post Creation |
| CVE-2022-0398 | ThirstyAffiliates Affiliate Link Manager < 3.10.5 - Subscriber+ Arbitrary Affiliate Links Creation |
| CVE-2022-0402 | Superforms < 6.0.4 - Reflected Cross-Site Scripting |
| CVE-2022-0439 | Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injection |
| CVE-2022-0444 | XCloner < 4.3.6 - Plugin Settings Reset |
| CVE-2022-0445 | WordPress Real Cookie Banner < 2.14.2 - Settings Reset via CSRF |
| CVE-2022-0499 | Sermon Browser <= 0.45.22 - Arbitrary File Upload via CSRF |
| CVE-2022-0505 | Cross-Site Request Forgery (CSRF) in microweber/microweber |
| CVE-2022-0515 | Cross-Site Request Forgery (CSRF) in crater-invoice/crater |
| CVE-2022-0616 | Amelia < 1.0.46 - Arbitrary Customer Deletion via CSRF |
| CVE-2022-0634 | ThirstyAffiliates < 3.10.5 - Subscriber+ unauthorized image upload + CSRF |
| CVE-2022-0638 | Cross-Site Request Forgery (CSRF) in microweber/microweber |
| CVE-2022-0642 | JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-0681 | Simple Membership < 4.1.0 - Arbitrary Transaction Deletion via CSRF |
| CVE-2022-0707 | Easy Digital Downloads < 2.11.6 - Arbitrary Payment Note Insertion via CSRF |
| CVE-2022-0770 | Translate WordPress with GTranslate < 2.9.9 - CSRF to Account Takeover |
| CVE-2022-0830 | FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-0833 | Church Admin < 3.4.135 - Unauthenticated Plugin's Backup Disclosure |
| CVE-2022-0875 | miniOrange Google Authenticator < 1.0.5 - CSRF to Stored Cross-Site Scripting |
| CVE-2022-0914 | Export All URLs < 4.3 - Private/Draft Post/Page Title Disclosure via CSRF |
| CVE-2022-0952 | Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update |
| CVE-2022-1020 | Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call |
| CVE-2022-1092 | myCred < 2.4.4 - Subscriber+ Import/Export to Email Address Disclosure |
| CVE-2022-1112 | Autolinks <= 1.0.1 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-1203 | Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update |
| CVE-2022-1251 | Ask Me < 6.8.4 - CSRF in Edit Profile |
| CVE-2022-1389 | On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request fo... |
| CVE-2022-1407 | VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-1418 | Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-1421 | Discy < 5.2 - Settings Update via CSRF |
| CVE-2022-1422 | Discy < 5.2 - Restore Default Settings via CSRF |
| CVE-2022-1424 | Ask Me < 6.8.2 - Multiple CSRF in AJAX Actions |
| CVE-2022-1570 | Files Download Delay < 1.0.7 - Subscriber+ Settings Reset |
| CVE-2022-1572 | HTML2WP <= 1.0.0 - Subscriber+ Arbitrary File Deletion |
| CVE-2022-1573 | HTML2WP <= 1.0.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-1574 | HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload |
| CVE-2022-1576 | WP Maintenance Mode & Coming Soon < 2.4.5 - Subscribed Users Deletion via CSRF |
| CVE-2022-1577 | Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF |
| CVE-2022-1578 | My wpdb < 2.5 - Arbitrary SQL Query via CSRF |
| CVE-2022-1589 | Change wp-admin Login < 1.1.0 - Unauthenticated Arbitrary Settings Update |
| CVE-2022-1591 | WordPress Ping Optimizer < 2.35.1.3.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-1594 | HC Custom WP-Admin URL <= 1.4 - Arbitrary Settings Update via CSRF |
| CVE-2022-1599 | Admin Management Xtended < 2.4.5 - Post Visibility/Date/Comment Status Update via CSRF |
| CVE-2022-1603 | Mail Subscribe List < 2.1.4 - Arbitrary Subscribed User Deletion via CSRF |
| CVE-2022-1605 | Email Users <= 4.8.8 - Arbitrary Settings Update via CSRF |
| CVE-2022-1607 | Cross Site Scripting vulnerability in NE843 Pulsar Plus Controller |
| CVE-2022-1608 | OnePress Social Locker <= 5.6.2 - Arbitrary Settings Update via CSRF |
| CVE-2022-1610 | Seamless Donations < 5.1.9 - Arbitrary Settings Update via CSRF |
| CVE-2022-1611 | Bulk Page Creator < 1.1.4 - Arbitrary Page Creation via CSRF |
| CVE-2022-1612 | Webriti SMTP Mail <= 1.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-1617 | WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-1618 | Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-1624 | Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via CSRF |
| CVE-2022-1625 | New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF |
| CVE-2022-1626 | Sharebar <= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1627 | My Private Site < 3.0.8 - Arbitrary Settings Update via CSRF |
| CVE-2022-1630 | WP-Email < 2.69.0 - Log Deletion via CSRF |
| CVE-2022-1653 | Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF |
| CVE-2022-1672 | Insights from Google PageSpeed < 4.0.7 - Multiple CSRF |
| CVE-2022-1694 | Useful Banner Manager <= 1.6.1 - Modify banners via CSRF |
| CVE-2022-1695 | WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF |
| CVE-2022-1709 | Throws SPAM Away < 3.3.1 - Comment Deletion via CSRF |
| CVE-2022-1712 | LiveSync for WordPress <= 1.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-1732 | Rename wp-login.php <= 2.6.0 - Secret URL Update via CSRF |
| CVE-2022-1757 | Pagebar < 2.70 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1758 | Genki Pre-Publish Reminder <= 1.4.1 - Stored XSS & RCE via CSRF |
| CVE-2022-1759 | RB Internal Links <= 2.0.16 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-1760 | Core Control <= 1.2.1 - Arbitrary Settings Update via CSRF |
| CVE-2022-1761 | Peter’s Collaboration E-mails <= 2.2.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-1763 | Static Page eXtended <= 2.1 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1764 | WP-chgFontSize <= 1.8 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1765 | Hot Linked Image Cacher <= 1.16 - Image upload/cache abuse via CSRF |
| CVE-2022-1779 | Auto Delete Posts <= 1.3.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-1780 | LaTeX for WordPress <= 3.4.10 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1781 | postTabs <= 2.10.6 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1787 | Sideblog <= 6.0 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1788 | Change Uploaded File Permissions <= 4.0.0 - File Permission Update via CSRF |
| CVE-2022-1790 | New User Email Set Up <= 0.5.2 - Arbitrary Settings Update via CSRF |
| CVE-2022-1791 | One Click Plugin Updater <= 2.4.14 - Arbitrary Settings Update via CSRF |
| CVE-2022-1792 | Quick Subscribe <= 1.7.1 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1793 | Private Files <= 0.40 - Protection Disabling via CSRF |
| CVE-2022-1818 | Multi-page Toolkit <= 2.6 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1826 | Cross-Linker <= 3.0.1.9 - Arbitrary Cross-Link Creation via CSRF |
| CVE-2022-1827 | PDF24 Article To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF |
| CVE-2022-1828 | PDF24 Articles To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF |
| CVE-2022-1829 | Inline Google Maps <= 5.11 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1830 | Amazon Einzeltitellinks <= 1.3.3 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1831 | WPlite <= 1.3.1 - Arbitrary Settings Update via CSRF |
| CVE-2022-1832 | CaPa Protect <= 0.5.8.2 - Arbitrary Settings Update via CSRF |
| CVE-2022-1842 | OpenBook Book Data <= 3.5.2 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1843 | MailPress <= 7.2.1 - Arbitrary Settings Update & Log Files Purge via CSRF |
| CVE-2022-1844 | WP Sentry <= 1.0 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1845 | WP Post Styling < 1.3.1 - Multiple CSRF |
| CVE-2022-1846 | Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF |
| CVE-2022-1847 | Rotating Posts <= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1885 | Cimy Header Image Rotator <= 6.1.1 - Arbitrary Settings Update via CSRF |
| CVE-2022-1895 | underConstruction < 1.20 - Construction Mode Deactivation via CSRF |
| CVE-2022-1913 | Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1914 | Clean-Contact <= 1.6 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1956 | Shortcut Macros <= 1.3 - Subscriber+ Arbitrary Settings Update |
| CVE-2022-1957 | Comment License < 1.4.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-1960 | MyCSS <= 1.1 - Arbitrary Settings Update via CSRF |
| CVE-2022-1967 | WP Championship < 9.3 - Multiple CSRF |
| CVE-2022-2071 | Name Directory < 1.25.4 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-20735 | Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability |
| CVE-2022-20787 | Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability |
| CVE-2022-20853 | Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability |
| CVE-2022-2091 | Cache Images < 3.2.1 - Image Upload / Import via CSRF |
| CVE-2022-20961 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated,... |
| CVE-2022-2123 | WP Opt-in <= 1.4.1 - Arbitrary Settings Update via CSRF |
| CVE-2022-2144 | Jquery Validation For Contact Form 7 < 5.3 - Arbitrary Options Update via CSRF |
| CVE-2022-2146 | Import CSV Files <= 1.0 - Reflected Cross-Site Scripting |
| CVE-2022-21703 | Cross Site Request Forgery in Grafana |
| CVE-2022-2171 | Progressive License <= 1.1.0 - CSRF to Stored XSS |
| CVE-2022-2172 | LinkWorth Plugin < 3.3.4 - Arbitrary Setting Update via CSRF |
| CVE-2022-2184 | CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRF |
| CVE-2022-2245 | Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF |
| CVE-2022-2260 | GiveWP < 2.21.3 - DoS via CSRF |
| CVE-2022-22686 | Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote auth... |
| CVE-2022-2275 | WP Edit Menu <= 1.5.0 - Arbitrary Post Deletion via CSRF |
| CVE-2022-2276 | WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion |
| CVE-2022-22808 | A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unauthorized access to the pro... |
| CVE-2022-22811 | A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, lead... |
| CVE-2022-2312 | Student Result or Employee Database < 1.7.5 - Stored Cross Site Scripting via CSRF |
| CVE-2022-23475 | dalorRadius full account take over |
| CVE-2022-2350 | Disable User Login <= 1.0.1 - Unauthenticated Settings Update |
| CVE-2022-2353 | Cross-Site Request Forgery (CSRF) in microweber/microweber |
| CVE-2022-2355 | Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF |
| CVE-2022-23601 | CSRF token missing in Symfony |
| CVE-2022-2375 | WP Sticky Button < 1.4.1 - Unauthenticated Arbitrary Settings Update to Stored XSS |
| CVE-2022-23765 | IPTIME NAS family CSRF vulnerability |
| CVE-2022-2377 | Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending |
| CVE-2022-23771 | IPTIME NAS1DUAL CSRF Vulnerability |
| CVE-2022-2381 | E Unlocked - Student Result <= 1.0.4 - Arbitrary File Upload via CSRF |
| CVE-2022-2382 | Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion |
| CVE-2022-2387 | Easy Digital Downloads < 3.0 - Arbitrary Post Deletion via CSRF |
| CVE-2022-2388 | WP Coder < 2.5.3 - Code Deletion via CSRF |
| CVE-2022-2389 | Automations By Autonami < 2.1.2 - Subscriber+ Automation Creation |
| CVE-2022-23975 | WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Plugin... |
| CVE-2022-23976 | WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Data Reset (Posts... |
| CVE-2022-23983 | WordPress WP Content Copy Protection & No Right Click plugin <= 3.4.4 - Cross-Site Request Forgery (CSRF) leads to Settings U... |
| CVE-2022-2405 | WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion |
| CVE-2022-2432 | Ecwid Ecommerce Shopping Cart <= 6.10.23 - Cross-Site Request Forgery to Settings/Options Update |
| CVE-2022-2449 | reSmush.it Image Optimizer < 0.4.7 - Multiple CSRF |
| CVE-2022-24712 | Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4 |
| CVE-2022-24879 | Malfunction of Cross-Site Request Forgery token validation |
| CVE-2022-2555 | Yotpo Reviews for WooCommerce <= 2.0.4 - Arbitrary Settings Update via CSRF |
| CVE-2022-25599 | WordPress Spiffy Calendar plugin <= 4.9.0 - Event deletion via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-25600 | WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-25608 | WordPress Yoo Slider – Image Slider & Video Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading... |
| CVE-2022-25614 | WordPress eRoom plugin <= 1.3.7 - Cross-Site Request Forgery (CSRF) leading to Sync with Zoom Meetings vulnerability |
| CVE-2022-25615 | WordPress eRoom plugin <= 1.3.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cache Deletion |
| CVE-2022-25754 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (2... |
| CVE-2022-25778 | Unload handlers may unintentionally defeat CSRF guards |
| CVE-2022-25952 | WordPress Content Egg plugin <= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-26309 | Cross-Site Request en Bulk operation (User operation) |
| CVE-2022-26366 | WordPress AdRotate Banner Manager Plugin <= 5.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-2657 | Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX Calls |
| CVE-2022-27488 | A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through... |
| CVE-2022-2762 | AdminPad < 2.2 - Note Update via CSRF |
| CVE-2022-27628 | WordPress WZone – Lite Version Plugin <= 3.1 Lite is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-27846 | WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Slider Creation / Modificat... |
| CVE-2022-27847 | WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Template Import |
| CVE-2022-27850 | WordPress Simple Ajax Chat plugin <= 20220115 - Multiple Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-27851 | WordPress Use Any Font plugin <= 6.1.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-27855 | WordPress Analytics Cat plugin <= 1.0.9 - Plugin Settings change via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-27860 | WordPress Footer Text plugin <= 2.0.3 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-2839 | Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS |
| CVE-2022-29412 | WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-29413 | WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS)... |
| CVE-2022-29414 | WordPress Subscribe To Comments Reloaded plugin <= 211130 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-29427 | WordPress Disable Right Click For WP plugin <= 1.1.6 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-29429 | WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) leading to Remote Code Execution (RCE) v... |
| CVE-2022-29430 | WordPress PNG to JPG plugin <= 4.0 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) vulne... |
| CVE-2022-29431 | Remove CPT base <= 5.8 - CSRF leads to CPT base deletion |
| CVE-2022-29435 | WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-29436 | WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cros... |
| CVE-2022-29437 | WordPress Image Slider by NextCode plugin <= 1.1.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-29439 | WordPress Image Slider by NextCode plugin <= 1.1.2 - Slider Deletion via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-29441 | WordPress Private Messages For WordPress plugin <= 2.1.10 - Sending Messages via Cross-Site Request Forgery (CSRF) vulnerabil... |
| CVE-2022-29450 | WordPress Admin Management Xtended plugin <= 2.4.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-29451 | WordPress Rara One Click Demo Import plugin <= 1.2.9 - Cross-Site Request Forgery (CSRF) leads to Arbitrary File Upload vulne... |
| CVE-2022-29453 | WordPress API KEY for Google Maps plugin <= 1.2.1 - CSRF vulnerability leading to Google Maps API key update |
| CVE-2022-29454 | WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-29468 | A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-craf... |
| CVE-2022-29489 | WordPress Sucuri Security plugin <= 1.8.33 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-29495 | WordPress Popup Builder plugin <= 4.1.11 - Cross-Site Request Forgery (CSRF) leading to plugin settings update |
| CVE-2022-29561 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions <... |
| CVE-2022-2987 | Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update to Auth Bypass |
| CVE-2022-3017 | Cross-Site Request Forgery (CSRF) in froxlor/froxlor |
| CVE-2022-3024 | Simple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSS |
| CVE-2022-3025 | Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF |
| CVE-2022-30337 | WordPress WP Meta SEO plugin <= 4.4.8 - Social Settings Update vis Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-30544 | WordPress OSM – OpenStreetMap Plugin <= 6.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-30694 | The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticat... |
| CVE-2022-30705 | WordPress WordPress Ping Optimizer Plugin <= 2.35.1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-3082 | miniOrange Discord Integration < 2.1.6 - Subscriber+ App Disabling |
| CVE-2022-3097 | LBStopAttack < 1.1.3 - Arbitrary Settings Update via CSRF |
| CVE-2022-3098 | Login Block IPs <= 1.0.0 - Arbitrary Setting Update via CSRF |
| CVE-2022-31000 | CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend |
| CVE-2022-3119 | OAuth client Single Sign On for WordPress < 3.0.4 - Unauthenticated Settings Update to Authentication Bypass |
| CVE-2022-3121 | SourceCodester Online Employee Leave Management System addemployee.php cross-site request forgery |
| CVE-2022-3126 | Frontend File Manager < 21.4 - File Upload via CSRF |
| CVE-2022-3149 | WP Custom Cursors < 3.0.1 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-3151 | WP Custom Cursors < 3.0.1 - Arbitrary Cursor Deletion via CSRF |
| CVE-2022-3154 | Multiple Plugins from Viszt Peter - Multiple CSRF |
| CVE-2022-3208 | Simple File List < 4.4.13 - Page Creation via CSRF |
| CVE-2022-32175 | AdGuardHome - CSRF |
| CVE-2022-3221 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb |
| CVE-2022-32289 | WordPress Popup Builder plugin <= 4.1.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Popup Status Change |
| CVE-2022-3232 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb |
| CVE-2022-3233 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb |
| CVE-2022-32516 | A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause... |
| CVE-2022-32587 | WordPress WP Page Widget plugin <= 3.9 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-3267 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb |
| CVE-2022-3274 | Cross-Site Request Forgery (CSRF) on user's settings in GitHub repository ikus060/rdiffweb prior to 2.4.6. in ikus060/rdiffwe... |
| CVE-2022-33177 | WordPress Booking Calendar plugin <= 9.2.1 - Cross-Site Request Forgery (CSRF) vulnerabiulity |
| CVE-2022-33201 | WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-3336 | Event Monster < 1.2.0 - Visitors Deletion via CSRF |
| CVE-2022-3372 | Cross-Site Request Forgery (CSRF) in Riello UPS Netman-204 |
| CVE-2022-33974 | WordPress Custom Twitter Feeds (Tweets Widget) Plugin <= 1.8.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-3419 | Automatic User Roles Switcher < 1.1.2 - Subscriber+ Privilege Escalation |
| CVE-2022-34347 | WordPress Download Manager plugin <= 3.2.48 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-34367 | Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5, 19.6, contain(s) a Cross-Site Request Forgery Vulnera... |
| CVE-2022-34448 | PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An... |
| CVE-2022-3451 | Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls |
| CVE-2022-34654 | WordPress Manage Notification E-mails Plugin <= 1.8.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-3489 | WP Hide <= 0.0.2 - Unauthenticated Settings Update |
| CVE-2022-35228 | SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwi... |
| CVE-2022-35277 | WordPress GetResponse plugin <= 5.5.20 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-3536 | Role Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR Deserialization |
| CVE-2022-3537 | Role Based Pricing for WooCommerce < 1.6.2 - Subscriber+ Arbitrary File Upload |
| CVE-2022-3538 | Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation |
| CVE-2022-35638 | IBM Sterling B2B Integrator cross-site request forgery |
| CVE-2022-35656 | Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly... |
| CVE-2022-35730 | WordPress Oceanwp sticky header plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-35943 | SameSite may allow cross-site request forgery (CSRF) protection to be bypassed |
| CVE-2022-36076 | Account takeover via SSO plugins in NodeBB |
| CVE-2022-36095 | XWiki Cross-Site Request Forgery (CSRF) for actions on tags |
| CVE-2022-36250 | Cross Site Request Forgery on Shop Beat Services |
| CVE-2022-36288 | WordPress Download Manager plugin <= 3.2.48 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-36292 | WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-36312 | Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue... |
| CVE-2022-3632 | OAuth Client by DigitialPixies <= 1.1.0 - CSRF |
| CVE-2022-36345 | WordPress Download Plugin Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-36346 | WordPress MaxButtons plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-36358 | WordPress SEO Scout plugin <= 0.9.83 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-36373 | WordPress MP3 jPlayer plugin <= 2.7.3 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-36379 | WordPress ЮKassa для WooCommerce plugin <= 2.3.0 - Cross-Site Request Forgery (CSRF) leading to plugin settings update |
| CVE-2022-36388 | WordPress YDS Support Ticket System plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-36389 | WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-36401 | WordPress TeraWallet – For WooCommerce Plugin <= 1.3.24 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-36404 | WordPress Simple SEO plugin <= 1.8.12 - Broken Access Control vulnerability |
| CVE-2022-36417 | WordPress 3D Tag Cloud plugin <= 3.8 - Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulne... |
| CVE-2022-36424 | WordPress Easy Appointments Plugin <= 3.11.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-3677 | Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF |
| CVE-2022-36796 | WordPress CallRail Phone Call Tracking plugin <= 0.4.9 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cr... |
| CVE-2022-36798 | WordPress Mega Addons For WPBakery Page Builder plugin <= 4.2.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-3688 | WPQA < 5.9 - Follow/Unfollow via CSRF |
| CVE-2022-37405 | WordPress Better Font Awesome plugin <= 2.0.1 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-37411 | WordPress Captcha Code plugin <= 2.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-3750 | Ask Me < 6.8.7 - Post Deletion via CSRF |
| CVE-2022-3763 | Booster for WooCommerce - Checkout Files Deletion via CSRF |
| CVE-2022-38059 | WordPress Access Code Feeder plugin <= 1.0.3 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38062 | WordPress Download Theme Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-38063 | WordPress Social Login WP Plugin <= 5.0.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-38075 | WordPress Mantenimiento web plugin <= 0.13 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scr... |
| CVE-2022-38077 | WordPress Popup Anything Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-38079 | WordPress Backup Scheduler plugin <= 1.5.13 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38085 | WordPress Read more By Adam plugin <= 1.1.8 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38086 | WordPress Shortcodes Ultimate plugin <= 5.12.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38093 | WordPress All in One SEO plugin <= 4.2.3.1 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-38095 | WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38137 | WordPress Analytify plugin <= 4.2.2 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38139 | WordPress RD Station plugin <= 5.2.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-38144 | WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38356 | WordPress Pearl Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-38454 | WordPress Kraken.io Image Optimizer plugin <= 2.6.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38468 | WordPress NextGEN Gallery Plugin <= 3.28 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-3847 | Showing URL in QR Code <= 0.0.1 - Stored XSS via CSRF |
| CVE-2022-38470 | WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-3850 | Find and Replace All <= 1.3 - Arbitrary Replacement via CSRF |
| CVE-2022-3853 | Supra CSV <= 4.0.3 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-38660 | HCL XPages applications are susceptible to Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38704 | WordPress SEO Redirection plugin <= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38716 | WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-3879 | Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-3880 | AntiHacker < 4.20 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-3881 | WPTools < 3.43 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-3882 | WP Memory < 2.46 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-3883 | StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-3894 | WP OAuth Server < 4.2.5 - Arbitrary Post Deletion via CSRF |
| CVE-2022-3899 | 3DPrint < 3.5.6.9 - Arbitrary File and Directory Deletion via CSRF |
| CVE-2022-3911 | iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin |
| CVE-2022-3926 | WP OAuth Server < 3.4.2 - Client Secret Regeneration via CSRF |
| CVE-2022-39268 | orchest vulnerable to cross-site request forgery that allows control of a user instance |
| CVE-2022-3946 | Welcart e-Commerce < 2.8.4 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion |
| CVE-2022-3999 | WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion |
| CVE-2022-40128 | WordPress Advanced Order Export For WooCommerce plugin <= 3.3.2 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40131 | WordPress Page View Count plugin <= 2.5.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40132 | WordPress Seriously Simple Podcasting plugin <= 2.16.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-4016 | Booster for WooCommerce - Custom Role Creation/Deletion via CSRF |
| CVE-2022-4017 | Booster for WooCommerce - Multiple CSRF |
| CVE-2022-40179 | A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.2... |
| CVE-2022-40180 | A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.2... |
| CVE-2022-40192 | WordPress wpForo Forum plugin <= 2.0.9 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40198 | WordPress TeraWallet – For WooCommerce Plugin <= 1.3.24 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-40219 | WordPress FavIcon Switcher plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-4023 | 3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad |
| CVE-2022-4024 | Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion |
| CVE-2022-40291 | Cross-site request forgery (CSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC |
| CVE-2022-4058 | Photo Gallery < 1.8.3 - Stored XSS via CSRF |
| CVE-2022-40623 | WAVLINK Quantum D4G (WN531G3) CSRF |
| CVE-2022-40632 | WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40671 | WordPress Rate my Post – WP Rating System plugin <= 3.3.4 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40686 | WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40687 | WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40692 | WordPress Sunshine Photo Cart Plugin <= 2.9.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-40695 | WordPress SEO Redirection Plugin plugin <= 8.9 - Multiple Cross-Site Scripting (CSRF) vulnerabilities |
| CVE-2022-40724 | Cross-Site Request Forgery on PingFederate Local Identity Profiles Endpoint. |
| CVE-2022-4102 | Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Deletion |
| CVE-2022-4103 | Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Creation |
| CVE-2022-4107 | SMSA Shipping for WooCommerce < 1.0.5 - Subscriber+ Arbitrary File Download |
| CVE-2022-41134 | WordPress Optinly Plugin <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-41136 | WordPress Shortcodes Ultimate plugin <= 5.12.0 - CSRF vulnerability leading to Stored XSS |
| CVE-2022-4124 | Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion |
| CVE-2022-4125 | Popup Manager <= 1.6.6 - Unauthenticated Stored XSS |
| CVE-2022-41263 | Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420,... |
| CVE-2022-41296 | IBM Db2U cross-site respect forgery |
| CVE-2022-41297 | IBM Db2U cross-site request forgery |
| CVE-2022-4148 | WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion |
| CVE-2022-41608 | WordPress Asgaros Forum Plugin <= 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-41615 | WordPress Store Locator plugin <= 1.4.5 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-41620 | WordPress SeoSamba for WordPress Webmasters Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-41622 | iControl SOAP vulnerability |
| CVE-2022-41633 | WordPress Community by PeepSo Plugin <= 6.0.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-41634 | WordPress Media Library Folders plugin <= 7.1.1 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-41635 | WordPress Advanced Shipment Tracking for WooCommerce Plugin <= 3.5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-41685 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Integration for Szamlazz.hu & WooCommerce and Csomagpontok és s... |
| CVE-2022-41805 | WordPress Booster for WooCommerce plugin <= 5.6.6 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-41919 | Fastify vulnerable to Cross-Site Request Forgery (CSRF) attack via incorrect content type |
| CVE-2022-41924 | Tailscale Windows daemon is vulnerable to RCE via CSRF |
| CVE-2022-41925 | Tailscale daemon is vulnerable to information disclosure via CSRF |
| CVE-2022-41927 | XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags |
| CVE-2022-41987 | WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-41990 | WordPress 3D Tag Cloud Plugin <= 3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-41996 | WordPress Avada premium theme <= 7.8.1 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-43459 | WordPress Forms by CaptainForm Plugin <= 2.5.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-43469 | WordPress Corona Virus (COVID-19) Banner & Live Data Plugin <= 1.7.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-43481 | WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-43488 | WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-43490 | WordPress Stream Plugin <= 3.9.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-43491 | WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-44585 | WordPress Homepage Pop-up Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-44627 | WordPress Simple SEO plugin <= 1.8.12 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-44737 | WordPress All In One WP Security plugin <= 5.1.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-44739 | WordPress Quick Restaurant Reservations Plugin <= 1.5.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-44740 | WordPress Creative Mail plugin <= 1.5.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-4265 | Replyable < 2.2.10 - Subscriber+ PHP Object Injection |
| CVE-2022-4266 | Bulk Delete Users by Email <= 1.2 - User Deletion via CSRF |
| CVE-2022-42880 | WordPress Auto Upload Images Plugin <= 3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-4309 | Subscribe2 < 10.38 - User Deletion via CSRF |
| CVE-2022-4363 | Wholesale Market <= 2.2.2 - Settings Update via CSRF |
| CVE-2022-4368 | WP CSV <= 1.8.0.0 - Reflected XSS via CSV Import |
| CVE-2022-43719 | Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API |
| CVE-2022-45067 | WordPress Exclusive Addons Elementor Plugin <= 2.6.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45068 | WordPress Mercado Pago payments for WooCommerce Plugin <= 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45071 | WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-45072 | WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-45073 | WordPress REST API Authentication plugin <= 2.4.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-45074 | WordPress Activity Reactions For Buddypress Plugin <= 1.0.22 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45076 | WordPress Flexible Elementor Panel Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45079 | WordPress Loginizer Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45080 | WordPress Add Multiple Marker Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45127 | CVE-2022-45127 |
| CVE-2022-44741 | WordPress Testimonial Slider plugin <= 1.3.1 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-4621 | Panasonic Sanyo CCTV Network Camera |
| CVE-2022-4633 | Auto Upload Images Settings setting-page.php cross-site request forgery |
| CVE-2022-46367 | Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation |
| CVE-2022-46368 | Rumpus - FTP server Cross-site request forgery (CSRF) – Create user |
| CVE-2022-4646 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb |
| CVE-2022-46793 | WordPress Product Feed PRO for WooCommerce Plugin <= 12.4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46794 | WordPress WooCommerce Weight Based Shipping Plugin <= 5.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46797 | WordPress Conversios.io Plugin <= 5.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46798 | WordPress WooLentor Plugin <= 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46800 | WordPress LiteSpeed Cache Plugin <= 5.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46805 | WordPress Conditional Payments for WooCommerce Plugin <= 2.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45149 | A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect... |
| CVE-2022-45364 | WordPress Drag and Drop Multiple File Upload – Contact Form 7 Plugin <= 1.3.6.5 is vulnerable to Cross Site Request Forgery (... |
| CVE-2022-45367 | WordPress Custom Order Numbers for WooCommerce Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45371 | WordPress ShopEngine Plugin <= 4.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45372 | WordPress Product Gallery Slider for WooCommerce Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45376 | WordPress Side Cart Woocommerce (Ajax) Plugin < 2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-4548 | Optimize images ALT Text (alt tag) & names for SEO using AI < 2.0.8 - Settings Update via CSRF |
| CVE-2022-4549 | Tickera < 3.5.1.0 - Plugin Data Deletion via CSRF |
| CVE-2022-4552 | FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS |
| CVE-2022-4553 | FL3R FeelBox <= 8.1 - Moods Reset via CSRF |
| CVE-2022-4564 | University of Central Florida Materia API Controller api.php before cross-site request forgery |
| CVE-2022-45804 | WordPress Robo Gallery Plugin <= 3.2.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45807 | WordPress WP Mail Log Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45815 | WordPress GDPR Compliance & Cookie Consent Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45823 | WordPress Video Contest WordPress Plugin Plugin <= 3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45824 | WordPress Advanced Booking Calendar Plugin <= 1.7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45828 | WordPress NOO Timetable Plugin <= 2.1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45846 | WordPress Image Map Pro Plugin < 5.6.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-42435 | IBM Business Automation Workflow cross-site request forgery |
| CVE-2022-4386 | Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF |
| CVE-2022-43980 | Cross-site scripting vulnerability in the network maps edit functionality |
| CVE-2022-4426 | Mautic Integration For WooCommerce < 1.0.3 - Arbitrary Options Update via CSRF |
| CVE-2022-4443 | BruteBank - WP Security & Firewall < 1.9 - Settings Update via CSRF |
| CVE-2022-47161 | WordPress Health Check & Troubleshooting Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47162 | WordPress DH – Anti AdBlocker Plugin <= 36 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47163 | WordPress WP CSV to Database Plugin <= 2.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47164 | WordPress Event Manager for WooCommerce Plugin <= 3.7.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47165 | WordPress CoSchedule Plugin <= 3.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47166 | WordPress Void Contact Form 7 Widget For Elementor Page Builder Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (... |
| CVE-2022-47167 | WordPress Crayon Syntax Highlighter Plugin <= 2.8.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47169 | WordPress Visibility Logic for Elementor Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47172 | WordPress WooLentor Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47174 | WordPress Performance Lab Plugin <= 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47175 | WordPress Royal Elementor Addons Plugin <= 1.3.75 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47177 | WordPress WP EasyPay Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47178 | WordPress Simple Share Buttons Adder Plugin <= 8.4.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47179 | WordPress OWM Weather Plugin <= 5.6.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47180 | WordPress Kopa Framework Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47181 | WordPress Email Templates Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47183 | WordPress Extra Block Design, Style, CSS for ANY Gutenberg Blocks Plugin <= 0.2.6 is vulnerable to Cross Site Request Forgery... |
| CVE-2022-47372 | Stored cross-site scripting vulnerability in create event section |
| CVE-2022-47373 | Reflected Cross Site Scripting in Search Functionality of Module Library |
| CVE-2022-47395 | CVE-2022-47395 |
| CVE-2022-47422 | WordPress WordPress Stripe Donation and Payment Plugin Plugin <= 3.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47424 | WordPress ARMember plugin <= 4.0.5 - Cross Site Request Forgery (CSRF) |
| CVE-2022-47427 | WordPress My Calendar Plugin <= 3.3.24.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47440 | WordPress My Tickets Plugin <= 1.9.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47443 | WordPress Multi Rating Plugin <= 5.0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47446 | WordPress Store Locator Plugin <= 3.98.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47447 | WordPress WP-Advanced-Search Plugin <= 3.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47448 | WordPress xili-tidy-tags Plugin <= 1.12.03 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-4745 | WP Customer Area < 8.1.4 - Unauthorised Actions via CSRF |
| CVE-2022-47559 | Cross-Site Request Forgery in Ormazabal products |
| CVE-2022-47609 | WordPress DNUI Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47611 | WordPress Hover Image Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47612 | WordPress Participants Database Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-4766 | dolibarr_project_timesheet Form cross-site request forgery |
| CVE-2022-48320 | CSRF in add-visual endpoint |
| CVE-2022-4844 | Cross-Site Request Forgery (CSRF) in usememos/memos |
| CVE-2022-4845 | Cross-Site Request Forgery (CSRF) in usememos/memos |
| CVE-2022-4846 | Cross-Site Request Forgery (CSRF) in usememos/memos |
| CVE-2022-4849 | Cross-Site Request Forgery (CSRF) in usememos/memos |
| CVE-2022-4850 | Cross-Site Request Forgery (CSRF) in usememos/memos |
| CVE-2022-4867 | Cross-Site Request Forgery (CSRF) in froxlor/froxlor |
| CVE-2022-4872 | WooCommerce Chained Products < 2.12.0 - Unauthenticated Arbitrary Options Update to 'no' |
| CVE-2022-4888 | Multiple Plugins from Addify - Multiple CSRF |
| CVE-2022-4944 | kalcaddle KodExplorer cross-site request forgery |
| CVE-2022-46806 | WordPress Cart All In One For WooCommerce Plugin <= 1.1.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46810 | WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Reques... |
| CVE-2022-46812 | WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Reques... |
| CVE-2022-46813 | WordPress Advanced Database Cleaner Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46814 | WordPress Kodex Posts likes Plugin <= 2.4.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46815 | WordPress Conditional Shipping for WooCommerce Plugin <= 2.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45847 | WordPress Countdown Widget plugin <= 3.1.9.1 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) |
| CVE-2022-45850 | WordPress Image Map Pro premium plugin < 5.6.9 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XS... |
| CVE-2022-4604 | wp-english-wp-admin Plugin english-wp-admin.php register_endpoints cross-site request forgery |
| CVE-2023-0438 | Cross-Site Request Forgery (CSRF) in modoboa/modoboa |
| CVE-2023-0484 | Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks < 1.1.6 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0495 | HT Slider For Elementor < 1.4.0 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0496 | HT Event < 1.4.6 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0497 | HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0498 | WP Education < 1.2.7 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0499 | QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0500 | WP Film Studio < 1.3.5 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0501 | WP Insurance < 2.1.4 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0502 | WP News <= 1.1.9 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0503 | Free WooCommerce Theme 99fy Extension < 1.2.8 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0504 | HT Politic < 2.3.8 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0505 | Ever Compare <= 1.2.3 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0520 | RapidExpCart <= 1.0 - Stored XSS via CSRF |
| CVE-2022-46816 | WordPress Booking Ultra Pro Plugin <= 1.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46820 | WordPress Joli Table Of Contents Plugin <= 1.3.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46841 | WordPress Oxygen Builder Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46842 | WordPress JS Help Desk plugin <= 2.7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46851 | WordPress Starter Templates Plugin <= 3.1.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46853 | WordPress The Post Grid Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46854 | WordPress Launchpad – Coming Soon & Maintenance Mode Plugin Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSR... |
| CVE-2022-46856 | WordPress Woocommerce Product Designer Plugin <= 4.3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46857 | WordPress SiteAlert (Formerly WP Health) Plugin <= 1.9.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-0522 | Enable/Disable Auto Login when Register <= 1.1.0 - Settings Update via CSRF |
| CVE-2023-0551 | REST API TO MiniProgram <= 4.6.1 - Subscriber+ Attachment Deletion |
| CVE-2023-0603 | Sloth Logo Customizer <= 2.0.2 - Stored XSS via CSRF |
| CVE-2023-0642 | Cross-Site Request Forgery (CSRF) in squidex/squidex |
| CVE-2023-0674 | XXL-JOB New Password updatePwd cross-site request forgery |
| CVE-2023-0735 | Cross-Site Request Forgery (CSRF) in wallabag/wallabag |
| CVE-2023-0737 | CSRF in wallabag/wallabag |
| CVE-2023-0761 | Clock In Portal <= 2.1 - Staff Deletion via CSRF |
| CVE-2023-0762 | Clock In Portal <= 2.1 - Designation Deletion via CSRF |
| CVE-2023-0763 | Clock In Portal <= 2.1 - Holidays Deletion via CSRF |
| CVE-2023-0766 | Newsletter Popup <= 1.2 - Record Deletion via CSRF |
| CVE-2023-0820 | User Role by BestWebSoft < 1.6.7 - Privilege Escalation via CSRF |
| CVE-2023-0824 | UserPlus <= 2.0 - Stored XSS via CSRF |
| CVE-2023-0870 | Form Can Be Manipulated with Cross-Site Request Forgery (CSRF) |
| CVE-2023-0889 | TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update |
| CVE-2023-0988 | SourceCodester Online Pizza Ordering System cross-site request forgery |
| CVE-2022-46862 | WordPress Quiz And Survey Master Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46865 | WordPress Bulk Resize Media Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46866 | WordPress Import External Images Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46867 | WordPress Universal Star Rating Plugin <= 2.1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47134 | WordPress Gallery Metabox Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47135 | WordPress Chronoforms Plugin <= 7.0.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47136 | WordPress Ninja Tables Plugin <= 4.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47138 | WordPress LOGIN AND REGISTRATION ATTEMPTS LIMIT Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-0999 | SourceCodester Sales Tracker Management System cross-site request forgery |
| CVE-2023-1011 | ChatBot < 4.4.5 - Stored XSS via CSRF |
| CVE-2023-1033 | Cross-Site Request Forgery (CSRF) in froxlor/froxlor |
| CVE-2023-1086 | Preview Link Generator < 1.0.4 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-1087 | WC Sales Notification < 1.2.3 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-1088 | WP Plugin Manager < 1.1.8 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-1089 | Coupon Zen < 1.0.6 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-1092 | OAuth Single Sign On - SSO (OAuth Client) - IdP Deletion via CSRF |
| CVE-2023-1093 | OAuth Single Sign On - SSO (OAuth Client) < 6.24.2 - IdP Discard via CSRF |
| CVE-2023-1330 | Redirection < 1.1.4 - Redirect Creation via CSRF |
| CVE-2023-1331 | Redirection < 1.1.5 - Plugin Reset via CSRF |
| CVE-2023-1414 | WP VR < 8.3.0 - Subscriber+ Arbitrary Tour Update |
| CVE-2023-1597 | tagDiv Cloud Library < 2.7 - Unauthenticated Arbitrary User Metadata Update to Privilege Escalation |
| CVE-2023-1604 | Short URL <= 1.6.8 - Cross-Site Request Forgery via configuration_page |
| CVE-2023-1623 | Custom Post Type UI < 1.13.5 - Debug Info Sending via CSRF |
| CVE-2023-1624 | WPCode Lite < 2.0.9 - Arbitrary Log File Deletion via CSRF |
| CVE-2023-1651 | ChatBot < 4.4.9 - Subscriber+ OpenAI Settings Update to Stored XSS |
| CVE-2022-47139 | WordPress WP Basic Elements Plugin <= 5.2.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47141 | WordPress WP Dynamic Keywords Injector Plugin <= 2.3.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47142 | WordPress Mediamatic – Media Library Folders Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47143 | WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47144 | WordPress Mediamatic – Media Library Folders Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47147 | WordPress ipBlockList Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47148 | WordPress WooCommerce PDF Invoices & Packing Slips Plugin <= 3.2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47149 | WordPress Shortlinks by Pretty Links Plugin <= 3.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47152 | WordPress clickfunnels Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47154 | WordPress CSS JS Manager Plugin <= 2.4.49 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47155 | WordPress Slider by Supsystic Plugin <= 1.8.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47159 | WordPress Logaster Logo Generator Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22457 | org.xwiki.contrib:application-ckeditor-ui vulnerable to Remote Code Execution via Cross-Site Request Forgery |
| CVE-2023-1660 | ChatBot < 4.4.9 - Unauthenticated Stored XSS |
| CVE-2023-1722 | Yoga Class Registration System 1.0 - ATO |
| CVE-2023-1937 | zhenfeng13 My-Blog userInfo cross-site request forgery |
| CVE-2023-1938 | WP Fatest Cache < 1.1.5 - Blind SSRF via CSRF |
| CVE-2023-20011 | Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerabilit... |
| CVE-2023-20113 | Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability |
| CVE-2023-20180 | A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cro... |
| CVE-2023-20221 | A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmwa... |
| CVE-2023-2179 | WooCommerce Order Status Change Notifier <= 1.1.0 - Subscriber+ Arbitrary Order Status Update |
| CVE-2023-2195 | CSRF vulnerability and missing permission checks in Code Dx Plugin |
| CVE-2023-2228 | Cross-Site Request Forgery (CSRF) in modoboa/modoboa |
| CVE-2023-22672 | WordPress vSlider Multi Image Slider for WordPress Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22673 | WordPress Website Monetization by MageNet Plugin <= 1.0.29.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22674 | WordPress Dashicons + Custom Post Types Plugin <= 1.0.2 is vulnerable to Broken Access Control |
| CVE-2023-22678 | WordPress Superior FAQ Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22681 | WordPress Online Exam Software : eExamhall Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22686 | WordPress Nice PayPal Button Lite Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22688 | WordPress WP Tabs Slides Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22689 | WordPress Auto Affiliate Links Plugin <= 6.3 is vulnerable to Broken Access Control |
| CVE-2023-22691 | WordPress Category Specific RSS feed Subscription Plugin <= v2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22692 | WordPress Name Directory Plugin <= 1.27.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22693 | WordPress WP Google Tag Manager Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22694 | WordPress BigContact Plugin <= 1.5.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22695 | WordPress Custom Field Template Plugin <= 2.5.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22700 | WordPress PixelYourSite – Your smart PIXEL (TAG) Manager Plugin <= 9.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22709 | WordPress SRS Simple Hits Counter Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2271 | Tiempo.com <= 0.1.2 - Shortcode Deletion via CSRF |
| CVE-2023-22714 | WordPress Coming Soon by Supsystic Plugin <= 1.7.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22942 | Cross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk Enterprise |
| CVE-2023-2307 | Cross-Site Request Forgery (CSRF) in builderio/qwik |
| CVE-2023-2326 | Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF |
| CVE-2023-2329 | WooCommerce Google Sheet Connector < 1.3.6 - Access Code Update via CSRF |
| CVE-2023-2330 | Caldera Forms Google Sheets Connector < 1.3 - Access Code Update via CSRF |
| CVE-2023-2334 | Easy Digital Downloads Google Sheet Connector < 1.6.6 - Access Code Update via CSRF |
| CVE-2023-23465 | Media CP Media Control Panel – CSRF |
| CVE-2023-23704 | WordPress Comments Ratings Plugin <= 1.1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23705 | WordPress Books Gallery Plugin <= 4.4.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23706 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin <= 7.5.14 is vulnerable to Cross Si... |
| CVE-2023-23711 | WordPress A2 Optimized WP Plugin <= 3.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23712 | WordPress User Meta Manager Plugin <= 3.4.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23713 | WordPress Theme Tweaker Plugin <= 5.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23714 | WordPress Uncanny Toolkit for LearnDash Plugin <= 3.6.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23719 | WordPress Premmerce Plugin <= 1.3.17 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23721 | WordPress Admin Log Plugin <= 1.50 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23724 | WordPress WordPress Email Marketing Plugin – WP Email Capture Plugin <= 3.9.3 is vulnerable to Cross Site Request Forgery (CS... |
| CVE-2023-23726 | WordPress Tickera – WordPress Event Ticketing plugin <= 3.5.1.0 - CSRF Leading To Post Status Change Vulnerability |
| CVE-2023-23731 | WordPress WishSuite Plugin <= 1.3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23787 | WordPress Premmerce Redirect Manager Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23790 | WordPress Pods Plugin <= 2.9.10.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23791 | WordPress HT Menu Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23792 | WordPress Swatchly – WooCommerce Variation Swatches for Products Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery... |
| CVE-2023-23795 | WordPress Form Builder Plugin <= 1.9.9.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23797 | WordPress Auto YouTube Importer Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23801 | WordPress Really Simple Google Tag Manager Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23802 | WordPress HT Easy GA4 ( Google Analytics 4 ) Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23803 | WordPress JustTables – WooCommerce Product Table Plugin <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23804 | WordPress HT Feed Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23813 | WordPress My Calendar Plugin <= 3.4.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23847 | A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to c... |
| CVE-2023-23861 | WordPress GMAce Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23865 | WordPress Stripe Payments For WooCommerce by Checkout Plugin <= 1.4.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23869 | WordPress Google XML Sitemap for Mobile Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23879 | WordPress PHP Execution Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23890 | WordPress WP Airbnb Review Slider Plugin <= 3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23897 | WordPress Simple Mobile URL Redirect Plugin <= 1.7.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23899 | WordPress Extensions For CF7 Plugin <= 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23973 | WordPress Contact Us page - Contact people LITE Plugin <= 3.7.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23974 | WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23983 | WordPress Responsive Vertical Icon Menu Plugin <= 1.5.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23984 | WordPress Bubble Menu – circle floating menu Plugin <= 3.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23992 | WordPress AutomatorWP Plugin <= 2.5.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23993 | WordPress IP Blocker Lite Plugin <= 11.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23997 | WordPress Database Collation Fix Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24007 | WordPress Admin Block Country Plugin <= 7.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24008 | WordPress Maspik – Spam blacklist Plugin <= 0.7.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24377 | WordPress Ecwid Shopping Cart Plugin <= 6.11.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24380 | WordPress Simple Wp Sitemap Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24382 | WordPress Material Design Icons for Page Builders Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24384 | WordPress Organization chart Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24388 | WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24395 | WordPress Contact Form 7 Redirect & Thank You Page Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24405 | WordPress Contact Form 7 – PayPal & Stripe Add-on Plugin <= 1.9.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24414 | WordPress Robo Gallery Plugin <= 3.2.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24415 | WordPress AI ChatBot plugin <= 4.2.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24417 | WordPress Worthy – VG WORT Integration für WordPress Plugin <= 1.6.5-6497609 is vulnerable to Cross Site Request Forgery (CSR... |
| CVE-2023-24419 | WordPress Formidable Forms Plugin <= 5.5.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24421 | WordPress PHP Compatibility Checker Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24518 | Disabling the administrator's account through cross-site request forgery |
| CVE-2023-2474 | Rebuild cross-site request forgery |
| CVE-2023-24920 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-2495 | Greeklish-permalink < 3.5 - Unauthenticated Post Slug Update |
| CVE-2023-25025 | WordPress WP-CopyProtect [Protect your blog posts] Plugin <= 3.1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25029 | WordPress WP Social Bookmarking Light Plugin <= 2.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25033 | WordPress Social Share Boost Plugin <= 4.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25034 | WordPress WP Clean Up Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25036 | WordPress Social Media Icons Widget Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25038 | WordPress For the visually impaired Plugin <= 0.58 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2505 | The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files.... |
| CVE-2023-25051 | WordPress Comment Reply Notification Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25055 | WordPress Google XML Sitemap for Videos Plugin <= 2.6.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25056 | WordPress Feed Them Social Plugin <= 3.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25058 | WordPress Schema – All In One Schema Rich Snippets Plugin <= 1.6.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25065 | WordPress WP Tabs Plugin <= 2.1.14 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25066 | WordPress FV Flowplayer Video Player Plugin <= 7.5.30.7212 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2508 | CSRF in PaperCutNG Mobility Print leads to sophisticated phishing |
| CVE-2023-25170 | PrestaShop has possible CSRF token fixation |
| CVE-2023-2533 | PaperCut MF/NG 22.0.10 (Build 65996 2023-03-27) - Remote code execution via CSRF |
| CVE-2023-25443 | WordPress Button Generator – easily Button Builder Plugin <= 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25447 | WordPress ColorWay Theme <= 4.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25448 | WordPress Archivist – Custom Archive Templates Plugin <= 1.7.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25449 | WordPress CformsII Plugin <=15.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25450 | WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25463 | WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25467 | WordPress Resize at Upload Plus Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25468 | WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25470 | WordPress Rus-To-Lat Plugin <= 0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25472 | WordPress Podlove Podcast Publisher Plugin <= 3.8.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25473 | WordPress Flickr Justified Gallery Plugin <= 3.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25474 | WordPress About Me 3000 widget Plugin <= 2.2.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25475 | WordPress Smart YouTube PRO Plugin <= 4.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25478 | WordPress Weather Station Plugin <= 3.8.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25480 | WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Reques... |
| CVE-2023-25481 | WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25482 | WordPress WP Tiles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25487 | WordPress PixTypes Plugin <= 1.4.14 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25489 | WordPress Update Theme and Plugins from Zip File Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25832 | BUG-000148346 There is a Cross-Site Request Forgery (CSRF) vulnerability in Portal for ArcGIS. |
| CVE-2023-25967 | WordPress Community by PeepSo Plugin <= 6.0.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25968 | WordPress Client Portal – Private user pages and login Plugin <= 1.1.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25971 | WordPress Educare – Students & Result Management System Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25973 | WordPress Auto Affiliate Links Plugin <= 6.3.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25975 | WordPress Etsy Shop Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25976 | WordPress Integration for Contact Form 7 and Zoho CRM, Bigin Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSR... |
| CVE-2023-25980 | WordPress Optimize Database after Deleting Revisions Plugin <= 5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25985 | WordPress WordPress Tooltips Plugin <= 8.2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25986 | WordPress PayGreen Plugin <= 4.10.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25987 | WordPress YouTube Channel Plugin <= 3.23.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25989 | Cross-Site Request Forgery (CSRF) vulnerability in multiple WordPress plugins by Meks |
| CVE-2023-25991 | WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25994 | WordPress Publish to Schedule Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2601 | WP Brutal AI < 2.0.0 - SQL Injection via CSRF |
| CVE-2023-26011 | WordPress Read More Excerpt Link Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26014 | WordPress Minify HTML Plugin <= 2.1.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27417 | WordPress Affiliate Super Assistent Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27418 | WordPress Side Menu Lite Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27423 | WordPress Auto Prune Posts Plugin <= 1.8.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27424 | WordPress Inactive User Deleter Plugin <= 1.59 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27430 | WordPress Mass Delete Unused Tags Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27431 | WordPress Big Store Theme <= 1.9.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27433 | WordPress Make Paths Relative Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27434 | WordPress Classic Editor and Classic Widgets Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27435 | WordPress HTTP Auth Plugin <= 0.3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27436 | WordPress Elegant Custom Fonts Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27438 | WordPress WP Translitera Plugin <= p1.2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27441 | WordPress New Adman Plugin <= 1.6.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27442 | WordPress Leyka Plugin <= 3.29.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28167 | WordPress CF7 Invisible reCAPTCHA Plugin <= 1.3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28172 | WordPress WP Google Map Plugin Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28173 | WordPress Google XML Sitemap for Images Plugin <= 2.1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2830 | WordPress WP Testimonials Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28335 | Moodle: csrf risk in resetting all templates of a database activity |
| CVE-2023-28361 | A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access c... |
| CVE-2023-28419 | WordPress Force First and Last Name as Display Name Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2842 | WP Inventory Manager < 2.1.0.14 - Inventory Items Deletion via CSRF |
| CVE-2023-28420 | WordPress Custom Options Plus Plugin <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28495 | WordPress WP Shortcode by MyThemeShop Plugin <= 1.4.16 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28497 | WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28498 | WordPress Hotel Booking Lite Plugin <= 4.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28848 | CSRF protection on user_oidc login returned the expected token in case of an error |
| CVE-2023-28930 | WordPress Mobile Banner Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28949 | IBM Engineering Requirements Management cross-site request forgery |
| CVE-2023-28986 | WordPress Affiliates Manager Plugin <= 2.9.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28987 | WordPress Wp Ultimate Review Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28989 | WordPress Happy Addons for Elementor Plugin <= 3.8.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28995 | WordPress Configurable Tag Cloud Plugin <= 5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-29003 | SvelteKit has Insufficient Cross-Site Request Forgery Protection |
| CVE-2023-29020 | Cross site request forgery token fixation in fastify-passport |
| CVE-2023-3029 | Guangdong Pythagorean OA Office System delete cross-site request forgery |
| CVE-2023-30474 | WordPress Ultimate Noindex Nofollow Tool II Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-30478 | WordPress Newsletters Plugin <= 4.8.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-30484 | WordPress Enable Accessibility Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-30607 | icingaweb2-module-jira template and field configuration are susceptible to CSRF |
| CVE-2023-30616 | Cross Site Request Forgery due to missing nonce verification in form block |
| CVE-2023-3075 | Cross-Site Request Forgery (CSRF) in tsolucio/corebos |
| CVE-2023-30901 | A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA00-2AA0... |
| CVE-2023-31075 | WordPress Easy Hide Login Plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31077 | WordPress Export WP Page to Static HTML/CSS Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31078 | WordPress WP BrowserUpdate Plugin <= 4.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31086 | WordPress Simple Giveaways Plugin <= 2.46.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31087 | WordPress JS Job Manager Plugin <=2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31088 | WordPress Floating Action Button Plugin <=1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31089 | WordPress Video XML Sitemap Generator Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31093 | WordPress Chronosly Events Calendar Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31174 | Cross-Site Request Forgery (CSRF) |
| CVE-2023-31200 | PTC Vuforia Studio Cross-Site Request Forgery |
| CVE-2023-31216 | WordPress Ultimate Member Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31218 | WordPress WOLF Plugin <= 1.0.6 is vulnerable to CSRF leading to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2023-0058 | Tiempo.com <= 0.1.2 - Stored XSS via CSRF |
| CVE-2023-0335 | WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion |
| CVE-2023-0336 | OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion |
| CVE-2023-0398 | Cross-Site Request Forgery (CSRF) in modoboa/modoboa |
| CVE-2023-0406 | Cross-Site Request Forgery (CSRF) in modoboa/modoboa |
| CVE-2023-0420 | Custom Post Type and Taxonomy GUI Manager <= 1.1 - Stored XSS via CSRF |
| CVE-2023-23473 | IBM InfoSphere Information Server cross-site request forgery |
| CVE-2023-23646 | WordPress Album Gallery – WordPress Gallery Plugin <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23659 | WordPress MainWP Matomo Extension Plugin <= 4.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23671 | WordPress Layer Slider Plugin <= 1.1.9.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23680 | WordPress WP TopBar Plugin <= 5.36 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2552 | Cross-Site Request Forgery (CSRF) in unilogies/bumsys |
| CVE-2023-25569 | apollo-portal has potential CSRF issue |
| CVE-2023-25697 | WordPress GamiPress plugin <= 2.5.6 - CSRF Leading to Settings Change Vulnerability |
| CVE-2023-25698 | WordPress Shoppable Images Lite Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25706 | WordPress Robots.txt optimization plugin <= 1.4.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25707 | WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25708 | WordPress WP VR – 360 Panorama and Virtual Tour Builder For WordPress Plugin <= 8.2.7 is vulnerable to Cross Site Request For... |
| CVE-2023-25709 | WordPress Locatoraid Store Locator Plugin <= 3.9.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25788 | WordPress Saphali Woocommerce Lite Plugin <= 1.8.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2627 | KiviCare Management System < 3.2.1 - Subscriber+ Unauthorised AJAX Calls |
| CVE-2023-2628 | KiviCare Management System < 3.2.1 - Multiple CSRF |
| CVE-2023-2631 | CSRF vulnerability and missing permission checks in Code Dx Plugin |
| CVE-2023-26514 | WordPress XML Sitemap Generator for Google Plugin <= 1.3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26516 | WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26518 | WordPress WP TFeed Plugin <= 1.6.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26524 | WordPress Quiz And Survey Master Plugin <= 8.0.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26531 | WordPress 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 Plugin <= 4.2.7 is vulnerable to Cross Site R... |
| CVE-2023-26532 | WordPress Social Auto Poster Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26535 | WordPress Sheets To WP Table Live Sync Plugin <= 2.12.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26542 | WordPress phpinfo() WP Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26543 | WordPress WP Meteor Page Speed Optimization Topping Plugin <= 3.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27444 | WordPress DecaLog Plugin <= 3.7.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27445 | WordPress Blog Floating Button Plugin <= 1.4.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27446 | WordPress DeepL Pro API translation Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27448 | WordPress MakeStories (for Google Web Stories) Plugin <= 2.8.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27453 | WordPress LWS Tools Plugin <= 2.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27457 | WordPress Add Expires Headers & Optimized Minify Plugin <= 2.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27458 | WordPress WpStream – Live Streaming, Video on Demand, Pay Per View Plugin <= 4.4.10 is vulnerable to Cross Site Request Forge... |
| CVE-2023-2746 | Rockwell Automation Enhanced HIM Vulnerable to Cross-Site Request Forgery Attack |
| CVE-2023-27461 | WordPress When Last Login Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27490 | Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth |
| CVE-2023-27495 | Bypass of CSRF protection in the presence of predictable userInfo in @fastify/csrf-protection |
| CVE-2023-27606 | WordPress WP Reroute Email Plugin <= 1.4.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27611 | WordPress Reusable Blocks Extended Plugin <= 0.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27615 | WordPress WP Super Minify Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27623 | WordPress WP Page Numbers Plugin <= 0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27632 | WordPress Daily Prayer Time Plugin <= 2023.03.08 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27633 | WordPress Customify Plugin <= 2.10.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27634 | WordPress Intrepidity Theme <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28618 | WordPress Enhanced Plugin Admin Plugin <= 1.16 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28688 | WordPress TH Variation Swatches plugin <= 1.2.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2023-28694 | WordPress Wbcom Designs – BuddyPress Activity Social Share Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28696 | WordPress I Recommend This Plugin <= 3.9.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28747 | WordPress CBX Currency Converter Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28749 | WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28780 | WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28791 | WordPress Simple Org Chart Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2919 | Tutor LMS <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable' |
| CVE-2023-29235 | WordPress Maintenance Switch Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-29238 | WordPress Whydonate – FREE Donate button Plugin <= 3.12.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-29425 | WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.23 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-29426 | WordPress Spreadshop Plugin Plugin <= 1.6.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-29428 | WordPress Superb Social Media Share Buttons and Follow Buttons Plugin <= 1.1.3 is vulnerable to Broken Access Control |
| CVE-2023-22472 | Nextcloud Deck Desktop Client is vulnerable to Cross-Site Request Forgery (CSRF) via malicious link |
| CVE-2023-32579 | WordPress Forget About Shortcode Buttons Plugin <= 2.1.2 is vulnerable to Broken Access Control |
| CVE-2023-32583 | WordPress WP All Backup Plugin <= 2.4.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32587 | WordPress WP Reactions Lite Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32588 | WordPress Post State Tags Plugin <= 2.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32589 | WordPress Dyslexiefont Free Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32592 | WordPress Sunny Search Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32594 | WordPress Hyphenator Plugin <= 5.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32602 | WordPress CALL ME NOW Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32739 | WordPress WP Custom Cursors Plugin < 3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32744 | WordPress WooCommerce Product Recommendations Plugin < 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32745 | WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32791 | Cross-Site Request Forgery on NXLog Manager |
| CVE-2023-32792 | Cross-Site Request Forgery on NXLog Manager |
| CVE-2023-32794 | WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33926 | WordPress Easy Google Maps Plugin <= 1.11.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-29440 | WordPress Simple Job Board Plugin <= 2.10.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32344 | IBM Cognos Analytics cross-site request forgery |
| CVE-2023-32500 | WordPress WoodMart Theme <= 7.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32501 | WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32502 | WordPress Pro Mime Types Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32504 | WordPress Wise Chat Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32512 | WordPress ShortPixel Adaptive Images Plugin <= 3.7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32514 | WordPress Google Site Verification plugin using Meta Tag Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32960 | WordPress UpdraftPlus Plugin <= 1.23.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32964 | WordPress Better Notifications for WP Plugin <= 1.9.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32966 | WordPress Jazz Popups Plugin <= 1.8.7 is vulnerable to Cross Site Request Forgery (CSRF) leading to Stored XSS |
| CVE-2023-33207 | WordPress Stop Referrer Spam Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33212 | WordPress JetFormBuilder Plugin <= 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33214 | WordPress Taggbox Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33313 | WordPress WIP Custom Login Plugin <= 1.2.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33314 | WordPress BEAR Plugin <= 1.1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33315 | WordPress Smart App Banner Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33316 | WordPress WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33333 | WordPress Complianz and Complianz Premium plugins - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) |
| CVE-2023-3356 | Subscribers Text Counter < 1.7.1 - Settings Update via CSRF to Stored XSS |
| CVE-2023-3366 | MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF |
| CVE-2023-34024 | WordPress WP Full Auto Tags Manager Plugin <= 2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34025 | WordPress LWS Hide Login Plugin <= 2.1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34028 | WordPress WOLF Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34029 | WordPress Disable WordPress Update Notifications Plugin <= 2.3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34030 | WordPress Complianz and Complianz Premium plugins - Cross Site Request Forgery (CSRF) |
| CVE-2023-34031 | WordPress bbPress Toolkit Plugin <= 1.0.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34033 | WordPress Ajax Pagination and Infinite Scroll Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3408 | Bricks <= 1.8.1 - Cross-Site Request Forgery via save_settings |
| CVE-2023-3409 | Bricks <= 1.8.1 - Cross-Site Request Forgery via reset_settings |
| CVE-2023-3414 | Cross-Site Request Forgery (CSRF) in Jenkins Plug-in for ServiceNow DevOps |
| CVE-2023-34169 | WordPress TS Webfonts for さくらのレンタルサーバ Plugin <= 3.1.2 is vulnerable to Broken Access Control |
| CVE-2023-34171 | WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33931 | WordPress YouTube Playlist Player Plugin <= 4.6.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34002 | WordPress WP Inventory Manager Plugin <= 2.1.0.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34005 | WordPress Front End Users Plugin <= 3.2.24 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34015 | WordPress Advanced Flat rate shipping Woocommerce Plugin <= 1.6.4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34177 | WordPress WP-Cache.com Plugin <= 1.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34178 | WordPress Groundhogg Plugin <= 2.7.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34181 | WordPress WP-Cirrus Plugin <= 0.6.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34182 | WordPress LH Password Changer Plugin <= 1.55 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34185 | WordPress NextGen GalleryView Plugin <= 0.5.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34371 | WordPress Download SpamReferrerBlock Plugin <= 2.22 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34373 | WordPress Zephyr Project Manager Plugin <= 3.3.93 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34378 | WordPress WP Hide Post Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34384 | WordPress Kebo Twitter Feed Plugin <= 1.5.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34386 | WordPress WPC Smart Wishlist for WooCommerce Plugin <= 4.7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3492 | WP Shopping Pages <= 1.14 - Stored XSS via CSRF |
| CVE-2023-35030 | Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7... |
| CVE-2023-35038 | WordPress WP PDF Generator Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35041 | WordPress Webpushr Plugin <= 4.34.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35044 | WordPress Securimage-WP Plugin <= 3.6.16 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35047 | WordPress All Bootstrap Blocks Plugin <= 1.3.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3507 | WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF |
| CVE-2023-35880 | WordPress WooCommerce Brands Plugin <= 1.6.49 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3589 | Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release... |
| CVE-2023-35912 | WordPress Potent Donations for WooCommerce Plugin <= 1.1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35913 | WordPress OOPSpam Anti-Spam Plugin <= 1.1.44 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35917 | WordPress WooCommerce PayPal Payments Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31230 | WordPress Baidu Tongji generator Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31235 | WordPress Participants Database Plugin <= 2.4.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3178 | POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF |
| CVE-2023-3179 | POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF |
| CVE-2023-3209 | MStore API < 3.9.7 - Settings Update via CSRF |
| CVE-2023-32091 | WordPress POEditor Plugin <= 0.9.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32092 | WordPress Community by PeepSo Plugin <= 6.0.9.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32093 | WordPress TPG Redirect Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32104 | WordPress MyCurator Content Curation Plugin <= 3.74 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32123 | WordPress The7 Theme <= 11.7.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32124 | WordPress Publish Confirm Message Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32125 | WordPress Multi Rating Plugin <= 5.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32245 | WordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Server Side Request Forgery (SSRF) |
| CVE-2023-36511 | WordPress WooCommerce Order Barcodes Plugin <= 1.6.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36513 | WordPress AutomateWoo Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36514 | WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36517 | WordPress WP Abstracts Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36522 | WordPress Quiz Expert – Easy Quiz Maker, Exam and Test Manager Plugin <= 1.5.0 is vulnerable to Cross Site Request Forgery (C... |
| CVE-2023-3508 | WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF |
| CVE-2023-35089 | WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35091 | WordPress WooCommerce Stock Manager Plugin <= 2.10.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35096 | WordPress myCred Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3510 | FTP Access <= 1.0 - Subscriber+ Stored XSS |
| CVE-2023-35120 | PiiGAB M-Bus Cross-Site Request Forgery |
| CVE-2023-3547 | All in One B2B for WooCommerce <= 1.0.3 - Multiple CSRF |
| CVE-2023-35773 | WordPress Template Debugger Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35774 | WordPress LWS Tools Plugin <= 2.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35778 | WordPress Recent Posts Slider Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35780 | WordPress Galleria Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35781 | WordPress LWS Cleaner Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3579 | HadSky User cross-site request forgery |
| CVE-2023-35877 | WordPress Extra User Details Plugin <= 0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36682 | WordPress Schema Pro Plugin <= 2.7.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36685 | WordPress CartFlows Pro Plugin <= 1.11.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36687 | WordPress Menubar Plugin <= 5.8.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36690 | WordPress WPLMS Theme < 4.900 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36691 | WordPress WebwinkelKeur Plugin <= 3.24 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36693 | WordPress WP RSS Images Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37386 | WordPress Media Library Helper by Codexin Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37387 | WordPress Classified Listing Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37391 | WordPress WordPress Mobile Pack Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37392 | WordPress WP Dummy Content Generator Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37968 | WordPress Falang multilanguage Plugin <= 1.3.39 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37973 | WordPress Replace Word Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37974 | WordPress WP-FB-AutoConnect Plugin <= 4.6.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37985 | WordPress Five Star Restaurant Menu Plugin <= 2.4.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37990 | WordPress Perelink Pro Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37991 | WordPress WP Emoji One Plugin <= 0.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37992 | WordPress Smarty for WordPress Plugin <= 3.1.35 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37995 | WordPress WP-CopyProtect [Protect your blog posts] Plugin <= 3.1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37996 | WordPress GTmetrix for WordPress Plugin <= 0.4.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37998 | WordPress Disabler Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-38001 | IBM Aspera Orchestrator cross-site request forgery |
| CVE-2023-39311 | WordPress Avada Builder plugin <= 3.11.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-39372 | StarTrinity Softswitch version 2023-02-16 - multiple CSRF (CWE-352) |
| CVE-2023-39917 | WordPress Photo Gallery by Ays Plugin <= 5.2.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39923 | WordPress The Post Grid Plugin <= 7.2.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39925 | WordPress Community by PeepSo Plugin <= 6.1.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39989 | WordPress Header Footer Code Manager Plugin <= 1.1.34 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40198 | WordPress Easy Cookie Law Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40199 | WordPress WP Like Button Plugin <= 1.7.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40201 | WordPress Futurio Extra Plugin <= 1.8.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40202 | WordPress WP HTML Mail Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40210 | WordPress SB Child List Plugin <= 4.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40212 | WordPress WooCommerce Product Attachment Plugin <= 2.1.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40335 | WordPress Cleverwise Daily Quotes Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40671 | WordPress DX-auto-save-images Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41129 | WordPress Patreon WordPress Plugin <= 1.8.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41131 | WordPress Sp*tify Play Button for WordPress Plugin <= 2.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3720 | Upload Media By URL < 1.0.8 - Stored XSS via CSRF |
| CVE-2023-37277 | XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API |
| CVE-2023-37889 | WordPress WPAdmin AWS CDN Plugin <= 2.0.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37891 | WordPress Exit Popups & Onsite Retargeting by OptiMonk Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37892 | WordPress Shortcode IMDB Plugin <= 6.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-38268 | IBM InfoSphere Information Server cross-site request forgery |
| CVE-2023-38381 | WordPress WP-FlyBox Plugin <= 6.46 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-38390 | WordPress Mobile Address Bar Changer Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-38396 | WordPress Google Map Shortcode Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-38398 | WordPress Taboola Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3841 | NxFilter user.jsp cross-site request forgery |
| CVE-2023-38512 | WordPress WpStream – Live Streaming, Video on Demand, Pay Per View Plugin <= 4.5.4 is vulnerable to Cross Site Request Forger... |
| CVE-2023-38579 | Westermo Lynx 206-F2G Cross-Site Request Forgery |
| CVE-2023-38739 | IBM Sterling B2B Integrator cross-site request forgery |
| CVE-2023-39158 | WordPress Woocommerce Category Banner Management Plugin <= 2.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39159 | WordPress Fraud Prevention For Woocommerce Plugin <= 2.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39165 | WordPress Sign-up Sheets Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39166 | WordPress tagDiv Composer Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39412 | Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of... |
| CVE-2023-39446 | Socomec MOD3GP-SY-120K Cross-Site Request Forgery |
| CVE-2023-40008 | WordPress Simple Org Chart Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40009 | WordPress WP Pipes Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40048 | WS_FTP Server Cross-Site Request Forgery (CSRF) Vulnerability |
| CVE-2023-4013 | GDPR Cookie Compliance < 4.12.5 - License Update/Deactivation via CSRF |
| CVE-2023-40172 | Cross-Site Request Forgery (CSRF) in fobybus/social-media-skeleton |
| CVE-2023-40556 | WordPress Schedule Posts Calendar Plugin <= 5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40558 | WordPress Video Gallery & Management Plugin <= 3.3.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40559 | WordPress WooCommerce Dynamic Pricing and Discount Rules Plugin <= 2.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40561 | Enhanced Ecommerce Google Analytics for WooCommerce |
| CVE-2023-40572 | XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action |
| CVE-2023-4059 | Profile Builder < 3.9.8 - Unauthenticated Plugin's Pages Creation |
| CVE-2023-40607 | WordPress CLUEVO LMS, E-Learning Platform Plugin <= 1.10.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-4150 | User Activity Tracking and Log < 4.0.9 - License Update/Deactivation via CSRF |
| CVE-2023-41650 | WordPress Remove/hide Author, Date, Category Like Entry-Meta Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41654 | WordPress authLdap Plugin <= 2.5.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41659 | WordPress Responsive Gallery Grid Plugin <= 2.3.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41660 | WordPress WP Migration Plugin DB & Files – WP Synchro Plugin <= 1.9.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41667 | WordPress WP-dTree Plugin <= 4.4.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41668 | WordPress Leadster Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41669 | WordPress Live News Plugin <= 1.06 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41670 | WordPress Use Memcached Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41672 | WordPress Hide admin notices – Admin Notification Center Plugin <= 2.3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41684 | WordPress SIS Handball Plugin <= 1.0.45 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41686 | WordPress Woocommerce Support System plugin <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-41693 | WordPress MyCryptoCheckout Plugin <= 2.125 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41694 | WordPress Realbig Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41697 | WordPress Easy WP Cleaner Plugin <= 1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41730 | WordPress SendPress Newsletters Plugin <= 1.22.3.31 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41732 | WordPress CP Blocks Plugin <= 1.0.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41792 | Lack of Authorization and Stored XSS Via SNMP Trap Editor Page |
| CVE-2023-41801 | WordPress AWP Classifieds Plugin <= 4.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41850 | WordPress Outbound Link Manager Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41851 | WordPress WP Custom Post Template Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41852 | WordPress MailMunch – Grow your Email List Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41853 | WordPress WP iCal Availability Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41854 | WordPress wpCentral Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41858 | WordPress Order Delivery Date for WP e-Commerce Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41864 | WordPress PeproDev CF7 Database plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-41876 | WordPress WP Gallery Metabox Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41950 | WordPress Laposta Signup Basic Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-42027 | IBM CICS TX cross-site request forgery |
| CVE-2023-4209 | POEditor < 0.9.8 - Settings Reset via CSRF |
| CVE-2023-42435 | Cross-Site Request Forgery in DEXMA DEXGate |
| CVE-2023-4251 | EventPrime < 3.2.0 - Booking Creation via CSRF |
| CVE-2023-3627 | Cross-Site Request Forgery (CSRF) in salesagility/suitecrm-core |
| CVE-2023-44385 | Client-Side Request Forgery in Home Assistant iOS/macOS native Apps |
| CVE-2023-4301 | CSRF vulnerability in Fortify Plugin allow capturing credentials |
| CVE-2023-4307 | Lock User Account <= 1.0.3 - Arbitrary Account Lock/Unlock via CSRF |
| CVE-2023-43649 | baserCMS CSRF vulnerability in Content preview Feature |
| CVE-2023-44146 | WordPress Checkfront Online Booking System Plugin <= 3.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44160 | Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Prot... |
| CVE-2023-44161 | Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Prot... |
| CVE-2023-44231 | WordPress Contact Form Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44232 | WordPress WP Hide Pages Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44233 | WordPress FooGallery Plugin <= 2.2.44 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44236 | WordPress WP Captcha Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44237 | WordPress WP Site Protector Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44238 | WordPress Remove slug from custom post type Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44240 | WordPress Timthumb Vulnerability Scanner Plugin <= 1.54 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44241 | WordPress Keap Landing Pages Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44243 | WordPress Instant CSS Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44246 | WordPress Shockingly Simple Favicon Plugin <= 1.8.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44257 | WordPress Mang Board WP Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44259 | WordPress Mediavine Control Panel Plugin <= 2.10.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44260 | WordPress Woocommerce ESTO Plugin <= 2.23.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44261 | WordPress Block Plugin Update Plugin <= 3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44470 | WordPress Kv TinyMCE Editor Add Fonts Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44471 | WordPress Backend Localization Plugin <= 2.1.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44473 | WordPress Table of Contents Plus Plugin <= 2302 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44475 | WordPress Add Shortcodes Actions And Filters Plugin <= 2.0.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44476 | WordPress CopyRightPro Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44478 | WordPress Events Rich Snippets for Google plugin <= 1.8 - CSRF Leading to Privilege Escalation vulnerability |
| CVE-2023-4454 | Cross-Site Request Forgery (CSRF) in wallabag/wallabag |
| CVE-2023-4455 | Cross-Site Request Forgery (CSRF) in wallabag/wallabag |
| CVE-2023-44993 | WordPress ChatBot Plugin <= 4.7.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44994 | WordPress ShortCodes UI Plugin <= 1.9.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44995 | WordPress WooCommerce Login Redirect Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44996 | WordPress Post View Count Plugin <= 1.8.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44997 | WordPress WP Forms Puzzle Captcha Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44998 | WordPress Category Meta Plugin <= 1.2.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44999 | WordPress WooCommerce Stripe Gateway plugin <= 7.6.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-45011 | WordPress WP Power Stats Plugin <= 2.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45047 | WordPress LeadSquared Suite Plugin <= 0.7.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45048 | WordPress Social proof testimonials and reviews by Repuso Plugin <= 5.00 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45052 | WordPress WP Bing Map Pro Plugin < 5.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45058 | WordPress Short URL Plugin <= 1.6.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45060 | WordPress Interactive World Map Plugin <= 3.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45063 | WordPress AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One Plugin <= 1.1.5 is vulnerable to... |
| CVE-2023-45068 | WordPress Contact Form by Supsystic Plugin <= 1.7.27 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45102 | WordPress Blog Manager Light Plugin <= 1.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45103 | WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45106 | WordPress Urvanov Syntax Highlighter Plugin <= 2.8.33 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45107 | WordPress GoodBarber Plugin <= 1.0.22 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45108 | WordPress Mailrelay Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45109 | WordPress WhitePage Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45128 | CSRF Token Reuse Vulnerability in fiber |
| CVE-2023-45141 | CSRF Token Validation Vulnerability in fiber |
| CVE-2023-45267 | WordPress IRivYou Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45268 | WordPress Hitsteps Web Analytics Plugin <= 5.86 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46150 | WordPress WP Radio plugin <= 3.1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46151 | WordPress Product Category Tree Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45269 | WordPress Simple SEO Plugin <= 2.0.25 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45270 | WordPress Pinpoint Booking System Plugin <= 2.9.9.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45273 | WordPress Stout Google Calendar Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45274 | WordPress SendPulse Free Web Push Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45276 | WordPress Automated Editor Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45316 | Reflected client side path traversal leading to CSRF in Playbooks |
| CVE-2023-45317 | Sielco Radio Link and Analog FM Transmitters Cross-Site Request Forgery |
| CVE-2023-45748 | WordPress MailChimp Forms by MailMunch Plugin <= 3.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45749 | WordPress AGP Font Awesome Collection Plugin <= 3.2.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45752 | WordPress Post Gallery Plugin <= 2.3.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45753 | WordPress which template file Plugin <= 4.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45763 | WordPress Taggbox Plugin <= 2.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45831 | WordPress AMP WP Plugin <= 1.5.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45836 | WordPress Ultimate Taxonomy Manager Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46067 | WordPress Rocket Font Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46078 | WordPress Serial Numbers for WooCommerce – License Manager Plugin <= 1.6.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46085 | WordPress Wp Ultimate Review Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46087 | WordPress Who Hit The Page – Hit Counter Plugin <= 1.4.14.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46089 | WordPress Userback Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46092 | WordPress Webmaster Tools Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46095 | WordPress Smooth Scroll Links Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-4659 | Cross-Site Request Forgery in Free5Gc |
| CVE-2023-46614 | WordPress WP Helper Premium Plugin <= 4.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46617 | WordPress AdFoxly – Ad Manager, AdSense Ads & Ads.txt Plugin <= 1.8.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46618 | WordPress Category SEO Meta Tags Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46619 | WordPress Spider Facebook Plugin <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46620 | WordPress DeepL Pro API translation Plugin <= 2.3.9.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46625 | WordPress Autolinks Manager Plugin <= 1.10.04 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46629 | WordPress Remove Add to Cart WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46634 | WordPress Custom My Account for Woocommerce Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46636 | WordPress Custom Header Images Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46638 | WordPress WCP OpenWeather Plugin <= 2.5.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46775 | WordPress Original texts Yandex WebMaster Plugin <= 1.18 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46152 | WordPress WOLF Plugin <= 1.0.7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46189 | WordPress Google Calendar Events Plugin <= 3.2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46776 | WordPress Auto Excerpt everywhere Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46777 | WordPress Feather Login Page Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46778 | WordPress Auto Limit Posts Reloaded Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46779 | WordPress EasyRecipe Plugin <= 3.5.3251 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46780 | WordPress Alter Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46781 | WordPress Current Menu Item for Custom Post Types Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47182 | WordPress Login Screen Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47186 | WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47230 | WordPress Contact Forms by Cimatti Plugin <= 1.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47237 | WordPress WP Google My Business Auto Publish Plugin <= 3.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47238 | WordPress Top 10 Plugin <= 3.3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47243 | WordPress MSHOP MY SITE Plugin <= 1.1.6 is vulnerable to Broken Access Control |
| CVE-2023-47516 | WordPress Category Post List Widget Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47519 | WordPress WooCommerce Product Table Lite Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47531 | WordPress Droit Dark Mode Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47550 | WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47551 | WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47552 | WordPress Image Hover Effects Plugin <= 5.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47553 | WordPress UserHeat Plugin Plugin <= 1.1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47556 | WordPress Device Theme Switcher Plugin <= 3.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47644 | WordPress ProfileGrid Plugin <= 5.6.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47645 | WordPress RegistrationMagic Plugin <= 5.2.2.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47649 | WordPress Best Restaurant Menu by PriceListo Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47650 | WordPress Add Local Avatar Plugin <= 12.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47651 | WordPress WP Links Page Plugin <= 4.9.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47652 | WordPress Auto Affiliate Links Plugin <= 6.4.2.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47655 | WordPress ANAC XML Bandi di Gara Plugin <= 7.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47664 | WordPress Plainview Protect Passwords Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47666 | WordPress Code Snippets Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47667 | WordPress WP Full Stripe Free plugin <= 7.0.16 - Cross Site Request Forgery (CSRF) vulnerability on every Setting Save |
| CVE-2023-47669 | WordPress Profile Builder Plugin <= 3.10.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47670 | WordPress Korea SNS Plugin <= 1.6.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47671 | WordPress Vertical scroll recent post Plugin <= 14.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47672 | WordPress WP Category Post List Widget Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47677 | A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle S... |
| CVE-2023-47685 | WordPress Preloader Matrix Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47686 | WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47687 | WordPress Woo Custom and Sequential Order Number Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47688 | WordPress Youtube SpeedLoad Plugin <= 0.6.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47718 | IBM Maximo Asset Management cross-site request forgery |
| CVE-2023-47757 | WordPress AWeber Plugin <= 7.3.9 is vulnerable to Broken Access Control |
| CVE-2023-47758 | WordPress Multi Step Form Plugin <= 1.7.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47765 | WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47775 | WordPress wpDiscuz Plugin <= 7.6.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47781 | WordPress Thrive Theme Builder Theme < 3.24.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47785 | WordPress LayerSlider Plugin <= 7.7.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47787 | WordPress WooCommerce Bookings Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47789 | WordPress WooCommerce Canada Post Shipping Plugin <= 2.8.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47790 | WordPress Pz-LinkCard Plugin <= 2.4.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47791 | WordPress Leadster Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47792 | WordPress Big File Uploads Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47806 | WordPress Disable User Login Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47819 | WordPress Easy Call Now by ThikShare Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47824 | WordPress Legal Pages Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47825 | WordPress WP EXtra Plugin <= 6.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47845 | WordPress Grab & Save plugin <= 1.0.4 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2023-47870 | WordPress wpForo Forum Plugin <= 2.2.6 is vulnerable to Broken Access Control and Cross Site Request Forgery (CSRF) |
| CVE-2023-47875 | WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-4824 | WooHoo Newspaper Magazine Theme <= 2.5.3 - Settings Update via CSRF |
| CVE-2023-4827 | File Manager Pro < 1.8 - Remote Code Execution via CSRF |
| CVE-2023-48278 | WordPress WP Forms Puzzle Captcha Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to XSS |
| CVE-2023-48279 | WordPress Seraphinite Post .DOCX Source Plugin <= 2.16.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48281 | WordPress Broken Link Checker for YouTube Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46190 | WordPress Novo-Map : your WP posts on custom google maps Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41244 | WordPress Localize Remote Images Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-4318 | Herd Effects < 5.2.4 - Effect Deletion via CSRF |
| CVE-2023-45605 | WordPress Feed Statistics Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45606 | WordPress Simple URLs Plugin <= 120 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45629 | WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45638 | WordPress Eupago Gateway For Woocommerce Plugin <= 3.1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45639 | WordPress Sort SearchResult By Title Plugin <= 10.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45641 | WordPress Caret Country Access Limit Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45642 | WordPress Snap Pixel Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45643 | WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45645 | WordPress WP Open Street Map Plugin <= 1.25 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45647 | WordPress Constant Contact Forms by MailMunch Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45650 | WordPress HTML5 Maps Plugin <= 1.7.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45651 | WordPress WP Attachments Plugin <= 5.0.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45653 | WordPress Video Playlist For YouTube Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45654 | WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45655 | WordPress PixFields Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46191 | WordPress Open Graph Metabox Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46193 | WordPress Internal Link Building Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46198 | WordPress Appointment Calendar Plugin <= 2.9.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46201 | WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46202 | WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46204 | WordPress Duplicate Theme Plugin <= 0.1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46212 | WordPress WP EXtra Plugin <= 6.2 is vulnerable to Broken Access Control |
| CVE-2023-49148 | WordPress Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates Plugin <= 3.0.5 is vulnerable to Cross Site... |
| CVE-2023-45656 | WordPress Lazy Load for Videos Plugin <= 2.18.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45670 | Frigate cross-site request forgery in `config_save` and `config_set` request handlers |
| CVE-2023-48744 | WordPress Availability Calendar Plugin <= 1.2.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48751 | WordPress Participants Database Plugin <= 2.5.5 is vulnerable to Broken Access Control |
| CVE-2023-48754 | WordPress Delete Post Revisions In WordPress Plugin <= 4.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48755 | WordPress teachPress Plugin <= 9.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48762 | WordPress JetElements For Elementor Plugin <= 2.6.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48766 | WordPress SVGator – Add Animated SVG Easily Plugin <= 1.2.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48768 | WordPress Quantity Plus Minus Button for WooCommerce by CodeAstrology Plugin <= 1.1.9 is vulnerable to Cross Site Request For... |
| CVE-2023-48769 | WordPress Chat Bubble Plugin <= 2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48772 | WordPress Prevent Landscape Rotation Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48773 | WordPress WooCommerce Login Redirect Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48778 | WordPress Product Size Chart For WooCommerce Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48781 | WordPress MkRapel Regiones y Ciudades de Chile para WC Plugin <= 4.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48790 | A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 throug... |
| CVE-2023-49153 | WordPress Add to Cart Text Changer and Customize Button, Add Custom Icon Plugin <= 2.0 is vulnerable to Cross Site Request Fo... |
| CVE-2023-49155 | WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49076 | Pimcore missing token/header to prevent CSRF |
| CVE-2023-4959 | Quay: cross-site request forgery (csrf) on config-editor page |
| CVE-2023-49744 | WordPress Gift Up Gift Cards for WordPress and WooCommerce Plugin <= 2.21.3 is vulnerable to Cross Site Request Forgery (CSRF... |
| CVE-2023-49749 | WordPress SureTriggers Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49751 | WordPress Block for Font Awesome Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49759 | WordPress WooDiscuz – WooCommerce Comments Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49760 | WordPress WPsoonOnlinePage Plugin <= 1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49761 | WordPress Product Enquiry for WooCommerce Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49763 | WordPress CSprite Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49769 | WordPress Integrate Google Drive Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49775 | WordPress CSV Importer Plugin <= 0.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49816 | WordPress Fix My Feed RSS Repair Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49821 | WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49163 | WordPress teachPress Plugin <= 9.0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49164 | WordPress Ocean Extra Plugin <= 2.2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49197 | WordPress DoFollow Case by Case Plugin <= 3.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5036 | Cross-Site Request Forgery (CSRF) in usememos/memos |
| CVE-2023-50372 | WordPress Custom Post Type Page Template Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51378 | WordPress Rise Blocks Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49824 | WordPress Product Catalog Feed by PixelYourSite Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49834 | WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49838 | Cross-Site Request Forgery (CSRF) vulnerability in multiple themes by KlbTheme |
| CVE-2023-49840 | WordPress Multi Currency For WooCommerce Plugin <= 1.5.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49843 | WordPress First Order Discount Woocommerce Plugin <= 1.21 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49844 | WordPress WPPerformanceTester Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49853 | WordPress PayTR Taksit Tablosu Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49854 | WordPress Caddy Plugin <= 1.9.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49855 | WordPress BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter Plugin <= 1.49.3 is vulnerable to Cross Site Request Forg... |
| CVE-2023-49920 | Apache Airflow: Missing CSRF protection on DAG/trigger |
| CVE-2023-5006 | WP Discord Invite < 2.5.1 - Arbitrary Settings Update via CSRF |
| CVE-2023-50722 | XWiki Platform XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass |
| CVE-2023-50835 | WordPress Advanced Category Template Plugin <= 0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-50858 | WordPress Anti Hacker Plugin <= 4.34 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-50861 | WordPress HUSKY plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51402 | WordPress Ultimate Addons for WPBakery Page Builder Plugin <= 3.19.17 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51407 | WordPress Split Test For Elementor plugin <= 1.6.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51416 | WordPress EnvíaloSimple plugin <= 2.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51474 | WordPress TerraClassifieds plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability |
| CVE-2023-50873 | WordPress Add Any Extension to Pages Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-50878 | WordPress MStore API Plugin <= 4.10.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-50886 | WordPress Legal Pages plugin <= 1.3.7 - CSRF + Broken Access Control vulnerability |
| CVE-2023-50900 | WordPress Master Slider plugin <= 3.9.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-50902 | WordPress New User Approve Plugin <= 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51354 | WordPress Webba Booking Plugin <= 4.5.33 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51358 | WordPress Block IPs for Gravity Forms Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51369 | WordPress Customize My Account for WooCommerce plugin <= 1.8.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51668 | WordPress Inline Image Upload for BBPress Plugin <= 1.1.18 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51673 | WordPress Stylish Price List Plugin <= 7.0.17 is vulnerable to Broken Access Control |
| CVE-2023-51678 | WordPress Doofinder for WooCommerce Plugin <= 2.0.33 is vulnerable to Broken Access Control |
| CVE-2023-51681 | WordPress Duplicator Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51683 | WordPress Easy PayPal Buy Now Button Plugin <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51696 | WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52119 | WordPress Icegram Plugin <= 3.1.18 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51486 | WordPress WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <= 1.2.101 - Cross Site Request For... |
| CVE-2023-52120 | WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52121 | WordPress NitroPack Plugin <= 1.10.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52122 | WordPress Simple Job Board Plugin <= 2.10.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52123 | WordPress Strong Testimonials Plugin <= 3.1.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52127 | WordPress WPC Product Bundles for WooCommerce Plugin <= 7.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52128 | WordPress White Label Plugin <= 2.9.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52129 | WordPress teachPress Plugin <= 9.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52130 | WordPress Affiliates Manager Plugin <= 2.9.31 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52136 | WordPress Custom Twitter Feeds (Tweets Widget) Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52145 | WordPress Republish Old Posts Plugin <= 1.21 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52149 | WordPress Floating Button Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52150 | WordPress Dynamic Content for Elementor Plugin < 2.12.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52184 | WordPress WP Job Portal Plugin <= 2.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52200 | WordPress ARMember Plugin <= 4.0.22 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injection |
| CVE-2023-52216 | WordPress JS & CSS Script Optimizer Plugin <= 0.3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52222 | WordPress WooCommerce Plugin <= 8.2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51487 | WordPress ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.2.32 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51489 | WordPress Crowdsignal Polls & Ratings plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51491 | WordPress Depicter Slider plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51510 | WordPress Export Media URLs plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51521 | WordPress Quiz And Survey Master plugin <= 8.1.18 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51522 | WordPress Paid Membership Subscriptions plugin <= 2.10.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51525 | WordPress WP Simple Booking Calendar plugin <= 2.0.8.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51528 | WordPress GPT3 AI Content Writer Plugin <= 1.8.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51529 | WordPress HT Mega Plugin <= 2.3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51530 | WordPress GS Logo Slider Plugin <= 3.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48282 | WordPress Taxonomy filter Plugin <= 2.2.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48283 | WordPress Simple Testimonials Showcase Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48284 | WordPress Decorator – WooCommerce Email Customizer Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48292 | XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks |
| CVE-2023-48293 | XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries |
| CVE-2023-48323 | WordPress Awesome Support Plugin <= 6.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48328 | WordPress NextGEN Gallery Plugin <= 3.37 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48330 | WordPress Bulk Comment Remove Plugin <= 2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48331 | WordPress MyBookTable Bookstore Plugin <= 3.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48334 | WordPress League Table Plugin <= 1.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-4837 | Cross-site request forgery (CSRF) in SmodBIP |
| CVE-2023-4865 | SourceCodester Take-Note App cross-site request forgery |
| CVE-2023-4868 | SourceCodester Contact Manager App add.php cross-site request forgery |
| CVE-2023-4869 | SourceCodester Contact Manager App update.php cross-site request forgery |
| CVE-2023-5690 | Cross-Site Request Forgery (CSRF) in modoboa/modoboa |
| CVE-2023-5802 | WordPress WP Knowledgebase Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5803 | WordPress Business Directory Plugin Plugin <= 6.3.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5823 | WordPress TK Google Fonts GDPR Compliant Plugin <= 2.2.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5882 | WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF |
| CVE-2023-5884 | Word Balloon < 4.20.3 - Avatar Removal via CSRF |
| CVE-2023-5886 | WP All Export (Free < 1.4.1, Pro < 1.8.6) - Author+ PHAR Deserialization via CSRF |
| CVE-2023-5893 | Cross-Site Request Forgery (CSRF) in pkp/pkp-lib |
| CVE-2023-5897 | Cross-Site Request Forgery (CSRF) in pkp/customLocale |
| CVE-2023-5898 | Cross-Site Request Forgery (CSRF) in pkp/pkp-lib |
| CVE-2023-5899 | Cross-Site Request Forgery (CSRF) in pkp/pkp-lib |
| CVE-2023-5900 | Cross-Site Request Forgery in pkp/pkp-lib |
| CVE-2023-5902 | Cross-Site Request Forgery (CSRF) in pkp/pkp-lib |
| CVE-2023-5934 | Travelpayouts < 1.1.13 - Settings Update via CSRF |
| CVE-2023-5953 | Welcart e-Commerce < 2.9.5 - Subscriber+ Arbitrary File Upload |
| CVE-2023-5961 | ioLogik E1200 Series: Cross-Site Request Forgery (CSRF) Vulnerability |
| CVE-2023-5979 | eCommerce Product Catalog Plugin for WordPress < 3.3.26 - Products Deletion via CSRF |
| CVE-2023-51531 | WordPress Thrive Automator Plugin <= 1.17 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51533 | WordPress Ecwid Shopping Cart Plugin <= 6.12.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51535 | WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51538 | WordPress Awesome Support Plugin <= 6.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51539 | WordPress Apollo13 Framework Extensions Plugin <= 1.9.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51545 | WordPress Job Manager & Career Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injec... |
| CVE-2023-6625 | Product Enquiry for WooCommerce < 3.1 - Arbitrary Enquiry Deletion via CSRF |
| CVE-2023-6633 | Site Notes <= 2.0.0 - Admin Note Deletion via CSRF |
| CVE-2023-6653 | PHPGurukul Teacher Subject Allocation Management System Create a new Subject subject.php cross-site request forgery |
| CVE-2023-6671 | Cross-Site Request Forgery on OPEN JOURNAL SYSTEMS |
| CVE-2023-6676 | Cross Site Request Forgery in National Keep's CyberMath |
| CVE-2023-5990 | Funnelforms Free < 3.4.2 - Form Deletion/Duplication via CSRF |
| CVE-2023-5991 | Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion |
| CVE-2023-6022 | Cross-Site Request Forgery (CSRF) in prefecthq/prefect |
| CVE-2023-6029 | EazyDocs < 2.3.6 - Unauthenticated Arbitrary Posts Deletion and Document Management |
| CVE-2023-6137 | WordPress Frontier Post Plugin <= 6.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-6243 | EventON PRO - WordPress Virtual Event Calendar Plugin <= 4.6.8 - Cross-Site Request Forgery via admin_test_email |
| CVE-2023-6251 | CSRF in delete_user_message |
| CVE-2023-6292 | Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF |
| CVE-2023-6373 | ArtPlacer Widget < 2.20.7 - Editor+ SQLi |
| CVE-2023-6385 | WordPress Ping Optimizer <= 2.35.1.3.0 - Log Clearing via CSRF |
| CVE-2023-6390 | WordPress Users <= 1.4 - Settings Update via CSRF |
| CVE-2023-6391 | Custom User CSS <= 0.2 - Settings Update via CSRF |
| CVE-2023-6474 | PHPGurukul Nipah Virus Testing Management System manage-phlebotomist.php cross-site request forgery |
| CVE-2023-6499 | lasTunes <= 3.6.1 - Settings Update via CSRF |
| CVE-2023-6501 | Splashscreen <= 0.20 - Settings Update via CSRF |
| CVE-2023-6503 | WP Plugin Lister <= 2.1.0 - Settings Update to Stored XSS via CSRF |
| CVE-2023-6689 | Cross-Site Request Forgery in EFACEC BCU 500 |
| CVE-2023-6766 | PHPGurukul Teacher Subject Allocation Management System Delete Course course.php cross-site request forgery |
| CVE-2023-6845 | CommentTweets <= 0.6 - Settings Update via CSRF |
| CVE-2023-6904 | Jahastech NxFilter config,admin.jsp cross-site request forgery |
| CVE-2023-6946 | Autotitle for WordPress <= 1.0.3 - Settings Update to Stored XSS via CSRF |
| CVE-2024-0392 | Cross-Site Request Forgery (CSRF) in WSO2 Enterprise Integrator 6.6.0 Management Console Due to Missing CSRF Token Validation |
| CVE-2024-0522 | Allegro RomPager HTTP POST Request cross-site request forgery |
| CVE-2024-0555 | Cross-Site Request Forgery (CSRF) vulnerability on WIC1200 |
| CVE-2024-0779 | Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking |
| CVE-2024-0856 | Booking Calendar < 1.3.83 - CSRF appointment scheduling |
| CVE-2024-0858 | Innovs HR <= 1.0.3.4 - Employee Creation via CSRF |
| CVE-2024-0880 | Qidianbang qdbcrm Password Reset cross-site request forgery |
| CVE-2024-10480 | 3DPrint Lite < 2.1 - Settings Update via CSRF |
| CVE-2024-10481 | Cross-Site Request Forgery (CSRF) in comfyanonymous/comfyui |
| CVE-2024-10521 | WordPress Contact Forms by Cimatti <= 1.9.2 - Cross-Site Request Forgery via process_bulk_action Function |
| CVE-2024-10557 | code-projects Blood Bank Management System updateprofile.php cross-site request forgery |
| CVE-2024-10581 | DirectoryPress Frontend <= 2.7.9 - Cross-Site Request Forgery to Listing Status Update |
| CVE-2024-10593 | WPForms – Easy Form Builder for WordPress <= 1.9.1.6 - Cross-Site Request Forgery (CSRF) to Plugin's Log Deletion |
| CVE-2023-6529 | WP VR < 8.3.15 - Unauthenticated Plugin Downgrade leading to XSS |
| CVE-2023-6532 | WP Blogs' Planetarium <= 1.0 - Settings Update via CSRF |
| CVE-2023-7174 | aBitGone CommentSafe <= 1.0.0 - Settings Update to Stored XSS via CSRF |
| CVE-2023-7195 | WP-Reply Notify <= 1.1 - Settings Update via CSRF |
| CVE-2023-7196 | Ultimate Noindex Nofollow Tool <= 1.1.2 - Settings Update via CSRF |
| CVE-2023-7197 | Marketing Twitter Bot <= 1.11 - Settings Update to Stored XSS via CSRF |
| CVE-2023-7202 | Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending |
| CVE-2023-7203 | Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion |
| CVE-2023-7229 | illi Link Party! <= 1.0 - Settings Update via CSRF |
| CVE-2023-7269 | ArtPlacer Widget < 2.21.2 - Stored XSS via CSRF |
| CVE-2023-7273 | Cross Site Request Forgery in Kiteworks OwnCloud |
| CVE-2023-7297 | TwitterPosts <= 1.0.2 - Settings Update via CSRF |
| CVE-2024-10040 | Infinite-Scroll <= 2.6.2 - Cross-Site Request Forgery to Plugin Settings Update |
| CVE-2024-10045 | Transients Manager <= 2.0.6 - Cross-Site Request Forgery |
| CVE-2024-10448 | code-projects Blood Bank Management System delete.php cross-site request forgery |
| CVE-2024-10605 | code-projects Blood Bank Management System request.php cross-site request forgery |
| CVE-2024-10634 | Nokaut Offers Box <= 1.4.0 - Plugin Reset via CSRF |
| CVE-2024-10677 | BTEV <= 2.0.2 - Settings Update via CSRF |
| CVE-2024-10711 | WooCommerce Report <= 1.5.1 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2023-52223 | WordPress MailerLite – WooCommerce integration Plugin <= 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52226 | WordPress Advanced Flamingo plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-53688 | Nagios XI < 5.11.3 XSS & CSRF via Hypermap Replay |
| CVE-2023-5444 | CSRF in ePO leading to privilege escalation |
| CVE-2023-5455 | Ipa: invalid csrf protection |
| CVE-2023-5498 | Cross-Site Request Forgery (CSRF) in chiefonboarding/chiefonboarding |
| CVE-2023-5511 | Cross-Site Request Forgery (CSRF) in snipe/snipe-it |
| CVE-2023-5519 | EventPrime < 3.2.0 - Booking Creation via CSRF |
| CVE-2023-5611 | Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import |
| CVE-2023-5626 | Cross-Site Request Forgery (CSRF) in pkp/ojs |
| CVE-2023-5651 | WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion |
| CVE-2023-5687 | Cross-Site Request Forgery (CSRF) in mosparo/mosparo |
| CVE-2023-7038 | automad User Creation cross-site request forgery |
| CVE-2023-7045 | Cross-Site Request Forgery (CSRF) in GitLab |
| CVE-2023-7051 | PHPGurukul Online Notes Sharing System manage-notes.php cross-site request forgery |
| CVE-2023-7052 | PHPGurukul Online Notes Sharing System profile.php cross-site request forgery |
| CVE-2023-7074 | WP Social Bookmark Menu <= 1.2 - Settings Update via CSRF |
| CVE-2024-11607 | GTPayment Donations <= 1.0.0 - Stored XSS via CSRF |
| CVE-2023-7083 | Voting Record <= 2.0 - Settings Update to Stored XSS via CSRF |
| CVE-2023-7092 | Uniway UW-302VP Admin Web Interface wlan_basic_set.cgi cross-site request forgery |
| CVE-2023-7125 | Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF |
| CVE-2024-11141 | Sailthru Triggermail < 1.1 - Subscriber+ Stored XSS |
| CVE-2024-11142 | CSRF in Gosoft Software's Proticaret E-Commerce |
| CVE-2024-11143 | Kognetiks Chatbot for WordPress <= 2.1.8 - Cross-Site Request Forgery to Authenticated (Subscriber+) Assistant Modification |
| CVE-2024-11336 | Clickbank WordPress Plugin (Storefront) <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11341 | Simple Redirection <= 1.5 - Cross-Site Request Forgery to Arbitrary Site Redirect |
| CVE-2024-11342 | Skt NURCaptcha <= 3.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11373 | Connexion Logs <= 3.0.2 - Log Deletion via CSRF |
| CVE-2024-11415 | WP-Orphanage Extended <= 1.2 - Cross-Site Request Forgery to Orphan Account Privilege Escalation |
| CVE-2024-11416 | WIP Incoming Lite <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11417 | dejure.org Vernetzungsfunktion <= 1.97.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11640 | VikRentCar Car Rental Management System <= 1.4.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File U... |
| CVE-2024-11641 | VikBooking Hotel Booking Engine & PMS <= 1.7.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upl... |
| CVE-2024-11975 | Reactflow Visitor Recording and Heatmaps <= 1.0.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12003 | WP System <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-12004 | WPC Order Notes for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12005 | WP-BibTeX <= 3.0.1 - Cross-Site Request Forgery to Stored and Reflected Cross-Site Scripting |
| CVE-2024-1211 | Cross-Site Request Forgery (CSRF) in GitLab |
| CVE-2024-12115 | Poll Maker <= 5.5.4 - Cross-Site Request Forgery to Poll Duplication |
| CVE-2024-12279 | WP Social AutoConnect <= 4.6.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12280 | WP Customer Area <= 8.2.4 - Event Log Deletion via CSRF |
| CVE-2024-11419 | Password for WP <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11444 | CLUEVO LMS, E-Learning Platform <= 1.13.2 - Cross-Site Request Forgery to Module Deletion |
| CVE-2024-11673 | 1000 Projects Bookstore Management System cross-site request forgery |
| CVE-2024-11689 | HQ Rental Software <= 1.5.29 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-11719 | tarteaucitron.js for WordPress < 0.3.0 - Stored XSS via CSRF |
| CVE-2024-11743 | SourceCodester Best House Rental Management System POST Request ajax.php cross-site request forgery |
| CVE-2024-11812 | Wtyczka SeoPilot dla WP <= 3.3.091 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11813 | Pulsating Chat Button <= 1.3.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11842 | DN Shipping by Weight for WooCommerce < 1.2 - Settings Update via CSRF |
| CVE-2024-12170 | ViewMedica Embed <= 1.4.15 - Cross-Site Request Forgery to SQL Injection |
| CVE-2024-12206 | Wordpress Header Builder Plugin <= 1.3.8 - Cross-Site Request Forgery to Header Deletion |
| CVE-2024-12218 | Woocommerce check pincode/zipcode for shipping <= 2.0.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12219 | Stop Registration Spam <= 1.23 - Cross-Site Request Forgery to Cross-Site Scripting |
| CVE-2024-12220 | SMS for WooCommerce <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12282 | WordPress连接微博 <= 2.5.6 - Stored XSS via CSRF |
| CVE-2024-12288 | Simple add pages or posts <= 2.0.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12291 | ViewMedica 9 <= 1.4.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12293 | User Role Editor <= 4.64.3 - Cross-Site Request Forgery to Privilege Escalation |
| CVE-2024-12301 | JSP Store Locator <= 1.0 - Deletion via Missing CSRF |
| CVE-2024-1231 | CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF |
| CVE-2024-1232 | CM Download Manager < 2.9.0 - Download Deletion via CSRF |
| CVE-2024-12322 | ThePerfectWedding.nl Widget <= 2.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-12349 | JFinalCMS save cross-site request forgery |
| CVE-2024-12383 | Binary MLM Woocommerce <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-12385 | WP Abstracts <= 2.7.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12386 | WP Abstracts <= 2.7.3 - Cross-Site Request Forgery to Arbitrary Account Deletion |
| CVE-2024-12394 | Action Network <= 1.4.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12414 | Themify Store Locator <= 1.1.9 - Cross-Site Request Forgery |
| CVE-2024-12436 | WP Customer Area <= 8.2.4 - Bulk Delete via CSRF |
| CVE-2024-12454 | Affiliate Program Suite — SliceWP Affiliates <= 1.1.23 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12526 | Arena.IM – Live Blogging for real-time events <= 0.3.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2024-12541 | Chative Live chat and Chatbot <= 1.1 - Cross-Site Request Forgery via add_chative_widget_action Function |
| CVE-2024-12545 | Scratch & Win – Giveaways and Contests <= 2.7.1 - Cross-Site Request Forgery via reset_installation Function |
| CVE-2024-12554 | Peter’s Custom Anti-Spam <= 3.2.3 - Cross-Site Request Forgery via cas_register_post Function |
| CVE-2024-12555 | SIP Calculator <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-12557 | Transporters.io <= 2.0.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-12709 | Bulk Me Now <= 2.0 - Message Deletion via CSRF |
| CVE-2024-12750 | Competition Form <= 2.0 - Competition Deletion via CSRF |
| CVE-2024-12771 | eCommerce Product Catalog Plugin for WordPress <= 3.3.43 - Cross-Site Request Forgery to Password Reset |
| CVE-2024-12774 | Altra Side Menu <= 2.0 - Abitrary Menu Deletion via CSRF |
| CVE-2024-13057 | Dyn Business Panel <= 1.0.0 - Stored XSS via CSRF |
| CVE-2024-1306 | Smart Forms < 2.6.94 - Edit Entries via CSRF |
| CVE-2024-13096 | WP Finance <= 1.3.6 - Stored XSS via CSRF |
| CVE-2024-13203 | kurniaramadhan E-Commerce-PHP cross-site request forgery |
| CVE-2024-13244 | Migrate Tools - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-008 |
| CVE-2024-12572 | Hello in All Languages <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-12605 | AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GP... |
| CVE-2024-12634 | Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.59 - Cross-Site Request... |
| CVE-2024-12636 | Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.2.7 - Cross-Site Request Forger... |
| CVE-2024-12642 | Chunghwa Telecom TenderDocTransfer - Arbitrary File Write |
| CVE-2024-12643 | Chunghwa Telecom tbm-client - Arbitrary File Delete |
| CVE-2024-12644 | Chunghwa Telecom tbm-client - Arbitrary File Copy and Paste |
| CVE-2024-12645 | Chunghwa Telecom topm-client - Arbitrary File Read |
| CVE-2024-12646 | Chunghwa Telecom topm-client - Arbitrary File Delete |
| CVE-2024-12955 | PHPGurukul Blood Bank & Donor Management System logout.php cross-site request forgery |
| CVE-2024-13115 | WP Projects Portfolio with Client Testimonials <= 3.0 - Stored XSS via CSRF |
| CVE-2024-13118 | IP Based Login < 2.4.1 - Log Deletion via CSRF |
| CVE-2024-13146 | Booknetic < 4.1.5 - Staff Creation via CSRF |
| CVE-2024-13284 | Gutenberg - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-048 |
| CVE-2024-13250 | Drupal Symfony Mailer Lite - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-014 |
| CVE-2024-13260 | Migrate queue importer - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-024 |
| CVE-2024-13261 | Acquia DAM - Moderately critical - Cross Site Request Forgery, Denial of Service - SA-CONTRIB-2024-025 |
| CVE-2024-13510 | ShopSite <= 1.5.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13293 | POST File - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-059 |
| CVE-2024-13304 | Minify JS - Moderately critical - Cross site request forgery - SA-CONTRIB-2024-070 |
| CVE-2024-13315 | Shopwarden – Automated WooCommerce monitoring & testing <= 1.0.11 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-13317 | ShipWorks Connector for Woocommerce <= 5.2.5 - Cross-Site Request Forgery to Service Password/Username Update |
| CVE-2024-13336 | Disable Auto Updates <= 1.4 - Cross-Site Request Forgery to Auto-update Disable |
| CVE-2024-13337 | Webcraftic Clearfy – WordPress optimization plugin <= 2.3.2 - Cross-Site Request Forgery to Plugin Settings Update via 'setup... |
| CVE-2024-13338 | Webcraftic Clearfy – WordPress optimization plugin <= 2.3.1 - Cross-Site Request Forgery to Clear Cache |
| CVE-2024-13339 | DeBounce Email Validator <= 5.6.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13356 | DSGVO All in one for WP <= 4.6 - Cross-Site Request Forgery to Account Deletion |
| CVE-2024-13405 | Apptivo Business Site CRM <= 5.3 - Cross-Site Request Forgery to IP Address Block |
| CVE-2024-13432 | Webcamconsult <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13436 | Appsero Helper <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13437 | Book a Room <= 2.9 - Cross-Site Request Forgery to Settings Update |
| CVE-2024-13511 | Variation Swatches for WooCommerce 1.0.8 - 1.3.2 - Cross-Site Request Forgery to Plugin Settings Reset |
| CVE-2024-13512 | Wonder FontAwesome <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13518 | Simple:Press <= 6.10.11 - Cross-Site Request Forgery to Unauthorized Post Editing |
| CVE-2024-13521 | MailUp Auto Subscription <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13522 | magayo Lottery Results <= 2.0.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13523 | MemorialDay <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13555 | 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.1 - Cross-Site Request Forgery to Backup Process Cance... |
| CVE-2024-13560 | Subscriptions & Memberships for PayPal <= 1.1.6 - Cross-Site Request Forgery to Arbitrary Post Deletion |
| CVE-2024-13580 | XV Random Quotes <= 1.40 - Settings Reset via CSRF |
| CVE-2024-13852 | Option Editor <= 1.0 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-13438 | SpeedSize Image & Video AI-Optimizer <= 1.5.1 - Cross-Site Request Forgery to Clear Cache |
| CVE-2024-13444 | wp-greet <= 6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13494 | WordPress File Upload <= 4.25.2 - Cross-Site Request Forgery in wfu_file_details |
| CVE-2024-13647 | School Management System – SakolaWP <= 1.0.8 - Cross-Site Request Forgery to Exam Setting Manipulation |
| CVE-2024-13682 | Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Cross-Site R... |
| CVE-2024-13683 | Automate Hub Free by Sperse.IO <= 1.7.0 - Cross-Site Request Forgery to Activation Status Update |
| CVE-2024-13684 | Reset <= 1.6 - Cross-Site Request Forgery to Database Reset |
| CVE-2024-13707 | WP Image Uploader <= 1.0.1 - Cross-Site Request Forgery to Arbitrary File Deletion |
| CVE-2024-13709 | Linear <= 2.8.1 - Cross-Site Request Forgery to Cache Reset |
| CVE-2024-13710 | Estatebud – Properties & Listings <= 5.5.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2024-13718 | Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later <= 1.2.26 - Cross-Site Request Forgery to Wishlist Cr... |
| CVE-2024-13720 | WP Image Uploader <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2024-13753 | Ultimate Classified Listings <= 1.4 - Cross-Site Request Forgery to Account Takeover |
| CVE-2024-13883 | WPUpper Share Buttons <= 3.51 - Cross-Site Request Forgery to Custom CSS Update |
| CVE-2024-13913 | InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.83 - Cross-Site Request Forgery to Local File Inclusion |
| CVE-2024-13933 | FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Cross-Site Request Forgery in Multiple Functions |
| CVE-2024-20252 | Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an un... |
| CVE-2024-20254 | Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an un... |
| CVE-2024-20255 | A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an u... |
| CVE-2024-20281 | A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services coul... |
| CVE-2024-20347 | A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which... |
| CVE-2024-13758 | CP Contact Form with PayPal <= 1.3.52 - Cross-Site Request Forgery |
| CVE-2024-13768 | CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Font Assignment... |
| CVE-2024-13774 | Wishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.7 - Cross-Site Request Forgery to Cross-Site Scriping via Wishl... |
| CVE-2024-13795 | Ecwid by Lightspeed Ecommerce Shopping Cart <= 6.12.27 - Cross-Site Request Forgery to Send Deactivation Message |
| CVE-2024-13826 | Email Keep <= 1.1 - Email Deletion via CSRF |
| CVE-2024-1522 | Cross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webui |
| CVE-2024-1727 | CSRF Vulnerability in gradio-app/gradio |
| CVE-2024-1747 | WooCommerce Customers Manager < 30.2 - Subscriber+ Stored XSS |
| CVE-2024-1755 | NPS computy <= 2.7.5 - Results Deletion via CSRF |
| CVE-2024-1756 | WooCommerce Customers Manager < 29.8 - Subscriber+ Email Disclosure |
| CVE-2024-1845 | VikRentCar Car Rental Management System < 1.3.2 - Cross Site Request Forgery |
| CVE-2024-1879 | CSRF to RCE in significant-gravitas/autogpt |
| CVE-2024-1889 | Cross-Site Request Forgery vulnerability in SMA Cluster Controller |
| CVE-2024-1962 | CM Download and File Manager < 2.9.1 - Download Edit via CSRF |
| CVE-2024-20368 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated,... |
| CVE-2024-2040 | Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF |
| CVE-2024-20421 | Cisco ATA 190 Series Analog Telephone Adapter Firmware Cross-Site Request Forgery Vulnerability |
| CVE-2024-22136 | WordPress Droit Elementor Addons Plugin <= 3.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22140 | WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22143 | WordPress WP Spell Check Plugin <= 9.17 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22155 | WordPress WooCommerce plugin <= 8.5.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-22285 | WordPress Frontpage Manager Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22287 | WordPress Better Anchor Links Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22290 | WordPress Custom Dashboard Widgets Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22291 | WordPress Browser Theme Color Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22304 | WordPress FreshMail For WordPress Plugin <= 2.3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-23510 | WordPress Don't Muck My Markup plugin <= 1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-23515 | WordPress Cincopa video and media plugin <= 1.159 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-23519 | WordPress Email Before Download Plugin <= 6.9.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-2354 | Dreamer CMS toEdit cross-site request forgery |
| CVE-2024-23554 | HCL BigFix Platform is susceptible to Cross-Site Request Forgery |
| CVE-2024-20437 | A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacke... |
| CVE-2024-20486 | Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability |
| CVE-2024-20718 | [Spain] CSRF to delete Requisition Lists at Adobe Commerce |
| CVE-2024-2134 | Bdtask Hospita AutoManager Investigation Report cross-site request forgery |
| CVE-2024-21381 | Microsoft Azure Active Directory B2C Spoofing Vulnerability |
| CVE-2024-21749 | WordPress 1 click disable all Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-21752 | WordPress Ajax Search Lite Plugin <= 4.11.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-2196 | CSRF Vulnerability in aimhubio/aim |
| CVE-2024-2232 | Himer - Social Questions and Answers < 2.1.3 - CSRF While Sending the Invites |
| CVE-2024-2233 | Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section |
| CVE-2024-2235 | Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF |
| CVE-2024-22416 | Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation |
| CVE-2024-22424 | Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd |
| CVE-2024-22438 | HPE OfficeConnect 1820 Network switches, Cross-Site Request Forgery (CSRF) |
| CVE-2024-2262 | WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF |
| CVE-2024-2277 | Bdtask G-Prescription Gynaecology & OBS Consultation Software Password Reset change_password_save cross-site request forgery |
| CVE-2024-2288 | CSRF File Upload Vulnerability in parisneo/lollms-webui |
| CVE-2024-2316 | Bdtask Hospital AutoManager Update Bill Page cross-site request forgery |
| CVE-2024-23831 | Privilege escalation through CSRF attack on 'setup.pl' |
| CVE-2024-23910 | Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unau... |
| CVE-2024-2405 | Float menu < 6.0.1 - Menu Deletion via CSRF |
| CVE-2024-2416 | Cross-Site Request Forgery vulnerability in Movistar 4G router |
| CVE-2024-2429 | Salon booking system <= 9.6.5 - Settings Update via CSRF |
| CVE-2024-2559 | Tenda AC18 SysToolReboot fromSysToolReboot cross-site request forgery |
| CVE-2024-2560 | Tenda AC18 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery |
| CVE-2024-25692 | BUG-000154722 - Cross-site request forgery (CSRF) issue in Portal for ArcGIS |
| CVE-2024-25904 | WordPress TinyMCE Professional Formats and Styles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-25905 | WordPress Multi Step Form Plugin <= 1.7.18 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-25914 | WordPress SMTP Mail Plugin <= 1.3.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-25930 | WordPress Custom Order Statuses for WooCommerce Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-25931 | WordPress Heureka Plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-25932 | WordPress Change Table Prefix Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-25982 | Msa-24-0005: csrf risk in language import utility |
| CVE-2024-26153 | ETIC Telecom Remote Access Server (RAS) Cross-Site Request Forgery |
| CVE-2024-26271 | Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Li... |
| CVE-2024-26272 | Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Lif... |
| CVE-2024-26273 | Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Lif... |
| CVE-2024-10726 | Friendly Functions for Welcart <= 1.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-10789 | WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update |
| CVE-2024-10819 | CSRF to XSS in binary-husky/gpt_academic |
| CVE-2024-10832 | Posti Shipping <= 3.10.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via generate_notices_html Function |
| CVE-2024-10892 | Cost Calculator Builder < 3.2.43 - Settings update via CSRF |
| CVE-2024-11071 | Improper Access Control In DestinyECM |
| CVE-2024-11118 | 404 Error Monitor <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update via updatePluginSettings Function |
| CVE-2024-11125 | GetSimpleCMS profile.php cross-site request forgery |
| CVE-2024-2322 | WooCommerce Cart Abandonment Recovery < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF |
| CVE-2024-23319 | CSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin) |
| CVE-2024-2376 | WPQA < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF |
| CVE-2024-2449 | LoadMaster Cross-Site Request Forgery (CSRF) |
| CVE-2024-24593 | A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s Cl... |
| CVE-2024-24701 | WordPress Setka Editor Plugin <= 2.1.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24702 | WordPress Page Restrict Plugin <= 2.5.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24705 | WordPress Accessibility Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24706 | WordPress WP-CFM Plugin <= 1.7.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24708 | WordPress W3SPEEDSTER Plugin <= 7.19 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24849 | WordPress Quicksand Post Filter jQuery Plugin Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24872 | WordPress Themify Builder Plugin <= 7.0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24875 | WordPress Link Library Plugin <= 7.5.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24876 | WordPress Admin Menu Editor Plugin <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24884 | WordPress Contact Form 7 Connector Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24887 | WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24929 | WordPress WP Contact Form Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24935 | WordPress Basic Log Viewer Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-28141 | Cross-Site Request-Forgery |
| CVE-2024-2816 | Tenda AC15 SysToolReboot fromSysToolReboot cross-site request forgery |
| CVE-2024-2817 | Tenda AC15 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery |
| CVE-2024-28195 | Cross-Site Request Forgery (CSRF) vulnerability in API and login in your_spotify |
| CVE-2024-2820 | DedeCMS baidunews.php cross-site request forgery |
| CVE-2024-2821 | DedeCMS friendlink_edit.php cross-site request forgery |
| CVE-2024-30493 | WordPress Church Admin plugin <= 4.1.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-2822 | DedeCMS vote_edit.php cross-site request forgery |
| CVE-2024-2823 | DedeCMS mda_main.php cross-site request forgery |
| CVE-2024-28233 | XSS in JupyterHub via Self-XSS leveraged by Cookie Tossing |
| CVE-2024-2843 | WooCommerce Customers Manager < 30.1 - User Deletion via CSRF |
| CVE-2024-2857 | Simple Buttons Creator <= 1.04 - Unauthenticated Stored XSS |
| CVE-2024-2858 | Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF |
| CVE-2024-28828 | 1-Click compromize via CSRF |
| CVE-2024-28948 | Advantech ADAM-5630 Cross-Site Request Forgery |
| CVE-2024-29019 | ESPHome vulnerable to Authentication bypass via Cross site request forgery |
| CVE-2024-29026 | Owncast cross origin request |
| CVE-2024-2904 | WordPress Calliope theme <= 1.0.33 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-29093 | WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.3 - Cross Site Request Forgery (CSRF) vulne... |
| CVE-2024-2911 | Tianjin PubliCMS cross-site request forgery |
| CVE-2024-29192 | GHSL-2023-206 gotortc Cross-Site Request Forgery vulnerability |
| CVE-2024-2951 | WordPress RegistrationMagic plugin <= 5.3.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-29773 | WordPress BizPrint plugin <= 4.5.5 - CSRF to XSS vulnerability |
| CVE-2024-30252 | GitHub Security Lab (GHSL) Vulnerability Report, livemarks: `GHSL-2024-015` |
| CVE-2024-30421 | WordPress Events Manager plugin <= 6.4.7.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30454 | WordPress WP SMS plugin <= 6.6.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30455 | WordPress GamiPress plugin <= 6.8.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30456 | WordPress WPCS – WordPress Currency Switcher Professional plugin <=1.2.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30457 | WordPress MDTF plugin <= 1.3.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30458 | WordPress FOX – Currency Switcher Professional for WooCommerce plugin <= 1.4.1.7 - Cross Site Request Forgery (CSRF) vulnerab... |
| CVE-2024-30460 | WordPress Tumult Hype Animations plugin <= 1.9.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30462 | WordPress HUSKY plugin <= 1.3.5.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30468 | WordPress All-In-One Security (AIOS) – Security and Firewall plugin <= 5.2.6 - Cross Site Request Forgery (CSRF) vulnerabilit... |
| CVE-2024-30482 | WordPress Simple Revisions Delete plugin <= 1.5.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3151 | Bdtask Multi-Store Inventory Management System Stock Movement Page cross-site request forgery |
| CVE-2024-3163 | Easy Property Listings < 3.5.4 - Arbitrary Contact Deletion via CSRF |
| CVE-2024-31902 | IBM InfoSphere Information Server cross-site request forgery |
| CVE-2024-31920 | WordPress Currency per Product for WooCommerce plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31921 | WordPress Ultimate Product Catalog plugin <= 5.2.15 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31922 | WordPress Hosting Benchmark tool plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31923 | WordPress Feather Login Page plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31924 | WordPress EWWW Image Optimizer plugin <= 7.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31932 | WordPress Blocksy Companion plugin <= 2.0.28 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31933 | WordPress Page Builder: Live Composer plugin <= 1.5.35 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31934 | WordPress Link Whisper Free plugin <= 0.6.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31935 | WordPress Simple Post Notes plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31936 | WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31938 | WordPress NewsXpress theme <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31939 | WordPress Import any XML or CSV File to WordPress plugin <= 3.7.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31940 | WordPress Extra Product Options Builder for WooCommerce plugin <= 1.2.104 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31941 | WordPress CP Media Player plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31942 | WordPress Calendarista Basic Edition plugin <= 3.0.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31943 | WordPress USPS Shipping for WooCommerce plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31944 | WordPress WooCommerce UPS Shipping plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32099 | WordPress WP Mail Catcher plugin <= 2.1.6 - Cross Site Request Forgery vulnerability |
| CVE-2024-32101 | WordPress Email Marketing for WooCommerce plugin <= 1.14.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32102 | WordPress Crony Cronjob Manager plugin <= 0.5.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32103 | WordPress Siteimprove plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32104 | WordPress NextMove Lite plugin <= 2.18.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32105 | WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32106 | WordPress WP Compress plugin <= 6.10.35 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32107 | WordPress Finale Lite plugin <= 2.18.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32108 | WordPress Convert Post Types plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32109 | WordPress WP Matterport Shortcode plugin <= 2.1.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32112 | WordPress Leadinfo plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32141 | WordPress Libsyn Publisher Hub plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3238 | WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.29 - Cross-Site Request Forgery to Arbitrary File Deletion |
| CVE-2024-32433 | WordPress BEAF plugin <= 4.5.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32434 | WordPress Order Delivery Date for WooCommerce plugin <= 3.20.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32435 | WordPress AffiEasy plugin <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32436 | WordPress Gift Cards plugin <= 4.4.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32437 | WordPress eCommerce Product Catalog plugin <= 3.3.28 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32438 | WordPress SEO Booster plugin <= 3.8.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32439 | WordPress WP Client Reports plugin <= 1.0.22 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32440 | WordPress Asgaros Forum plugin <= 2.8.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32441 | WordPress Zoho Campaigns plugin <= 2.0.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32442 | WordPress Zoho Campaigns plugin <= 2.0.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32443 | WordPress IP2Location Country Blocker plugin <= 2.34.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32445 | WordPress WebinarIgnition plugin <= 3.05.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32446 | WordPress Wallet System for WooCommerce plugin <= 2.5.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32447 | WordPress AWP Classifieds plugin <= 4.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32448 | WordPress Ads.txt Admin plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32449 | WordPress RestroPress plugin <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32450 | WordPress WpTravelly plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32451 | WordPress Legal Pages plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32452 | WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3246 | LiteSpeed Cache <= 6.2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-32728 | WordPress Paid Membership Subscriptions plugin <= 2.11.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32773 | WordPress Royal Elementor Kit theme <= 1.0.116 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32785 | WordPress The Pack Elementor addons plugin <= 2.0.8.3 - Cross Site Request Forgery (CSRF) to XSS vulnerability |
| CVE-2024-32789 | WordPress Seers plugin <= 8.0.6 - Cross Site Request Forgery (CSRF) to XSS vulnerability |
| CVE-2024-32793 | WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32794 | WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32795 | WordPress WPCal.io <= 0.9.5.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32806 | WordPress Headline Analyzer plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32863 | exacqVison - CSRF issues with Web Service |
| CVE-2024-33638 | WordPress Smart Maintenance Mode plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33646 | WordPress Sticky Anything plugin <= 2.1.5 - Broken Access Control to XSS vulnerability |
| CVE-2024-33650 | WordPress Serious Slider plugin <= 1.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33651 | WordPress MF Gig Calendar plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33677 | WordPress Contact Form 7 Extension For Mailchimp plugin <= 0.5.70 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33678 | WordPress ClickCease Click Fraud Protection plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33679 | WordPress FameTheme Demo Importer plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33680 | WordPress MainWP Child Reports plugin <= 2.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33681 | WordPress Regenerate post permalink plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) leading to XSS vulnerability |
| CVE-2024-33682 | WordPress WP GDPR Compliance plugin <= 2.0.23 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33683 | WordPress Hide Dashboard Notifications plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33688 | WordPress Teluro theme <= 1.0.31 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33689 | WordPress Radio Station plugin <= 2.5.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33690 | WordPress Financio theme <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33691 | WordPress Popup Builder by OptinMonster plugin <= 2.15.3 - Cross Site Request Forgery (CSRF) Notice Dismissal vulnerability |
| CVE-2024-33913 | WordPress Xserver Migrator plugin <= 1.6.1 - CSRF to Arbitrary File Upload vulnerability |
| CVE-2024-34367 | WordPress Popup Box plugin <= 4.1.2 - CSRF to XSS vulnerability |
| CVE-2024-34379 | WordPress Restaurant and Cafe theme <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34427 | WordPress WP Favorite Posts plugin <= 1.6.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34439 | WordPress DS Site Message plugin <= 1.14.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34557 | WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3471 | Button Generator < 3.0 - Button Deletion via CSRF |
| CVE-2024-3472 | Modal Window < 5.3.10 - Modal Deletion via CSRF |
| CVE-2024-3474 | Wow Skype Buttons < 4.0.4 - Button Deletion via CSRF |
| CVE-2024-3475 | Sticky Buttons < 3.2.4 - Button Deletion via CSRF |
| CVE-2024-34755 | WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.3.9 - Cross... |
| CVE-2024-34756 | WordPress Integration for HubSpot and Contact Form 7 plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3476 | Side Menu Lite < 4.2.1 - Menu Deletion via CSRF |
| CVE-2024-3477 | Popup Box < 2.2.7 - Popup Deletion via CSRF |
| CVE-2024-3478 | Herd Effects < 5.2.7 - Effect Deletion via CSRF |
| CVE-2024-34806 | WordPress Clearfy Cache plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34807 | WordPress Fast Custom Social Share by CodeBard plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-27194 | WordPress Fontific plugin <= 0.1.6 - CSRF to XSS vulnerability |
| CVE-2024-27195 | WordPress Watermark RELOADED plugin <= 1.3.5 - CSRF to XSS vulnerability |
| CVE-2024-27197 | WordPress BeePress plugin <= 6.9.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-27265 | IBM Integration Bus for z/OS cross-site request forgery |
| CVE-2024-2739 | Advance Search <= 1.1.6 - Shortcode Deletion via CSRF |
| CVE-2024-2741 | Cross-Site Request Forgery in Planet IGS-4215-16T2S |
| CVE-2024-27439 | Apache Wicket: Possible bypass of CSRF protection |
| CVE-2024-2748 | CSRF vulnerability was identified in GitHub Enterprise Server that allowed performing actions on behalf of a user |
| CVE-2024-27783 | Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticate... |
| CVE-2024-27948 | WordPress Atahualpa Theme <= 3.7.24 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-27955 | WordPress Automatic plugin <= 3.92.0 - CSRF to Privilege Escalation vulnerability |
| CVE-2024-27967 | WordPress DSGVO All in one for WP plugin <= 4.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-27968 | WordPress Super Page Cache for Cloudflare plugin <= 4.7.5 - Cross Site Request Forgery (CSRF) to XSS vulnerability |
| CVE-2024-31109 | WordPress Woocommerce Social Media Share Buttons plugin <= 1.3.0 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31113 | WordPress Easy Digital Downloads plugin <= 3.2.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31205 | Saleor CSRF bypass in refreshToken mutation |
| CVE-2024-31235 | WordPress Comments Import & Export plugin <= 2.3.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31238 | WordPress Smart Online Order for Clover plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31239 | WordPress Nudgify Social Proof, Sales Popup & FOMO plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31250 | WordPress WP Server Health Stats plugin <= 1.7.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31251 | WordPress Community by PeepSo plugin <= 6.3.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31262 | WordPress WooCommerce Checkout Field Editor (Checkout Manager) plugin <= 2.1.8 - Cross Site Request Forgery (CSRF) vulnerabil... |
| CVE-2024-31263 | WordPress Loan Repayment Calculator and Application Form plugin <= 2.9.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31264 | WordPress Post Views Counter plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31265 | WordPress Sumo plugin <= 1.34 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31268 | WordPress AppPresser plugin <= 4.3.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31269 | WordPress Easy Google Maps plugin <= 1.11.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31271 | WordPress Ultimate Maps plugin <= 1.2.16 - Cross Site Request Forgery vulnerability |
| CVE-2024-31272 | WordPress ARForms Form Builder plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31279 | WordPress Generate Child Theme plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31285 | WordPress WordPress Tooltips plugin <= 9.5.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31289 | WordPress Hello Elementor theme <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31293 | WordPress Easy Digital Downloads plugin <= 3.2.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31299 | WordPress ReDi Restaurant Reservation plugin <= 24.0128 - Cross Site Request Forgery (CSRF) to XSS vulnerability |
| CVE-2024-31301 | WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31303 | WordPress Sign-up Sheets plugin <= 2.2.11.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31305 | WordPress Transcoder plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3135 | Cross-Site Request Forgery (CSRF) Vulnerability in mudler/localai |
| CVE-2024-31354 | WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31360 | WordPress Benchmark Email Lite plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31362 | WordPress ProfileGrid – User Profiles, Memberships, Groups and Communities plugin <= 5.7.8 - Cross Site Request Forgery (CSRF... |
| CVE-2024-31363 | WordPress LifterLMS plugin <= 7.5.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31364 | WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31369 | WordPress Soledad theme <= 8.4.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31371 | WordPress WP Event Aggregator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31372 | WordPress No-Bot Registration plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31373 | WordPress E2Pdf plugin <= 1.20.27 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31374 | WordPress AppPresser – Mobile App Framework plugin <= 4.3.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31376 | WordPress Dashboard To-Do List plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31378 | WordPress MailChimp Forms by MailMunch plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31379 | WordPress Smash Balloon Social Post Feed plugin <= 4.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31381 | WordPress Spotlight Social Feeds plugin <= 1.6.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31382 | WordPress Blocksy theme <= 2.0.22 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31383 | WordPress PopularFX theme <= 1.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31384 | WordPress Spa and Salon theme <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31385 | WordPress ReDi Restaurant Reservation plugin <= 24.0128 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31386 | Multiple WordPress themes affected by Cross-Site Request Forgery vulnerability |
| CVE-2024-31388 | WordPress Tablesome plugin <= 1.0.25 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31389 | WordPress MihanPanel plugin < 12.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3142 | Clavister E10/E80 Setting cross-site request forgery |
| CVE-2024-31422 | WordPress Favicon by RealFaviconGenerator plugin <= 1.3.29 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31424 | WordPress Login with Phone Number plugin <= 1.6.93 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31425 | WordPress Amelia plugin <= 1.0.95 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31426 | WordPress Inline Related Posts plugin <= 3.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31427 | WordPress Marker.io plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31428 | WordPress The Conference theme <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31429 | WordPress Sarada Lite theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3143 | DedeCMS member_rank.php cross-site request forgery |
| CVE-2024-31430 | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR and WOLF WordPress plugins |
| CVE-2024-31431 | WordPress Product Input Fields for WooCommerce plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31433 | WordPress The Events Calendar plugin <= 6.3.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31434 | WordPress Newsletter plugin <= 8.0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3144 | DedeCMS makehtml_spec.php cross-site request forgery |
| CVE-2024-3145 | DedeCMS makehtml_js_action.php cross-site request forgery |
| CVE-2024-3146 | DedeCMS makehtml_rss_action.php cross-site request forgery |
| CVE-2024-3147 | DedeCMS makehtml_map.php cross-site request forgery |
| CVE-2024-37412 | WordPress Blossom Shop theme <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37413 | WordPress Preschool and Kindergarten theme <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37417 | WordPress Coachify theme <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37421 | WordPress JobScout theme <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37426 | WordPress Elegant Pink theme 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37431 | WordPress Mesmerize theme <= 1.6.120 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37435 | WordPress Perfect Portfolio theme <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37438 | WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37441 | WordPress NewsMash theme <= 1.0.34 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37448 | WordPress OnePress theme <= 2.3.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37450 | WordPress Benevolent theme <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37451 | WordPress Travel Agency theme <= 1.4.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37452 | WordPress Schema Lite theme <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37458 | WordPress Highlight theme <= 1.0.29 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37467 | WordPress Hestia theme <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37469 | WordPress Blocksy theme <= 1.9.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37473 | WordPress Trendy News theme <= 1.0.15 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37478 | WordPress Ashe theme <= 2.233 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37490 | WordPress Bard theme <= 2.210 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37491 | WordPress Rife Free theme <= 2.4.18 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37493 | WordPress Posterity theme <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37503 | WordPress Lawyer Landing Page theme <= 1.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37508 | WordPress Construction Landing Page theme <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37511 | WordPress Swift Performance Lite plugin <= 2.3.6.20 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37518 | WordPress The Events Calendar plugin <= 6.5.1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37540 | WordPress Leaky Paywall plugin <= 4.21.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37543 | WordPress Ultimate Auction plugin <= 4.2.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3756 | MF Gig Calendar <= 1.2.1 - Arbitrary Event Deletion via CSRF |
| CVE-2024-3782 | Cross-Site Request Forgery (CSRF) vulnerability in WBSAirback |
| CVE-2024-37923 | WordPress Cliengo - Chatbot plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37925 | WordPress BuddyBoss Theme theme <= 2.4.61 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37931 | WordPress Point theme <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37937 | WordPress Rara Business theme <= 1.2.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37938 | WordPress SociallyViral theme <= 1.0.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-10906 | Cross-Site Request Forgery (CSRF) in eosphoros-ai/db-gpt |
| CVE-2024-11014 | Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to... |
| CVE-2024-24777 | A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e... |
| CVE-2024-24798 | WordPress Debug Plugin <= 1.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24802 | WordPress JTRT Responsive Tables Plugin <= 4.1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24819 | icingaweb2-module-incubator base implementation for HTML forms is susceptible to CSRF |
| CVE-2024-24820 | Icinga Director configuration is susceptible to Cross-Site Request Forgery |
| CVE-2024-2483 | Surya2Developer Hostel Management Service Password Change change-password.php cross-site request forgery |
| CVE-2024-24837 | Cross-Site Request Forgery (CSRF) vulnerability in FG PrestaShop, FG Drupal and FG Joomla WordPress plugins |
| CVE-2024-24843 | WordPress PowerPack Pro for Elementor Plugin < 2.10.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-31985 | XWiki Platform CSRF in the job scheduler |
| CVE-2024-31986 | XWiki Platform CSRF remote code execution through scheduler job's document reference |
| CVE-2024-31988 | XWiki Platform CSRF remote code execution through the realtime HTML Converter API |
| CVE-2024-31998 | CSRF security issue on CSV import in Combodo iTop |
| CVE-2024-32082 | WordPress Sync Post With Other Site plugin <= 1.5.1 - Cross Site Request Forgery (CSRF) to XSS vulnerability |
| CVE-2024-32084 | WordPress Before And After plugin <= 3.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32085 | WordPress Citadela Listing plugin < 5.20.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32088 | WordPress Website Builder plugin <= 6.15.20 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32089 | WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32090 | WordPress Church Admin plugin <= 4.0.27 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32091 | WordPress Sangar Slider plugin <= 1.3.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32092 | WordPress Kimili Flash Embed plugin <= 2.5.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32093 | WordPress Novelist plugin <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32094 | WordPress Church Content plugin <= 2.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32095 | WordPress MultiParcels Shipping For WooCommerce plugin < 1.16.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32096 | WordPress WP Synchro plugin <= 1.11.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32097 | WordPress GEO my WordPress plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32538 | WordPress Easy CountDowner plugin <= 1.0.8 - CSRF to XSS vulnerability |
| CVE-2024-32549 | WordPress Related Posts for WordPress plugin <= 4.0.3 - CSRF to XSS vulnerability |
| CVE-2024-32550 | WordPress BMI Adult & Kid Calculator plugin <= 1.2.1 - CSRF to XSS vulnerability |
| CVE-2024-32693 | WordPress Automatic plugin < 3.93.0 - Multiple Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32699 | WordPress YITH WooCommerce Compare plugin <= 2.37.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32947 | WordPress WP ADA Compliance Check Basic plugin <= 3.1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32958 | WordPress Slash Admin plugin <= 3.8.1 - CSRF to XSS vulnerability |
| CVE-2024-33632 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34001 | moodle: CSRF risk in admin preset tool management of presets |
| CVE-2024-34007 | moodle: logout CSRF in admin/tool/mfa/auth.php |
| CVE-2024-34008 | moodle: CSRF risk in analytics management of models |
| CVE-2024-3405 | WP Prayer <= 2.0.9 - Settings Update via CSRF |
| CVE-2024-3406 | WP Prayer <= 2.0.9 - Email Settings Update via CSRF |
| CVE-2024-34069 | Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution |
| CVE-2024-3407 | WP Prayer <= 2.0.9 - Arbitrary Prayer Deletion via CSRF |
| CVE-2024-35138 | IBM Security Verify Access cross-site request forgery |
| CVE-2024-35207 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The web interface o... |
| CVE-2024-35632 | WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site R... |
| CVE-2024-35636 | WordPress Uploadcare File Uploader and Adaptive Delivery plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35638 | WordPress ActiveDEMAND plugin <= 0.2.43 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35657 | WordPress WP-Recall plugin <= 16.26.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35673 | WordPress Pure Chat plugin <= 2.22 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35684 | WordPress ElasticPress plugin <= 5.1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35689 | WordPress Analytify plugin <= 5.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35770 | WordPress Vimeography plugin <= 2.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35771 | WordPress Customizr theme <= 4.4.21 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35772 | WordPress Hueman theme <= 3.7.24 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35773 | WordPress Comment Reply Email plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2024-3582 | Ungallery <= 2.2.4 - Stored XSS via CSRF |
| CVE-2024-3590 | LetterPress <= 1.2.2 - Subscriber Deletion via CSRF |
| CVE-2024-37198 | WordPress Digital Newspaper theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37212 | WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - CSRF to PHP Object Injection vulnerability |
| CVE-2024-37213 | WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.9 - CSRF to XSS vulnerability |
| CVE-2024-37230 | WordPress Book Landing Page theme <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37235 | WordPress Groundhogg plugin <= 3.4.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37236 | WordPress Loco Translate plugin <= 2.6.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37237 | WordPress FS Poster plugin <= 6.5.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37238 | WordPress WPAdverts – Classifieds plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37240 | WordPress Falang multilanguage for WordPress plugin <= 1.3.51 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37241 | WordPress WP Job Manager Resume Manager plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37242 | WordPress Newspack Newsletters plugin <= 2.13.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37243 | WordPress Vandana Lite theme <= 1.1.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37251 | WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34809 | WordPress EmpowerWP theme <= 1.0.21 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3481 | Counter Box < 1.2.4 - Counter Deletion via CSRF |
| CVE-2024-34814 | WordPress Unyson plugin <= 2.7.29 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34816 | WordPress WPCal.io plugin <= 0.9.5.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34817 | WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request... |
| CVE-2024-34818 | WordPress Webinar plugin <= 1.33.17 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34823 | WordPress Arigato Autoresponder and Newsletter plugin <= 2.7.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34825 | WordPress Social Warfare plugin <= 4.4.5.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34827 | WordPress Translate Multilingual sites – TranslatePress plugin <= 2.7.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34828 | WordPress Church Admin plugin <= 4.1.32 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-36255 | Post actions can run playbook checklist task commands |
| CVE-2024-3629 | HL Twitter <= 2014.1.18 - Settings Update via CSRF |
| CVE-2024-3631 | HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF |
| CVE-2024-3632 | Smart Image Gallery < 1.0.19 - Update/Delete Google API Key via CSRF |
| CVE-2024-3642 | Newsletter Popup <= 1.2 - Subscriber Deletion via CSRF |
| CVE-2024-3643 | Newsletter Popup <= 1.2 - List Deletion via CSRF |
| CVE-2024-37093 | WordPress MasterStudy LMS WordPress Plugin plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37102 | WordPress Vilva theme <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37103 | WordPress Education Zone theme <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37104 | WordPress Chic Lite theme <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3983 | WooCommerce Customers Manager < 30.1 - Bulk Action via CSRF |
| CVE-2024-3993 | AZAN Plugin <= 0.6 - Stored XSS via CSRF |
| CVE-2024-40883 | Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to... |
| CVE-2024-40886 | One-click Client-Side Path Traversal Leading to CSRF in User Management admin page |
| CVE-2024-4128 | CSRF in firebase-tools emulator suite |
| CVE-2024-4172 | idcCMS cross-site request forgery |
| CVE-2024-41776 | IBM Cognos Controller cross-site request forgery |
| CVE-2024-41795 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices... |
| CVE-2024-41811 | ipl/web susceptible to Cross-Site Request Forgery (CSRF) |
| CVE-2024-41987 | Cross-Site Request Forgery (CSRF) vulnerability in TEM Opera Plus FM Family Transmitter |
| CVE-2024-42475 | OAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG ins... |
| CVE-2024-42476 | oauth CSRF vulnerability |
| CVE-2024-42504 | HPE IceWall Agent products, Cross-Site Request Forgery (CSRF) |
| CVE-2024-43116 | WordPress Simple Local Avatars plugin <= 2.7.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43117 | WordPress Hummingbird plugin <= 3.9.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43192 | IBM Storage TS4500 Library cross-site request forgery |
| CVE-2024-43255 | WordPress MyBookTable Bookstore by Stormhill Media plugin <= 3.3.9 - CSRF to XSS vulnerability |
| CVE-2024-43265 | WordPress Analytify plugin <= 5.3.1 - CSRF Leading to Optout Vulnerability |
| CVE-2024-43269 | WordPress Backup and Restore WordPress plugin <= 1.50 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43275 | WordPress Insert PHP Code Snippet plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-4328 | CSRF in clear_personality_files_list in parisneo/lollms-webui |
| CVE-2024-43287 | WordPress Brevo plugin <= 3.1.82 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43295 | WordPress WP Data Access plugin <= 5.5.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43299 | WordPress SpeedyCache plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43301 | WordPress Fonts plugin <= 3.7.7 - Cross Site Request Forgery (CSRF) to Stored XSSvulnerability |
| CVE-2024-37939 | WordPress Patricia Lite theme <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37940 | WordPress Seraphinite Accelerator (Full, premium) plugin <= 2.21.13 - CSRF Leading to Arbitrary File Deletion vulnerability |
| CVE-2024-37941 | WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin <= 2.24.3 - Cross Site Request Forgery (CSRF) vulnerabil... |
| CVE-2024-3798 | Insecure handling of GET argument in Phoniebox |
| CVE-2024-3823 | Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF |
| CVE-2024-3824 | Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF |
| CVE-2024-3825 | CSRF in BlazeMeter Jenkins plugin |
| CVE-2024-38276 | moodle: CSRF risks due to misuse of confirm_sesskey |
| CVE-2024-38691 | WordPress Metorik plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38724 | WordPress Contact Form 7 Summary and Print plugin <= 1.2.5 - Cross Site Request Forgery (CSRF) to XSS vulnerability |
| CVE-2024-38729 | WordPress MBE eShip plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3873 | SMI SMI-EX-5414W Web Interface cross-site request forgery |
| CVE-2024-38731 | WordPress i-amaze theme <= 1.3.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38732 | WordPress Patricia Blog theme <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38751 | WordPress AdsforWP plugin <= 1.9.28 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38753 | WordPress Animated Rotating Words Plugin <= 5.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38754 | WordPress Tagbox plugin <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38762 | WordPress Event Tickets and Registration plugin <= 5.11.0.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38763 | WordPress Popularis Verse theme <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38764 | WordPress i-transform theme <= 3.0.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38765 | WordPress Oceanic theme <= 1.0.48 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38766 | WordPress Matomo Analytics plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) leading to Notice Dismissal vulnerability |
| CVE-2024-38776 | WordPress WP GoToWebinar plugin <= 15.7 - CSRF to XSS vulnerability |
| CVE-2024-38778 | WordPress WP Fast Total Search <= 1.69.234 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38789 | WordPress Telegram Bot & Channel plugin <= 3.8.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38790 | WordPress Smartsupp plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3903 | Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF |
| CVE-2024-3932 | Totara LMS User Selector cross-site request forgery |
| CVE-2024-39326 | SkillTree CSRF Vulnerability allows an attacker to modify the Video and Captions of a Skill |
| CVE-2024-3940 | reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF |
| CVE-2024-39408 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) |
| CVE-2024-39409 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) |
| CVE-2024-3941 | reCAPTCHA Jetpack <= 0.2.2 - Stored XSS via CSRF |
| CVE-2024-39410 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) |
| CVE-2024-39623 | WordPress ListingPro theme <= 2.9.4 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability |
| CVE-2024-39628 | WordPress Ninja Forms plugin <= 3.8.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-39641 | WordPress LearnPress plugin <= 4.2.6.8.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-39645 | WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3965 | Pray For Me <= 1.0.4 - Settings Update via CSRF |
| CVE-2024-39657 | WordPress Sender plugin <= 2.6.18 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-39678 | WordPress Cooked Plugin - Cross-Site Request Forgery to Get Recipe IDs |
| CVE-2024-39679 | WordPress Cooked Plugin - Cross-Site Request Forgery to Recipe Template Reset |
| CVE-2024-39680 | WordPress Cooked Plugin - Cross-Site Request Forgery to Default Recipe Template Save |
| CVE-2024-39681 | WordPress Cooked Plugin - Cross-Site Request Forgery to Apply Template to All Recipes |
| CVE-2024-3971 | Similarity <= 3.0 - Plugin Reset via CSRF |
| CVE-2024-3972 | Similarity <= 3.0 - Stored XSS via CSRF |
| CVE-2024-39744 | IBM Sterling Connect:Direct Web Services cross-site request forgery |
| CVE-2024-43356 | WordPress oik plugin <= 4.12.0 - Arbitrary File Deletion vulnerability |
| CVE-2024-43684 | Cross-Site Request Forgery vulnerability in TimeProvider 4100 |
| CVE-2024-43787 | Hono CSRF middleware can be bypassed using crafted Content-Type header |
| CVE-2024-4382 | CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF |
| CVE-2024-43927 | WordPress Email Address Encoder plugin <= 1.0.23 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43930 | WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.3 - Broken Access Control vulnerability |
| CVE-2024-43933 | WordPress WPMobile.App plugin <= 11.48 - CSRF to Stored XSS vulnerability |
| CVE-2024-43945 | WordPress LatePoint plugin <= 4.9.91 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43947 | WordPress WP Armour Extended plugin <= 1.26 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43984 | WordPress Podlove Podcast Publisher plugin <= 4.1.13 - CSRF to Remote Code Execution (RCE) vulnerability |
| CVE-2024-44028 | WordPress NiceJob plugin < 3.6.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-4403 | CSRF in restart_program in parisneo/lollms-webui |
| CVE-2024-44064 | WordPress Like Button Rating LikeBtn plugin <= 2.6.54 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-47082 | Strawberry GraphQL Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2024-47100 | A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC... |
| CVE-2024-4751 | WP Prayer II <= 2.4.7 - Settings Update via CSRF |
| CVE-2024-4757 | Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF |
| CVE-2024-4758 | Muslim Prayer Time BD <= 2.4 - Settings Reset via CSRF |
| CVE-2024-47846 | Special:DeleteCargoTable and Special:SwitchCargoTable have no CSRF protection |
| CVE-2024-47879 | OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) |
| CVE-2024-43316 | WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43325 | WordPress Dark Mode for WP Dashboard plugin <= 1.2.3 - Cross Site Request Forgery vulnerability |
| CVE-2024-43336 | WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.10 - Cross Site Request Forgery (CSRF) vulnerabil... |
| CVE-2024-43337 | WordPress Brave plugin <= 0.7.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43338 | WordPress Crowdsignal Polls & Ratings plugin <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43339 | WordPress WordPress Webinar Plugin – WebinarPress plugin <= 1.33.20 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43340 | WordPress AFI – The Easiest Integration Plugin plugin <= 1.89.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-4429 | Cross Site Request Forgery vulnerability in iManager |
| CVE-2024-4474 | WP Logs Book <= 1.0.1 - Disable Logging via CSRF |
| CVE-2024-4475 | WP Logs Book <= 1.0.1 - Log Clearing via CSRF |
| CVE-2024-4480 | WP Prayer II <= 2.4.7 - Email Settings Update via CSRF |
| CVE-2024-4499 | CSRF Vulnerability in parisneo/lollms XTTS Server |
| CVE-2024-4529 | Business Card <= 1.0.0 - Category Deletion via CSRF |
| CVE-2024-4530 | Business Card <= 1.0.0 - Category Edit via CSRF |
| CVE-2024-4531 | Business Card <= 1.0.0 - Card Edit via CSRF |
| CVE-2024-4532 | Business Card <= 1.0.0 - Arbitrary Card Deletion via CSRF |
| CVE-2024-4534 | KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF |
| CVE-2024-4535 | KKProgressbar2 Free <= 1.1.4.2 - Progress Bar Deletion via CSRF |
| CVE-2024-45372 | MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page wh... |
| CVE-2024-45693 | Apache CloudStack: Request origin validation bypass makes account takeover possible |
| CVE-2024-45737 | Maintenance mode state change of App Key Value Store (KVStore) through Cross-Site Request Forgery (CSRF) |
| CVE-2024-4585 | DedeCMS member_type.php cross-site request forgery |
| CVE-2024-4586 | DedeCMS shops_delivery.php cross-site request forgery |
| CVE-2024-4587 | DedeCMS tpl.php cross-site request forgery |
| CVE-2024-4588 | DedeCMS mytag_add.php cross-site request forgery |
| CVE-2024-4589 | DedeCMS mytag_edit.php cross-site request forgery |
| CVE-2024-4590 | DedeCMS sys_info.php cross-site request forgery |
| CVE-2024-4591 | DedeCMS sys_group_add.php cross-site request forgery |
| CVE-2024-4592 | DedeCMS sys_group_edit.php cross-site request forgery |
| CVE-2024-4593 | DedeCMS sys_multiserv.php cross-site request forgery |
| CVE-2024-4594 | DedeCMS sys_safe.php cross-site request forgery |
| CVE-2024-4597 | Cross-Site Request Forgery (CSRF) in GitLab |
| CVE-2024-4600 | Cross-Site Request Forgery vulnerability in Socomec Net Vision |
| CVE-2024-46872 | Client-Side Path Traversal Leading to CSRF in Playbooks |
| CVE-2024-4689 | WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-46911 | Apache Roller: Weakness in CSRF protection allows privilege escalation |
| CVE-2024-47634 | WordPress CartBounty plugin <= 8.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-47635 | WordPress TinyPNG plugin <= 3.4.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-47644 | WordPress Copyscape Premium plugin <= 1.3.6 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-47828 | Cross-Site Request Forgery in ampache |
| CVE-2024-48846 | Cross Side Request Forgery, CSRF |
| CVE-2024-48913 | Hono vulnerable to bypass of CSRF Middleware by a request without Content-Type header. |
| CVE-2024-48962 | Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE) |
| CVE-2024-49220 | WordPress Cookie Scanner plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-49221 | WordPress cSlider plugin <= 2.4.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-49223 | WordPress CJ Change Howdy plugin <= 3.3.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-49229 | WordPress Better Author Bio plugin <= 2.7.10.11 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49237 | WordPress Ahmeti Wp Timeline plugin <= 5.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-49250 | WordPress Table of Contents Plus plugin <= 2408 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49272 | WordPress Social Auto Poster plugin <= 5.3.15 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49274 | WordPress VOD Infomaniak plugin <= 1.5.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49275 | WordPress IdeaPush plugin <= 8.69 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-4929 | SourceCodester Simple Online Bidding System cross-site request forgery |
| CVE-2024-49290 | WordPress Cooked Pro plugin < 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49294 | WordPress WpBusTicketly plugin <= 5.4.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49605 | WordPress Community Lite Video Chat plugin <= 2.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-49615 | WordPress SafetyForms plugin <= 1.0.0 - CSRF to SQL Injection vulnerability |
| CVE-2024-49617 | WordPress Back Link Tracker plugin <= 1.0.0 - CSRF to SQL Injection vulnerability |
| CVE-2024-49621 | WordPress APA Register Newsletter Form plugin <= 1.0.0 - CSRF to SQL Injection vulnerability |
| CVE-2024-49622 | WordPress Apa Banner Slider plugin <= 1.0.0 - CSRF to SQL Injection vulnerability |
| CVE-2024-47914 | VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF) |
| CVE-2024-48031 | WordPress Featured Posts with Multiple Custom Groups (FPMCG) plugin <= 4.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2024-48037 | WordPress Contact Form Widget – Contact Query, Contact Page, Form Maker, Query Table plugin <= 1.4.2 - CSRF vulnerability |
| CVE-2024-48038 | WordPress wp-Monalisa plugin <= 6.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-48047 | WordPress Linked Variation for WooCommerce plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-48048 | WordPress Wsify Widget plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-4839 | CSRF in Servers Configurations in parisneo/lollms-webui |
| CVE-2024-49304 | WordPress Pinpoint Booking System plugin <= 2.9.9.5.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49306 | WordPress WP Content Copy Protection & No Right Click plugin <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49313 | WordPress VKontakte Wall Post plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49335 | WordPress GoogleDrive folder list plugin <= 2.2.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49340 | IBM Watson Studio Local cross-site request forgery |
| CVE-2024-49672 | WordPress Google Docs RSVP plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49674 | WordPress EKC Tournament Manager plugin <= 2.2.1 - CSRF to Arbitrary File Upload vulnerability |
| CVE-2024-37272 | WordPress Travel Monster theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37274 | WordPress WP Mobile Menu plugin <= 2.8.4.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37306 | CVAT's export and backup-related API endpoints are susceptible to CSRF |
| CVE-2024-47305 | WordPress Use Any Font plugin <= 6.3.08 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-47315 | WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 3.15.1 - Cross Site Request Forgery (CSRF) vulnerabili... |
| CVE-2024-5003 | WP Stacker <= 1.8.5 - Stored XSS via CSRF |
| CVE-2024-5028 | CM WordPress Search And Replace Plugin < 1.3.9 - Plugin Reset via CSRF |
| CVE-2024-5029 | CM Table Of Contents – WordPress TOC Plugin < 1.2.4 - Stored XSS via CSRF |
| CVE-2024-5030 | CM Table Of Contents – WordPress TOC Plugin < 1.2.3 - Settings Reset via CSRF |
| CVE-2024-5033 | SULly < 4.3.1 - Admin+ Stored XSS via CSRF |
| CVE-2024-5034 | SULly < 4.3.1 - Plugin Reset via CSRF |
| CVE-2024-50466 | WordPress DarkMySite – Advanced Dark Mode Plugin for WordPress plugin <= 1.2.8 - Cross Site Request Forgery (CSRF) vulnerabil... |
| CVE-2024-50533 | WordPress Domain Sharding plugin <= 1.2.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-50534 | WordPress World Prayer Time plugin <= 2.0 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-5076 | WP eMember < 10.6.6 - Bulk Delete via CSRF |
| CVE-2024-5077 | WP eMember < 10.6.6 - Stored XSS in Blacklist via CSRF |
| CVE-2024-5081 | WP eMember <= v10.7.0 - Stored XSS via CSRF |
| CVE-2024-5097 | SourceCodester Simple Inventory System tableedit.php#page=editprice cross-site request forgery |
| CVE-2024-51484 | Insufficient Validation in Controllers (Activation/Deactivation) in Ampache |
| CVE-2024-51485 | Insufficient Validation in Plugins (Activation/Deactivation) in Ampache |
| CVE-2024-51487 | Insufficient Validation in Catalog (Activation/Deactivation) in Ampache |
| CVE-2024-51488 | Insufficient Validation in Delete Message in Ampache |
| CVE-2024-51489 | Insufficient Message Token Validation in Ampache |
| CVE-2024-5155 | Inquiry Cart <= 3.4.2 - Stored XSS via CSRF |
| CVE-2024-51630 | WordPress Responsive Flickr Gallery plugin <= 1.3.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-51631 | WordPress Sticky Social Bar plugin <= 2.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51632 | WordPress SH Slideshow plugin <= 4.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51633 | WordPress Simple Page Specific Sidebars plugin <= 2.14.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51634 | WordPress Webriti Custom Login plugin <= 0.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51635 | WordPress While Loading plugin <= 3.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51636 | WordPress Plugin Name: GMO Social Connection plugin <= 1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51637 | WordPress Admin SMS Alert plugin <= 1.1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51638 | WordPress Awesome Shortcodes For Genesis plugin 1.1.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51639 | WordPress Naver Blog plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-51640 | WordPress MDR Webmaster Tools plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-51641 | WordPress Advanced PDF Generator plugin <= 0.4.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-51642 | WordPress Seo Free plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-51643 | WordPress Amazon Associate Filter plugin <= 0.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-51644 | WordPress Addressbook plugin <= 1.1.3 - CSRF to Stored XSS vulnerability |
| CVE-2024-51645 | WordPress ThemeFuse Maintenance Mode plugin <= 1.1.3 - CSRF to Stored XSS vulnerability |
| CVE-2024-51647 | WordPress Featured Posts Scroll plugin <= 1.25 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51648 | WordPress e-shops plugin 1.0.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51649 | WordPress Mobilize plugin <= 3.0.7 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51650 | WordPress Random Featured Post plugin <= 1.1.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51652 | WordPress Skip To plugin <= 2.0.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51653 | WordPress UPDATE NOTIFICATIONS plugin <= 0.3.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51654 | WordPress APK Downloader plugin <= 1.0.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51655 | WordPress Custom Author URL plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51656 | WordPress Flash Show And Hide Box plugin <= 1.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51657 | WordPress SmartLink Dynamic URLs plugin <= 1.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-51658 | WordPress WP Course Manager plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2024-51659 | WordPress Twitter @Anywhere Plus plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-51669 | WordPress Dynamic Widgets plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49627 | WordPress WordPress Image SEO plugin <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49628 | WordPress Most And Least Read Posts Widget plugin <= 2.5.18 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49629 | WordPress Endless Posts Navigation plugin <= 2.2.7 - CSRF to Stored XSS vulnerability |
| CVE-2024-51679 | WordPress Appointmind plugin <= 4.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-51684 | WordPress W3P SEO plugin < 1.8.6 - CSRF to Stored XSS vulnerability |
| CVE-2024-51686 | WordPress Manage User Columns plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-51687 | WordPress Platform.ly Official plugin <= 1.1.3 - CSRF to Stored XSS vulnerability |
| CVE-2024-51688 | WordPress FraudLabs Pro SMS Verification plugin <= 1.10.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-5185 | Data Poisoning in EmbedAI |
| CVE-2024-52002 | Cross-Site Request Forgery (CSRF) in several iTop pages |
| CVE-2024-52388 | WordPress Hebrew Date plugin <= 2.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-52392 | WordPress W3SPEEDSTER plugin <= 7.25 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-52401 | WordPress Hacklog DownloadManager plugin <=2.1.4 - CSRF to Arbitrary File Upload vulnerability |
| CVE-2024-52402 | WordPress Exclusive Content Password Protect plugin <= 1.1.0 - CSRF to Arbitrary File Upload vulnerability |
| CVE-2024-52415 | WordPress SK WP Settings Backup plugin <= 1.0 - CSRF to PHP Object Injection vulnerability |
| CVE-2024-52420 | WordPress Disable Admin Notices individually plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-52421 | WordPress WP Popup Window Maker plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-52424 | WordPress wp-login customizer plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52446 | WordPress Buying Buddy IDX CRM plugin <= 1.1.12 - CSRF to PHP Object Injection vulnerability |
| CVE-2024-52451 | WordPress Post Ideas plugin <= 2 - CSRF to SQL Injection vulnerability |
| CVE-2024-52477 | WordPress Document & Data Automation plugin <= 1.6.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-52479 | WordPress Jobify plugin <= 4.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-5280 | WP Affiliate Platform < 6.5.1 - POST Reflected XSS |
| CVE-2024-5284 | WP Affiliate Platform < 6.5.1 - Stored XSS via CSRF |
| CVE-2024-5285 | WP Affiliate Platform < 6.5.2 - Affiliate Deletion via CSRF |
| CVE-2024-5287 | WP Affiliate Platform < 6.5.1 - Profile Update via CSRF |
| CVE-2024-53789 | WordPress Advanced What should we write next about plugin <=1.0.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53793 | WordPress eDoc Easy Tables plugin <= 1.29 - CSRF to SQL Injection vulnerability |
| CVE-2024-53809 | WordPress Namaste! LMS plugin <= 2.6.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-53829 | Cross-Site Request Forgery in CodeChecker API |
| CVE-2024-54139 | Combodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameter |
| CVE-2024-54172 | IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site request forgery |
| CVE-2024-54205 | WordPress Paloma Widget plugin <= 1.14 - CSRF to Stored XSS vulnerability |
| CVE-2024-54226 | WordPress Country Blocker plugin <= 3.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-54248 | WordPress Eewee Admin Custom plugin <= 1.8.2.4 - CSRF to Privilege Escalation vulnerability |
| CVE-2024-5428 | SourceCodester Simple Online Bidding System HTTP POST Request save_product cross-site request forgery |
| CVE-2024-54300 | WordPress AutoWP plugin <= 2.0.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54306 | WordPress AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot plugin <= 1.6.2 - Cross Site Request Forgery (CSRF) v... |
| CVE-2024-54307 | WordPress AIcomments plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54321 | WordPress Hive Support plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54331 | WordPress I Plant A Tree plugin <= 1.7.3 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54332 | WordPress WP Currency Exchange Rates plugin <= 1.2.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54337 | WordPress DX Dark Site plugin <= 1.0.1 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54351 | WordPress Fancy Roller Scroller plugin <= 1.4.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54352 | WordPress Sogrid plugin <= 1.5.2 - CSRF to Privilege Escalation vulnerability |
| CVE-2024-54353 | WordPress Hack-Info plugin <= 3.17 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54355 | WordPress WP Mailster plugin <= 1.8.17.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54356 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5 - Cross Site Request Forgery (CSRF) vulne... |
| CVE-2024-54357 | WordPress Avada theme <= 7.11.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54368 | WordPress GitSync plugin <= 1.1.0 - CSRF to Remote Code Execution vulnerability |
| CVE-2024-54372 | WordPress Insertify plugin <= 1.1.4 - CSRF to Remote Code Execution vulnerability |
| CVE-2024-54386 | WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability |
| CVE-2024-54388 | WordPress Multiple Admin Emails plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54389 | WordPress addWeather plugin <= 2.5.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54391 | WordPress WordPress Filter plugin <= 1.4.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54392 | WordPress WP微信机器人 plugin <= 5.3.5 - CSRF to Stored XSS vulnerability |
| CVE-2024-54393 | WordPress WP Fiddle plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54394 | WordPress Mandrill WP plugin <= 1.0.5 - CSRF to Stored XSS vulnerability |
| CVE-2024-54396 | WordPress Bet sport Free plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54397 | WordPress Go Animate plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54398 | WordPress Flaming Forms plugin <= 1.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54399 | WordPress CRUDLab Google Plus Button plugin <= 1.0.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-54400 | WordPress AppMaps plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54401 | WordPress Advanced Fancybox plugin <= 1.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54404 | WordPress MDC Comment Toolbar plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54405 | WordPress ECT Social Share plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2024-54407 | WordPress CK and SyntaxHighlighter plugin <= 3.4.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-54408 | WordPress Youtube Video Grid plugin <= 1.9 - CSRF to Settings Change vulnerability |
| CVE-2024-54409 | WordPress XPD Reduce Image Filesize plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54410 | WordPress SOPA Blackout plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-54411 | WordPress WP Controller plugin <= 3.2.0 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54412 | WordPress ECT Product Carousel plugin <= 1.9 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54413 | WordPress Display Future Posts plugin <= 0.2.3 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54414 | WordPress Geoportail Shortcode plugin <= 2.4.4 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54415 | WordPress WP-HideThat plugin <= 1.2 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54416 | WordPress Wp Login with Ajax plugin <= 0.6 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54418 | WordPress DTC Documents plugin <= 1.1.05 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54419 | WordPress Ui Slider Filter By Price plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54420 | WordPress Metrika plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-54421 | WordPress Floating Video Player plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54423 | WordPress Social Media Sharing plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-49685 | WordPress Custom Twitter Feeds plugin <= 2.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-4969 | Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF |
| CVE-2024-49779 | IBM OpenPages cross-site request forgery |
| CVE-2024-49794 | IBM ApplinX Cross-Site Request Forgery |
| CVE-2024-49795 | IBM ApplinX Cross-Site Request Forgery |
| CVE-2024-4994 | Cross-Site Request Forgery (CSRF) in GitLab |
| CVE-2024-53707 | WordPress Ahmeti Wp Güzel Sözler plugin <= 4.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-53710 | WordPress ITERAS plugin <= 1.7.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-53711 | WordPress Hotlink2Watermark plugin <= 0.3.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-53712 | WordPress Kevin's plugin <= 2.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-53713 | WordPress Silverlight Video Player plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-53714 | WordPress Continue Shopping From Cart plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2024-53715 | WordPress Simple Travel Map plugin <= 0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53716 | WordPress wp auto top plugin <= 2.9.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53717 | WordPress yPHPlista plugin <= 1.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53718 | WordPress Multi Feed Reader plugin <= 2.2.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53719 | WordPress Zajax – Ajax Navigation plugin <= 0.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53720 | WordPress WP-ISPConfig 3 plugin <= 1.5.6 - CSRF to Stored XSS vulnerability |
| CVE-2024-53722 | WordPress Favicon My Blog plugin <= 1.0.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53723 | WordPress Google Plus Share and +1 Button plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53724 | WordPress IceStats plugin <= 1.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53725 | WordPress Post Hits Counter plugin <= 2.8.23 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53726 | WordPress RealtyCandy IDX Broker Extended plugin <= 1.5.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53727 | WordPress LinkLaunder SEO plugin <= 0.92.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53728 | WordPress Protect Your Content plugin <= 1.0.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53729 | WordPress Blizzard Quotes plugin <= 1.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53730 | WordPress April's Call Posts plugin <= 2.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-53732 | WordPress Footer Flyout Widget plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-53734 | WordPress Idealien Category Enhancements plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-53736 | WordPress Custom Shortcode Sidebars plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-53750 | WordPress PayPal Responder plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-53751 | WordPress Build App Online plugin <= 1.0.22 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-53753 | WordPress CultBooking Hotel Booking Engine plugin <= 2.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-53754 | WordPress Out Of Stock Badge plugin <= 1.3.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-53755 | WordPress Third Party Cookie Eraser plugin <= 1.0.2 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53761 | WordPress WP Revisions Manager plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-53762 | WordPress FastBook plugin <= 1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53765 | WordPress Mins To Read plugin <= 1.2.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-53769 | WordPress Custom Post Type to Map Store plugin <= 1.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-53770 | WordPress RingCentral Communications plugin <= 1.6.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-53775 | WordPress DancePress (TRWA) plugin <= 3.1.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-53776 | WordPress Donate Me plugin <= 1.2.5 - CSRF to Stored XSS vulnerability |
| CVE-2024-53777 | WordPress Simple Header and Footer plugin <= 1.0.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53778 | WordPress Essential Breadcrumbs plugin <= 1.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53779 | WordPress Yahoo! WebPlayer plugin <= 2.0.6 - CSRF to Stored XSS vulnerability |
| CVE-2024-53780 | WordPress Load More Posts plugin <= 1.4.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-53781 | WordPress SpatialMatch IDX plugin <= 3.0.9 - CSRF to Stored XSS vulnerability |
| CVE-2024-53782 | WordPress Photo Video Store plugin <= 21.07 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2024-55076 | Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password. |
| CVE-2024-55893 | TYPO3 Cross-Site Request Forgery in Log Module |
| CVE-2024-55894 | TYPO3 Cross-Site Request Forgery in Backend User Module |
| CVE-2024-55920 | Cross-Site Request Forgery in Dashboard Module in TYPO3 |
| CVE-2024-55921 | Cross-Site Request Forgery in Extension Manager Module in TYPO3 |
| CVE-2024-55922 | Cross-Site Request Forgery in Form Framework Module in TYPO3 |
| CVE-2024-55923 | Cross-Site Request Forgery in Indexed Search Module in TYPO3 |
| CVE-2024-55924 | Cross-Site Request Forgery in Scheduler Module in TYPO3 |
| CVE-2024-55945 | Cross-Site Request Forgery in DB Check Module in TYPO3 |
| CVE-2024-56005 | WordPress Posti Shipping Plugin <= 3.10.3 - CSRF to Settings Change vulnerability |
| CVE-2024-56012 | WordPress Post Title (TypeWriter) and Flash News / Post (Responsive) plugins <= 4.1 - CSRF to Privilege Escalation vulnerabil... |
| CVE-2024-56015 | WordPress Tidy Up Plugin <= 1.3 - CSRF to Reflected Cross-Site Scripting vulnerability |
| CVE-2024-56017 | WordPress Stop Registration Spam Plugin <= 1.23 - CSRF to Stored XSS vulnerability |
| CVE-2024-56140 | Bypass of CSRF Middleware in Astro |
| CVE-2024-5616 | CSRF Vulnerability in mudler/LocalAI |
| CVE-2024-56203 | WordPress Wayne Audio Player plugin <= 1.0 - CSRF to Privilege Escalation vulnerability |
| CVE-2024-56204 | WordPress Sinking Dropdowns plugin <= 1.25 - CSRF to Privilege Escalation vulnerability |
| CVE-2024-56206 | WordPress gap-hub-user-role. plugin <= 3.4.1 - CSRF to Broken Authentication vulnerability |
| CVE-2024-56207 | WordPress EditionGuard for WooCommerce – eBook Sales with DRM plugin <= 3.4.2 - CSRF to Privilege Escalation vulnerability |
| CVE-2024-56218 | WordPress Contact Form 7 - Dynamic Text Extension plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-56222 | WordPress CodeBard Help Desk plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-56229 | WordPress SearchIQ plugin <= 4.6 - Cross-Site Requst Forgery (CSRF) vulnerability |
| CVE-2024-56232 | WordPress WP Nice Loader plugin <= 0.1.0.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-56251 | WordPress Event Espresso plugin <= 5.0.28.decaf - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-56474 | IBM TXSeries for Multiplatforms cross-site request forgery |
| CVE-2024-5676 | Paradox IP150 Internet Module Cross-Site Request Forgery |
| CVE-2024-5712 | CSRF Vulnerability in stitionai/devika |
| CVE-2024-5767 | Sitetweet <= 0.2 - Stored XSS via CSRF |
| CVE-2024-5786 | Cross-Site Request Forgery vulnerability in Comtrend router |
| CVE-2024-5804 | Conditional Fields for Contact Form 7 <= 2.4.13 - Cross-Site Request Forgery to Plugin Setting Reset |
| CVE-2024-5808 | WP Ajax Contact Form <= 2.2.2 - Arbitrary Email Deletion via CSRF |
| CVE-2024-5815 | Cross Site Request Forgery was identified in GitHub Enterprise Server that allowed write in a user owned repository |
| CVE-2024-5935 | CSRF Vulnerability in imartinez/privategpt |
| CVE-2024-6017 | Music Request Manager <= 1.3 - Stored XSS via CSRF |
| CVE-2024-6022 | ContentLock <= 1.0.3 - Settings Update via CSRF |
| CVE-2024-6023 | ContentLock <= 1.0.3 - Email Adding via CSRF |
| CVE-2024-6024 | ContentLock <= 1.0.3 - Groups/Emails Deletion via CSRF |
| CVE-2024-6040 | Missing client_id in parisneo/lollms-webui |
| CVE-2024-6075 | WP eStore < 8.5.5 - Coupon Deletion via CSRF |
| CVE-2024-6136 | WP eStore < 8.5.6 - Settings Reset via CSRF |
| CVE-2024-6224 | Send email only on Reply to My Comment <= 1.0.6 - Stored XSS via CSRF |
| CVE-2024-6230 | Pardakht Delkhah <= 2.9.8 - Form Fields Reset via CSRF |
| CVE-2024-6244 | pz-frontend-manager < 1.0.6 - CSRF change user profile picture |
| CVE-2024-6271 | Community Events < 1.5 - Event Deletion via CSRF |
| CVE-2024-6412 | HTML Forms – Simple WordPress Forms Plugin < 1.3.34 - Bulk Delete via CSRF |
| CVE-2024-6490 | Master Slider – Responsive Touch Slider <= 3.9.10 - CSRF to slider deletion |
| CVE-2024-6496 | Light Poll <= 1.0.0 - Polls Deletion via CSRF |
| CVE-2024-6628 | EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Cross-Site Request Forgery |
| CVE-2024-6649 | SourceCodester Employee and Visitor Gate Pass Logging System Users.php save_users cross-site request forgery |
| CVE-2024-6662 | CSRF in MegaBIP |
| CVE-2024-6673 | CSRF Vulnerability in parisneo/lollms-webui |
| CVE-2024-6712 | MapFig Studio <= 0.2.1 - Stored XSS via CSRF |
| CVE-2024-6719 | Offload Videos – Bunny.net, AWS S3 <= 1.0.1 Subscriber+ CSRF |
| CVE-2024-6720 | Light Poll <= 1.0.0 - Poll Answers Deletion via CSRF |
| CVE-2024-6751 | Social Auto Poster <= 5.3.14 - Cross-Site Request Forgery via Multiple Functions |
| CVE-2024-6841 | CSRF in vanna-ai/vanna |
| CVE-2024-6852 | WP MultiTasking <= 0.1.12 - Settings Update via CSRF |
| CVE-2024-6853 | WP MultiTasking <= 0.1.12 - Welcome Popup Update via CSRF |
| CVE-2024-6855 | WP MultiTasking <= 0.1.12 - Exit Popup Update via CSRF |
| CVE-2024-6856 | WP MultiTasking <= 0.1.12 - SMTP Settings Update via CSRF |
| CVE-2024-6857 | WP MultiTasking <= 0.1.12 - Header/Footer/Body Script Update via CSRF |
| CVE-2024-6859 | WP MultiTasking <= 0.1.12 - Reflected XSS via Shortcode |
| CVE-2024-6860 | WP MultiTasking <= 0.1.12 - Permalink Suffix Update via CSRF |
| CVE-2024-54425 | WordPress LionScripts: Site Maintenance plugin <= 2.1 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54426 | WordPress LeaderBoard Plugin plugin <= 1.2.4 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54427 | WordPress Category of Posts plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54428 | WordPress Add image to Post plugin <= 0.6 - CSRF to Stored XSS vulnerability |
| CVE-2024-54429 | WordPress Aphorismus plugin <= 1.2.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54430 | WordPress EELV Newsletter plugin <= 4.8.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54431 | WordPress Admin Customization plugin <= 2.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-54432 | WordPress WP Flipkart Importer plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-54433 | WordPress Simple Booking – Widget plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54434 | WordPress phZoom plugin <= 1.2.92 - CSRF to Stored XSS vulnerability |
| CVE-2024-54435 | WordPress Onlywire Multi Autosubmitter plugin <= 1.2.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-54436 | WordPress Jet Footer Code plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-54438 | WordPress Gaxx Keywords plugin <= 0.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-30518 | WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-6862 | Cross-Site Request Forgery (CSRF) in lunary-ai/lunary |
| CVE-2024-6925 | TrueBooker < 1.0.3 - Settings Update via CSRF |
| CVE-2024-6959 | Denial of Service (DOS) in multipart boundary while uploading file in parisneo/lollms-webui |
| CVE-2024-7035 | Cross-Site Request Forgery (CSRF) in open-webui/open-webui |
| CVE-2024-7065 | Spina CMS cross-site request forgery |
| CVE-2024-7106 | Spina CMS media_folders cross-site request forgery |
| CVE-2024-7141 | CSRF in Gliffy |
| CVE-2024-7161 | SeaCMS Password Change cross-site request forgery |
| CVE-2024-7169 | SourceCodester School Fees Payment System ajax.php cross-site request forgery |
| CVE-2024-7226 | SourceCodester Medicine Tracker System Password Change cross-site request forgery |
| CVE-2024-7313 | Shield Security < 20.0.6 - Reflected XSS |
| CVE-2024-7360 | SourceCodester Tracking Monitoring Management System ajax.php cross-site request forgery |
| CVE-2024-7367 | SourceCodester Simple Realtime Quiz System ajax.php cross-site request forgery |
| CVE-2024-7386 | Premium Packages – Sell Digital Products Securely <= 5.9.1 - Cross-Site Request Forgery |
| CVE-2024-7420 | Insert PHP Code Snippet <= 1.3.6 - Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion |
| CVE-2024-7422 | Theme My Login <= 7.1.7 - Cross-Site Request Forgery to Settings Update |
| CVE-2024-7423 | Stream <= 4.0.1 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-7459 | OSWAPP Warehouse Inventory System edit_account.php cross-site request forgery |
| CVE-2024-7460 | OSWAPP Warehouse Inventory System change_password.php cross-site request forgery |
| CVE-2024-7492 | MainWP Child Reports <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-7501 | Download Plugins and Themes from Dashboard <= 1.8.7 - Cross-Site Request Forgery |
| CVE-2024-7568 | Favicon Generator <= 1.5 - Cross-Site Request Forgery to Arbitrary File Deletion |
| CVE-2024-7574 | Christmasify! <= 1.5.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-7645 | SourceCodester Clinics Patient Management System User Page users.php cross-site request forgery |
| CVE-2024-7647 | OTA Sync Booking Engine Widget 1.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-7661 | SourceCodester Car Driving School Management System index.php save_users cross-site request forgery |
| CVE-2024-7662 | SourceCodester Car Driving School Management System manag_package.php save_package cross-site request forgery |
| CVE-2024-7687 | AZIndex <= 0.8.1 - Stored XSS via CSRF |
| CVE-2024-7688 | AZIndex <= 0.8.1 - Index Deletion via CSRF |
| CVE-2024-7689 | Snapshot Backup <= 2.1.1 - Stored XSS via CSRF |
| CVE-2024-7690 | DN Popup <= 1.2.2 - Settings Update via CSRF |
| CVE-2024-7760 | CSRF in aimhubio/aim |
| CVE-2024-30521 | WordPress Landingi Landing Pages plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30526 | WordPress Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin <= 6.5.6 - Cross Site Request Forgery (CSRF)... |
| CVE-2024-30536 | WordPress Slugs Manager plugin <= 2.6.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30541 | WordPress LWS Optimize plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30545 | WordPress Social Author Bio plugin <= 2.4 - Stored XSS via Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30546 | WordPress Login With Ajax plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-7806 | Remote Code Execution by Non-Admin Users via CSRF in open-webui/open-webui |
| CVE-2024-7816 | Gixaw Chat <= 1.0 - Stored XSS via CSRF |
| CVE-2024-7817 | Misiek Photo Album <= 1.4.3 - Album Deletion via CSRF |
| CVE-2024-7818 | Misiek Photo Album <= 1.4.3 - Stored XSS via CSRF |
| CVE-2024-7820 | ILC Thickbox <= 1.0 - Settings update via CSRF |
| CVE-2024-7822 | Quick Code <= 1.0 - Stored XSS via CSRF |
| CVE-2024-7850 | BP Profile Search <= 5.7.5 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-7859 | Visual Sound <= 1.03 - Settings Update via CSRF |
| CVE-2024-7860 | Simple Headline Rotator <= 1.0 - Stored XSS via CSRF |
| CVE-2024-7861 | Misiek Paypal <= 1.1.20090324 - Stored XSS via CSRF |
| CVE-2024-7862 | Blog Introduction <= 0.3.0 - Settings Update via CSRF |
| CVE-2024-7863 | Favicon Generator < 2.1 - Arbitrary File Upload via CSRF |
| CVE-2024-7864 | Favicon Generator < 2.1 - Arbitrary File Deletion via CSRF |
| CVE-2024-7892 | adstxt Plugin <= 1.0.0 - Settings Update via CSRF |
| CVE-2024-7984 | Joy Of Text Lite – SMS messaging for WordPress <= 2.3.1 - Settings Update via CSRF |
| CVE-2024-8026 | CSRF due to overly permissive CORS headers in netease-youdao/qanything |
| CVE-2024-8032 | Smooth Gallery Replacement <= 1.0 - CSRF to Stored XSS |
| CVE-2024-30560 | WordPress DX-Watermark plugin <= 1.0.4 - CSRF to Arbitrary File Upload and XSS vulnerability |
| CVE-2024-3058 | ENL Newsletter <= 1.0.1 - Stored XSS via CSRF |
| CVE-2024-3059 | ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF |
| CVE-2024-3076 | MM-email2image <= 0.2.5 - Stored XSS via CSRF |
| CVE-2024-3083 | A “CWE-352: Cross-Site Request Forgery (CSRF)” can be exploited by remote attackers to perform state-changing operations with... |
| CVE-2024-8043 | Vikinghammer Tweet <= 0.2.4 - Stored XSS via CSRF |
| CVE-2024-8044 | infolinks Ad Wrap <= 1.0.2 - Settings Update via CSRF |
| CVE-2024-8047 | Visual Sound (old) <= 1.06 - Settings Update via CSRF |
| CVE-2024-8050 | Custom Author Base <= 1.1.1 - Settings Update via CSRF |
| CVE-2024-8051 | Special Feed Items <= 1.0.1 - Stored XSS via CSRF |
| CVE-2024-8052 | Review Ratings <= 1.6 - Stored XSS via CSRF |
| CVE-2024-8054 | MM-Breaking News <= 0.7.9 - Stored XSS via CSRF |
| CVE-2024-8065 | CSRF in danswer-ai/danswer |
| CVE-2024-8082 | Widgets Reset <= 0.1 - Settings Update via CSRF |
| CVE-2024-8085 | PeoplePond <= 1.1.9 - CSRF to Stored XSS |
| CVE-2024-8090 | JavaScript Logic <= 0.1 - CSRF to Stored XSS |
| CVE-2024-8091 | Enhanced Search Box <= 0.6.1 - Settings Update via CSRF |
| CVE-2024-8092 | Accordion Image Menu <= 3.1.3 - Stored XSS via CSRF |
| CVE-2024-8093 | Posts reminder <= 0.20 - Settings Update via CSRF |
| CVE-2024-8094 | Ntz Antispam <= 2.0e - Settings Update via CSRF |
| CVE-2024-8095 | BabelZ – Google Translate Widget <= 1.1.5 - CSRF to Stored XSS |
| CVE-2024-8120 | ImageRecycle pdf & image compression <= 3.1.14 - Cross-Site Request in Several AJAX Actions |
| CVE-2024-3089 | PHPGurukul Emergency Ambulance Hiring Portal Manage Ambulance Page manage-ambulance.php cross-site request forgery |
| CVE-2024-8157 | Alphabetical List <= 1.0.3 - Settings Update via CSRF |
| CVE-2024-8200 | Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Cross-Site R... |
| CVE-2024-8243 | Plugin Upgrade Time Out <= 1.0 - Stored XSS via CSRF |
| CVE-2024-8245 | GamiPress - Reset User <= 1.0.0 - GamiPress User Data Removal via CSRF |
| CVE-2024-8286 | GDPR Cookie Consent <= 2.6.0 - Bulk Delete via CSRF |
| CVE-2024-8319 | Tourfic <= 2.11.20 - Cross-Site Request Forgery in Multiple Functions |
| CVE-2024-8398 | Simple Nav Archives <= 2.1.3 - Settings Update via CSRF |
| CVE-2024-8414 | SourceCodester Insurance Management System cross-site request forgery |
| CVE-2024-8458 | PLANET Technology switch devices - Cross-site Request Forgery |
| CVE-2024-8476 | Easy PayPal Events <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion |
| CVE-2024-8477 | Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) <= 3.1.87 - Cross-Site Request Forgery |
| CVE-2024-8489 | CSRF due to overly permissive CORS headers in modelscope/agentscope |
| CVE-2024-8490 | PropertyHive <= 2.0.19 - Cross-Site Request Forgery via save_account_details |
| CVE-2024-8507 | File Manager Pro <= 8.3.9 - Cross-Site Request Forgery to Arbitrary File Upload |
| CVE-2024-8520 | Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change |
| CVE-2024-31086 | WordPress Change default login logo,url and title plugin <= 2.0 - CSRF to XSS vulnerability |
| CVE-2024-31093 | WordPress Broken Images plugin <= 0.2 - CSRF to XSS vulnerability |
| CVE-2024-31096 | WordPress Nictitate theme <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31100 | WordPress Popup Cart Lite for WooCommerce plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31105 | WordPress Tax Rate Upload plugin <= 2.4.5 - CSRF leading to Cross Site Scripting (XSS) vulnerability |
| CVE-2024-9233 | GS Logo Slider < 3.7.1 - Settings Update via Cross-Site Request Forgery |
| CVE-2024-9281 | bg5sbk MiniCMS post-edit.php cross-site request forgery |
| CVE-2024-9282 | bg5sbk MiniCMS page-edit.php cross-site request forgery |
| CVE-2024-9311 | Cross-Site Request Forgery to XSS in haotian-liu/llava |
| CVE-2024-9351 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Quiz Crea... |
| CVE-2024-9352 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Custom Fo... |
| CVE-2024-9365 | Cross-Site Request Forgery (CSRF) in polyaxon/polyaxon |
| CVE-2025-0393 | Royal Elementor Addons and Templates <= 1.7.1006 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-0865 | WP Media Category Management 2.0 - 2.3.3 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-0990 | I Am Gloria <= 1.1.4 - Cross-Site Request Forgery |
| CVE-2024-8736 | Denial of Service (DoS) via Multipart Boundary in parisneo/lollms-webui |
| CVE-2024-8795 | BA Book Everything <= 1.6.20 - Cross-Site Request Forgery to Email Address Update/Account Takeover |
| CVE-2024-8980 | The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through upd... |
| CVE-2024-9434 | WPGlobus Translate Options <= 2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-9450 | Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking < 1.3.15 - Subscriber+ PayPal Settings Update |
| CVE-2024-9649 | WP ULike <= 4.7.4 - Cross-Site Request Forgery to Statistic Deletion |
| CVE-2024-9661 | WP All Import Pro <= 4.9.7 - Cross-Site Request Forgery to Imported Content Deletion |
| CVE-2024-9665 | Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability |
| CVE-2024-9689 | Post From Frontend <= 1.0.0 - Post Deletion via CSRF |
| CVE-2024-9709 | EKC Tournament Manager < 2.2.2 - Create Tournaments/Teams via CSRF |
| CVE-2024-9711 | EKC Tournament Manager < 2.2.2 - Delete Tournaments via CSRF |
| CVE-2025-0669 | BOINC Server Cross-Site Request Forgery |
| CVE-2025-0687 | Spiritual Gifts Survey <= 0.9.10 - Unauthenticated CSRF to XSS |
| CVE-2025-0688 | Spiritual Gifts Survey <= 0.9.10 - Unauthenticated CSRF to XSS |
| CVE-2024-5167 | CM Email Registration Blacklist and Whitelist < 1.4.9 - Add/Delete Emails via CSRF Add and delete any item from blacklist/whi... |
| CVE-2024-9588 | Category and Taxonomy Meta Fields <= 1.0.0 - Cross-Site Request Forgery to Taxonomy Meta Add/Delete |
| CVE-2024-9592 | Easy PayPal Gift Certificate <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wpppgc_plugin_options |
| CVE-2024-9598 | AMP for WP – Accelerated Mobile Pages <= 1.0.99.1 - Cross-Site Request Forgery to Privilege Escalation |
| CVE-2024-9778 | ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update |
| CVE-2024-9847 | Cross-Site Request Forgery (CSRF) in flatpressblog/flatpress |
| CVE-2024-9943 | MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Cross-Site Request Forgery to Vendor Upda... |
| CVE-2024-9990 | Crypto <= 2.15 - Cross-Site Request Forgery to Authentication Bypass |
| CVE-2025-0522 | LikeBot – Decentralized like-system <= 0.85 - Admin+ Stored XSS via CSRF |
| CVE-2025-0610 | CSRF in Akinsoft's QR Menu |
| CVE-2025-0748 | Homey <= 2.4.3 - Cross-Site Request Forgery to User Verification |
| CVE-2025-0796 | Mortgage Lead Capture System <= 8.2.10 - Cross-Site Request Forgery to Settings Reset |
| CVE-2025-0801 | RateMyAgent Official <= 1.4.0 - Cross-Site Request Forgery to API Key Update |
| CVE-2025-0807 | CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-0808 | Houzez Property Feed <= 2.4.21 - Cross-Site Request Forgery to Property Feed Export Deletion |
| CVE-2025-11976 | FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.2... |
| CVE-2025-0810 | Read More & Accordion <= 3.4.5 - Cross-Site Request Forgery to Local File Inclusion |
| CVE-2025-10188 | The Hack Repair Guy's Plugin Archiver <= 2.0.4 - Cross-Site Request Forgery to Arbitrary Directory Deletion in /wp-content |
| CVE-2025-10498 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Limited File Deletion |
| CVE-2025-10499 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update |
| CVE-2025-10588 | PixelYourSite <= 11.1.2 – Cross-Site Request Forgery to GDPR Options Modification |
| CVE-2025-10691 | Easy Email Subscription <= 1.3 - Cross-Site Request Forgery to Arbitrary Subscriber Deletion |
| CVE-2025-10700 | Ally - Web Accessibility & Usability <= 3.8.0 - Cross-Site Request Forgery to Plugin Settings Update |
| CVE-2025-1074 | Webkul QloApps URL mylogout cross-site request forgery |
| CVE-2025-10752 | OAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 - Cross-Site Request Forgery |
| CVE-2025-10930 | Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110 |
| CVE-2025-11029 | givanz Vvveb cross-site request forgery |
| CVE-2025-11154 | IDonate < 2.1.13 - Unauthenticated User Deletion |
| CVE-2025-11166 | WP Go Maps (formerly WP Google Maps) <= 9.0.46 - Cross-Site Request Forgery to Plugin Settings Update |
| CVE-2025-10300 | TopBar <= 1.0.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-10301 | FunKItools <= 1.0.2 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-10302 | Ultimate Viral Quiz <= 1.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-10309 | PayPal Forms <= 1.0.3 - Cross-Site Request Forgery |
| CVE-2025-10311 | Comment Info Detector <= 1.0.5 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-10312 | Theme Importer <= 1.0 - Cross-Site Request Forgery |
| CVE-2025-10317 | Multiple Cross-Site Request Forgery in Quick.Cart |
| CVE-2025-10375 | Web Accessibility By accessiBe <= 2.10 - Cross-Site Request Forgery |
| CVE-2025-10376 | Course Redirects for Learndash Plugin <= 0.4 - Cross-Site Request Forgery |
| CVE-2025-10377 | System Dashboard <= 2.8.20 - Cross-Site Request Forgery |
| CVE-2025-1084 | Mindskip xzs-mysql 学之思开源考试系统 cross-site request forgery |
| CVE-2025-11051 | SourceCodester Pet Grooming Management Software cross-site request forgery |
| CVE-2025-12070 | ViaAds <= 2.1.1 - Cross-Site Request Forgery to API Key Update |
| CVE-2025-12028 | IndieAuth <= 4.5.4 - Cross-Site Request Forgery to Account Takeover via Stolen OAuth Tokens |
| CVE-2025-11442 | JhumanJ OpnForm API Endpoint cross-site request forgery |
| CVE-2025-11886 | CTL Arcade Lite <= 1.0 - Cross-Site Request Forgery to Plugin Activation and Deactivation |
| CVE-2025-12400 | LMB^Box Smileys <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12401 | Label Plugins <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12402 | LinkedIn Resume <= 2.00 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12403 | Associados Amazon Plugin <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12410 | SH Contextual Help <= 3.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12412 | Top Bar Notification <= 1.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12413 | Social Media WPCF7 Stop Words <= 1.1.3 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-12415 | MapMap <= 1.1 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting |
| CVE-2025-12416 | Pagerank Tools <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12452 | Visit Counter 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12456 | Centangle Team Showcase <= 1.0.0 - Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripti... |
| CVE-2025-12479 | Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation |
| CVE-2025-12072 | Disable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration Update |
| CVE-2025-12095 | Simple Registration for WooCommerce <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request Approval |
| CVE-2025-12132 | WP Custom Admin Login Page Logo <= 1.4.8.4 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-12188 | Posts Navigation Links for Sections and Headings - Free by WP Masters <= 1.0.1 - Cross-Site Request Forgery to Settings Updat... |
| CVE-2025-12202 | ajayrandhawa User-Management-PHP-MYSQL web cross-site request forgery |
| CVE-2025-12588 | USB Qr Code Scanner For Woocommerce <= 1.0.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-12589 | WP-Walla <= 0.5.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12590 | YSlider <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-1288 | wooexim <= 5.0.0 - CSRF to Reflected XSS |
| CVE-2025-12901 | Asgaros Forum <= 3.2.1 - Cross-Site Request Forgery to Subscription Settings Update |
| CVE-2025-1305 | NewsBlogger <= 0.2.5.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation |
| CVE-2025-1306 | Newscrunch <= 1.8.4 - Cross-Site Request Forgery to Arbitrary File Upload |
| CVE-2025-1358 | Pix Software Vivaz cross-site request forgery |
| CVE-2025-1362 | easy-broken-link-checker <= 9.0.2 - Bulk Actions via CSRF |
| CVE-2025-12069 | WP Global Screen Options <= 0.2 - Cross-Site Request Forgery to Screen Options Update |
| CVE-2025-13119 | Fabian Ros/SourceCodester Simple E-Banking System cross-site request forgery |
| CVE-2025-1314 | Custom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function |
| CVE-2025-13177 | Bdtask/CodeCanyon SalesERP cross-site request forgery |
| CVE-2025-13179 | Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System cross-site request forgery |
| CVE-2025-1320 | teachPress <= 9.0.9 - Cross-Site Request Forgery to Import Delete |
| CVE-2025-13282 | Chunghwa Telecom|TenderDocTransfer - Arbitrary File Delete |
| CVE-2025-13283 | Chunghwa Telecom|TenderDocTransfer - Arbitrary File Copy and Paste |
| CVE-2025-1557 | OFCMS cross-site request forgery |
| CVE-2025-1643 | Benner ModernaNet SG_AlterarSenha cross-site request forgery |
| CVE-2025-1644 | Benner ModernaNet SG_Gravar cross-site request forgery |
| CVE-2025-1687 | Cardealer <= 1.6.4 - Cross-Site Request Forgery to User Update via update_user_profile |
| CVE-2025-1745 | LinZhaoguan pb-cms Logout cross-site request forgery |
| CVE-2025-1762 | Event Tickets with Ticket Scanner < 2.5.4 - Arbitrary Tickets Deletion via CSRF |
| CVE-2025-1764 | LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2025-1382 | Contact Us By Lord Linus <= 2.6 - Admin+ Stored XSS via CSRF |
| CVE-2025-1383 | Podlove Podcast Publisher <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete Function |
| CVE-2025-1435 | bbPress <= 2.6.11 - Cross-Site Request Forgery to Limited Privilege Escalation |
| CVE-2025-1436 | Limit Bio <= 1.0 - Stored XSS via CSRF |
| CVE-2025-1441 | Royal Elementor Addons and Templates <= 1.7.1007 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2025-1463 | Spreadsheet Integration <= 3.8.2 - Cross-Site Request Forgery to Arbitrary Post Publish |
| CVE-2025-1473 | CSRF in mlflow/mlflow |
| CVE-2025-1506 | Wp Social Login and Register Social Counter <= 3.1.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-1530 | Tripetto <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion |
| CVE-2025-1813 | zj1983 zz cross-site request forgery |
| CVE-2025-1891 | shishuocms cross-site request forgery |
| CVE-2025-1926 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modific... |
| CVE-2025-20321 | Membership State Change in Splunk Search Head Cluster through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise |
| CVE-2025-20322 | Denial of Service (DoS) in Search Head Cluster through Cross-Site Request Forgery (CSRF) in Splunk Enterprise |
| CVE-2025-22538 | WordPress Virtual Bot Plugin <= 1.0.0 - CSRF Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22552 | WordPress Affiliate Disclosure Statement plugin <= 0.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-22555 | WordPress Smoothness Slider Shortcode plugin <= v1.2.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-22556 | WordPress Norse Rune Oracle plugin <= 1.4.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-22557 | WordPress News Publisher Autopilot plugin <= 2.1.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-54439 | WordPress Amazon Product Price plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54440 | WordPress WP-Ban-User plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-2168 | Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table,... |
| CVE-2025-2247 | WP-PManager <= 1.2 - Category Deletion via CSRF |
| CVE-2025-2248 | WP-PManager <= 1.2 - Admin+ SQL Injection |
| CVE-2025-22503 | WordPress Admin debug wordpress – enable debug Plugin <= 1.0.13 - Cross Site Request Forgery vulnerability |
| CVE-2025-22520 | WordPress Tock Widget Plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-22634 | WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22637 | WordPress Print PDF Generator and Publisher Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22658 | WordPress Listings for Appfolio plugin <= 1.2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-22669 | WordPress Awesome Event Booking plugin <= 2.7.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22685 | WordPress Tags to Keywords plugin <= 1.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-22688 | WordPress Unlimited Page Sidebars plugin <= 0.2.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-22690 | WordPress DigiTimber cPanel Integration plugin <= 1.4.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-22703 | WordPress Forge – Front-End Page Builder plugin <= 1.4.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-20326 | Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability |
| CVE-2025-2042 | huang-yk student-manage cross-site request forgery |
| CVE-2025-21193 | Active Directory Federation Server Spoofing Vulnerability |
| CVE-2025-22297 | WordPress AI WP Writer plugin <= 3.8.4.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22300 | WordPress PixelYourSite plugin <= 10.0.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22301 | WordPress MyBookTable Bookstore by Stormhill Media plugin <= 3.5.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22325 | WordPress Autocompleter plugin <= 1.3.5.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-22328 | WordPress Elevio plugin <= 4.4.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-22336 | WordPress Wizhi Multi Filters by Wenprise plugin <= 1.8.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22342 | WordPress WP Simple Sitemap plugin <= 0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-22343 | WordPress wpSOL plugin <= 1.2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-22347 | WordPress BSK Forms Blacklist plugin <= 3.9 - CSRF to SQL Injection vulnerability |
| CVE-2025-22768 | WordPress Rocket Media Library Mime Type plugin <= 2.1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22784 | WordPress Background Control plugin <= 1.0.5 - CSRF to Arbitrary File Deletion vulnerability |
| CVE-2025-22814 | WordPress Zephyr Admin Theme Plugin <= 1.4.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-22963 | Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin. |
| CVE-2025-23044 | Cross-Site Request Forgery (CSRF) allows creating admin account with POST request |
| CVE-2025-23081 | Various security vulnerabilities in Extension:DataTransfer |
| CVE-2025-23113 | An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing... |
| CVE-2025-2319 | EZ SQL Reports Shortcode Widget and DB Backup 4.11.13 - 5.25.08 - Cross-Site Request Forgery to Remote Code Execution |
| CVE-2025-23445 | WordPress Easy Tynt plugin <= 0.2.5.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23446 | WordPress WP SpaceContent plugin <= 0.4.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23455 | WordPress WP VTiger Synchronization plugin <= 1.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23456 | WordPress EmailShroud plugin <= 2.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23463 | WordPress MD Custom content after or before of post plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23467 | WordPress RSS News Scroller plugin <= 2.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23470 | WordPress Visit Site Link enhanced plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-22704 | WordPress Signature plugin <= 0.1 - Cross Site Request Forgery ( CSRF ) vulnerability |
| CVE-2025-22705 | WordPress Disqus Popular Posts plugin <= 2.1.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22731 | WordPress Build Private Store For Woocommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-23411 | mySCADA myPRO Manager Cross-Site Request Forgery |
| CVE-2025-23424 | WordPress Marquee Style RSS News Ticker plugin <= 3.2.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23426 | WordPress go Social plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23430 | WordPress Mass Custom Fields Manager plugin <= 1.5 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23435 | WordPress Password Protect Plugin for WordPress plugin <= 0.8.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23436 | WordPress Wp-Scribd-List plugin <= 1.2 - CSRF to XSS vulnerability |
| CVE-2025-23442 | WordPress Shockingly Big IE6 Warning plugin <= 1.6.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-23557 | WordPress Find Your Reps plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23558 | WordPress Geotagged Media plugin <= 0.3.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23559 | WordPress MemeOne plugin <= 2.0.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-23560 | WordPress Web Testimonials plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23566 | WordPress Custom Post plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23567 | WordPress GDReseller plugin <= 1.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-23569 | WordPress Shortcode in Comment plugin <= 1.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23572 | WordPress UpDownUpDown plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23573 | WordPress WP Background Tile plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23577 | WordPress Word Freshener plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-23617 | WordPress Floatbox Plus plugin <= 1.4.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-23618 | WordPress Twitter Shortcode plugin <= 0.9 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-23627 | WordPress Comment-Emailer plugin <= 1.0.5 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-23639 | WordPress MDC YouTube Downloader plugin <= 3.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23640 | WordPress Rename Author Slug plugin <= 1.2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23649 | WordPress Auphonic Importer plugin <= 1.5.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23654 | WordPress Twitter Post plugin <= 0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23659 | WordPress MercadoLibre Integration plugin <= 1.1 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-23660 | WordPress MFPlugin plugin <= 1.3 - CSRF to Cross-Site Scripting vulnerability |
| CVE-2025-23661 | WordPress NV Slider plugin <= 1.6 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-23662 | WordPress WP Panoramio plugin <= 1.5.0 - CSRF to Cross-Site Scripting vulnerability |
| CVE-2025-23664 | WordPress Real Seguro Viagem plugin <= 2.0.5 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-23665 | WordPress RSV GMaps plugin <= 1.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-23673 | WordPress Email on Publish plugin <= 1.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-23675 | WordPress Import Users to MailChimp plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23677 | WordPress HTTP to HTTPS link changer by Eyga.net plugin <= 0.2.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-23793 | WordPress Auto FTP plugin <= 1.0.1 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-23797 | WordPress WP Options Editor plugin <= 1.1 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-23800 | WordPress OrangeBox plugin <= 3.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23801 | WordPress Style Admin Plugin <= 1.4.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-23803 | WordPress Snippy Plugin <= 1.4.1 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23804 | WordPress WP Service Payment Form With Authorize.net Plugin <= 2.6.0 - CSRF to Reflected Cross Site Scripting (XSS) vulnerabi... |
| CVE-2025-23805 | WordPress SEOReseller Partner plugin <= 1.3.15 - CSRF to Stored XSS vulnerability |
| CVE-2025-23806 | WordPress Ultimate Subscribe Plugin <=1.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23808 | WordPress Custom List Table Example Plugin <=1.4.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23810 | WordPress Len Slider Plugin <= 2.0.11 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23815 | WordPress root Cookie plugin <= 1.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-23817 | WordPress MHR-Custom-Anti-Copy plugin <= 2.0 - CSRF to Stored Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-23818 | WordPress More Link Modifier plugin <= 1.0.3 - CSRF to Cross-Site Scripting vulnerability |
| CVE-2025-23820 | WordPress Content Security Policy Pro plugin <= 1.3.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-23821 | WordPress WP Cookies Alert plugin <= 1.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23822 | WordPress Category Custom Fields plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23471 | WordPress ECT Add to Cart Button plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-23476 | WordPress my-related-posts plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23483 | WordPress Universal Analytics Injector plugin <= 1.0.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-23497 | WordPress Simple Project Manager plugin <= 1.2.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23499 | WordPress Board Election plugin <= 1.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23501 | WordPress Cookie Consent & Autoblock for GDPR/CCPA plugin <= 1.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23502 | WordPress Curated Search plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23508 | WordPress Extra Options – Favicons plugin <= 1.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23510 | WordPress WordPress Logging Service plugin <= 1.5.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23511 | WordPress WP-BlackCheck plugin <= 2.7.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23513 | WordPress Bible Embed plugin <= 0.0.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23530 | WordPress Custom Post Type Lockdown plugin <= 1.11 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-23532 | WordPress MyAnime Widget plugin <= 1.0 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-23533 | WordPress WP Lyrics plugin <= 0.4.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23537 | WordPress add custom google tag manager plugin <= 1.0.3 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-23690 | WordPress Book a Place plugin <= 0.7.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23691 | WordPress Send to Twitter plugin <= 1.7.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23692 | WordPress Slider for Writers plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-23693 | WordPress Secure CAPTCHA plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23694 | WordPress Shabbos and Yom Tov plugin <= 1.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-23698 | WordPress WP Custom Google Search plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23702 | WordPress Anonymize Links plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23703 | WordPress Free MailClient FMC plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23708 | WordPress DF Draggable plugin <= 1.13.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23710 | WordPress Flying Twitter Birds plugin <= 1.8 - CSRF to Stored XSS vulnerability |
| CVE-2025-23712 | WordPress Kapost plugin <= 2.2.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-22559 | WordPress TubePress.NET Plugin <= 4.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-22562 | WordPress Title Experiments Free plugin <= 9.0.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22563 | WordPress Pretty Urls Plugin <= 1.5.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-23823 | WordPress CNZZ&51LA for WordPress plugin <= 1.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23832 | WordPress Admin Cleanup plugin <= 1.0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23842 | WordPress WordPress Gallery Plugin plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-23844 | WordPress Custom Widget Classes plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23848 | WordPress Hotspots Analytics plugin <= 4.0.12 - CSRF to Stored XSS vulnerability |
| CVE-2025-23861 | WordPress Debt Calculator plugin <= 1.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23869 | WordPress CJ Custom Content plugin <= 2.0 - CSRF to Cross-Site Scripting vulnerability |
| CVE-2025-23870 | WordPress Copyright Safeguard Footer Notice plugin <= 3.0 - CSRF to Stored Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-23871 | WordPress LSD Google Maps Embedder plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23872 | WordPress PayForm plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23875 | WordPress Better Protected Pages plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-23880 | WordPress amr personalise plugin <= 2.10 - CSRF to Stored XSS vulnerability |
| CVE-2025-2420 | 猫宁i Morning cross-site request forgery |
| CVE-2025-23713 | WordPress Hack me if you can plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23715 | WordPress Post & Page Notes plugin <= 0.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23717 | WordPress Theme My Ontraport Smartform plugin <= 1.2.11 - CSRF to Stored XSS vulnerability |
| CVE-2025-23720 | WordPress Web Push plugin <= 1.4.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23743 | WordPress Social Analytics plugin <= 0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23745 | WordPress Call me Now plugin <= 1.0.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-23749 | WordPress mybb Last Topics plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23765 | WordPress W3SPEEDSTER plugin <= 7.33 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-23884 | WordPress Annie plugin <= 2.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23895 | WordPress Add RSS plugin <= 1.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-23898 | WordPress Apply with LinkedIn buttons plugin <= 2.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-23900 | WordPress Genki Announcement plugin <= 1.4.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23901 | WordPress GravatarLocalCache plugin <= 1.1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-22571 | WordPress Instabot plugin <= 1.10 - CSRF to Stored XSS vulnerability |
| CVE-2025-22582 | WordPress Uptime Robot plugin <= 0.1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-22589 | WordPress Quote Tweet plugin <= 0.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-22590 | WordPress Prayer Times Anywhere plugin <= 2.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-24772 | WordPress Pay with Contact Form 7 <= 1.0.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-23902 | WordPress Error Notification plugin <= 0.2.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-23922 | WordPress iSpring Embedder plugin <= 1.0 - CSRF to Arbitrary File Upload vulnerability |
| CVE-2025-23972 | WordPress Contact Form 7 reCAPTCHA plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-23976 | WordPress Issuu Panel plugin <= 2.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23977 | WordPress Post Carousel Slider plugin <= 2.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23978 | WordPress FlashCounter plugin <= 1.1.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23980 | WordPress Full Circle plugin <= 0.5.7.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23985 | WordPress Dynamic URL SEO plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-23989 | WordPress Internal Link Builder plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23990 | WordPress Scroll Styler plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23996 | WordPress AnyRoad plugin <= 1.3.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24001 | WordPress PPO Call To Actions plugin <= 0.1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-24696 | WordPress Gutenberg Blocks and Page Layouts Plugin <= 1.9.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24358 | gorilla/csrf CSRF vulnerability due to broken Referer validation |
| CVE-2025-24533 | WordPress MetaSlider plugin <= 3.92.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24537 | WordPress The Events Calendar plugin <= 6.7.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24538 | WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24540 | WordPress Website Builder by SeedProd plugin <= 6.18.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24543 | WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24546 | WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24549 | WordPress Post Meta plugin <= 1.0.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24555 | WordPress Subscription DNA plugin <= 2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-24561 | WordPress ReviewsTap plugin <= 1.1.2 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-24562 | WordPress KBucket plugin <= 4.1.6 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-24568 | WordPress Starter Templates plugin <= 4.4.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24572 | WordPress WP Fast Total Search plugin <= 1.78.258 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24622 | WordPress Job Board Manager plugin <= 2.1.59 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24623 | WordPress Really Simple Security plugin <= 9.1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24636 | WordPress MachForm Shortcode plugin <= 1.4.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-24647 | WordPress WooCommerce Cloak Affiliate Links plugin <= 1.0.35 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24982 | Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicio... |
| CVE-2025-25056 | Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while... |
| CVE-2025-25071 | WordPress Vignette Ads plugin <= 0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-25072 | WordPress WP Admin Custom Page plugin <= 1.5.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-25074 | WordPress WP Social Stream plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-25075 | WordPress Show notice or message on admin area plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-25086 | WordPress Secret Meta plugin <= 1.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25088 | WordPress WP Keyword Monitor Plugin <=1.0.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-25093 | WordPress Child Themes Helper plugin <= 2.2.7 - CSRF to Arbitrary File Deletion vulnerability |
| CVE-2025-25100 | WordPress Cazamba plugin <= 1.2 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25101 | WordPress Munk Sites plugin <= 1.0.7 - CSRF to Arbitrary Plugin Installation vulnerability |
| CVE-2025-25103 | WordPress Indeed API Plugin <= 0.5 - CSRF to Settings Change vulnerability |
| CVE-2025-25104 | WordPress URL-Preview-Box plugin <= 1.20 - CSRF to Stored XSS vulnerability |
| CVE-2025-25106 | WordPress Starter Templates by FancyWP plugin <= 2.0.0 - CSRF to Arbitrary Plugin Installation vulnerability |
| CVE-2025-25107 | WordPress OneStore Sites plugin <= 0.1.1 - CSRF to Arbitrary Plugin Installation vulnerability |
| CVE-2025-25111 | WordPress WP Spell Check Plugin <= 9.21 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-25123 | WordPress Easy Related Posts plugin <= 2.0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-25125 | WordPress Fyrebox Quizzes plugin <= 2.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-25126 | WordPress ZMSEO plugin <= 1.14.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-25128 | WordPress Facilita Form Tracker plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-25135 | WordPress Custom Links On Admin Dashboard Toolbar plugin <= 3.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-25138 | WordPress On Page SEO + Social Live Chat (Formerly OPS) plugin <= 2.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-25139 | WordPress WP Custom Post RSS Feed plugin <= 1.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-25140 | WordPress Simple User Profile plugin <= 1.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-25143 | WordPress GlobalQuran Plugin <= 1.0 - CSRF to Settings Change vulnerability |
| CVE-2025-25145 | WordPress Infusionsoft Analytics Plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2025-25146 | WordPress Songkick Concerts and Festivals plugin <= 0.9.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-25147 | WordPress Auto SEO plugin <= 2.5.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-25148 | WordPress Read More Copy Link plugin <= 1.0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-25149 | WordPress Login-box plugin <= 2.0.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-25152 | WordPress Smart DoFollow plugin <= 1.0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-25153 | WordPress Simple Auto Tag plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-25154 | WordPress Custom Comment Notifications plugin <= 1.0.8 - CSRF to Stored XSS vulnerability |
| CVE-2025-25156 | WordPress Quote Comments plugin <= 2.2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-25160 | WordPress Style Tweaker plugin <= 0.11 - CSRF to Stored XSS vulnerability |
| CVE-2025-24698 | WordPress Essential Real Estate plugin <= 5.1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24699 | WordPress WP Coder Plugin <= 3.6 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24711 | WordPress Popup Box Plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24712 | WordPress Radius Blocks – WordPress Gutenberg Blocks Plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24713 | WordPress Button Generator – easily Button Builder Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24714 | WordPress Bubble Menu Plugin <= 4.0.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24715 | WordPress Counter Box Plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-24716 | WordPress Herd Effects Plugin <= 6.2.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-24717 | WordPress Modal Window Plugin <= 6.1.4 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-24720 | WordPress Sticky Buttons Plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-24724 | WordPress Side Menu Lite Plugin <= 5.3.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-24738 | WordPress Call Now Button plugin <= 1.4.13 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24739 | WordPress FluentSMTP plugin <= 2.2.80 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24742 | WordPress WP Google Maps plugin <= 9.0.40 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24749 | WordPress EZPZ SAML SP Single Sign On (SSO) plugin <= 1.2.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-24756 | WordPress Roi Calculator plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-26211 | Gibbon before 29.0.00 allows CSRF. |
| CVE-2025-26543 | WordPress Simple Responsive Menu plugin <= 2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-26545 | WordPress Related Posts Line-up-Exactly by Milliard plugin <= 0.0.22 - CSRF to Stored XSS vulnerability |
| CVE-2025-26547 | WordPress My Login Logout Plugin plugin <= 2.4 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-26549 | WordPress WP Html Page Sitemap plugin <= 2.2 - CSRF to Stored Cross-Site Scripting |
| CVE-2025-26550 | WordPress Global Meta Keyword & Description plugin <= 2.3 - CSRF to Cross-Site Scripting vulnerability |
| CVE-2025-26562 | WordPress RSS FIlter Plugin <= 1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26568 | WordPress Easy Amazon Product Information plugin <= 4.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-26569 | WordPress Post Thumbs Plugin <= 1.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-26570 | WordPress Glance That plugin <= 4.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-26571 | WordPress Wibiya Toolbar plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-26572 | WordPress WP PHPList Plugin <= 1.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-26577 | WordPress DX-auto-publish plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-26578 | WordPress Simple Documentation plugin <= 1.2.8 - CSRF to Stored XSS vulnerability |
| CVE-2025-26580 | WordPress Page/Post Specific Social Share Buttons plugin <= 2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-26582 | WordPress TinyMCE Advanced qTranslate fix editor problems plugin <= 1.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-26593 | WordPress FastBook <= 1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-26925 | WordPress Admin Menu Manager plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-26926 | WordPress Booknetic plugin <= 4.0.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-26931 | WordPress Tribulant Gallery Voting plugin <= 1.2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-26963 | WordPress ClickWhale plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-27003 | WordPress Quick Paypal Payments Plugin <= 5.7.46 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27009 | WordPress My auctions allegro plugin <= 3.6.20 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27012 | WordPress A1POST.BG Shipping for Woo plugin <= 1.5.1 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-27328 | WordPress WP-PostRatings Cheater Plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27332 | WordPress Smart Maintenance & Countdown Plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-27335 | WordPress Auto Tag Links Plugin <= 1.0.13 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27336 | WordPress Just Variables Plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27339 | WordPress Minimum Password Strength Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27340 | WordPress F12-Profiler Plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27342 | WordPress WooCommerce Recargo de Equivalencia Plugin <= 1.6.24 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27344 | WordPress Phee's LinkPreview Plugin <= 1.6.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27353 | WordPress Namaste! LMS Plugin <= 2.6.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27355 | WordPress Woocommerce – Loi Hamon Plugin <= 1.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-27357 | WordPress Önceki Yazı Link Plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27359 | WordPress WP Media File Type Manager plugin <= 2.3.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-27360 | WordPress Quick Event Calendar <= 1.4.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-27402 | Tuleap is missing CSRF protections on tracker fields administrative operations |
| CVE-2025-27441 | Zoom Workplace Apps - Cross Site Scripting |
| CVE-2025-27442 | Zoom Workplace Apps - Cross Site Scripting |
| CVE-2025-28940 | WordPress Back To Top Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28941 | WordPress SPAM-BYBYE Plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28948 | WordPress Mediabay - WordPress Media Library Folders plugin <= 1.4 - CSRF to Reflected XSS vulnerability |
| CVE-2025-28950 | WordPress Post Author <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-28952 | WordPress CubePoints <= 3.2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-28954 | WordPress Backwp plugin <= 2.0.2 - CSRF to Arbitrary File Deletion vulnerability |
| CVE-2025-28958 | WordPress Bg Orthodox Calendar plugin <= 0.13.10 - CSRF to Stored XSS vulnerability |
| CVE-2025-28964 | WordPress Personal Favicon plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-28966 | WordPress Recent Posts Slider Responsive plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-25166 | WordPress InLocation plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25168 | WordPress BookPress – For Book Authors Plugin <= 1.2.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-26748 | WordPress Arkhe theme <= 3.11.0 - CSRF to Local File Inclusion vulnerability |
| CVE-2025-26759 | WordPress Content Snippet Manager plugin <= 1.1.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-26768 | WordPress what3words Address Field plugin <= 4.0.15 - CSRF to Stored XSS vulnerability |
| CVE-2025-26899 | WordPress Recapture for WooCommerce Plugin <= 1.0.43 - CSRF to Settings Change vulnerability |
| CVE-2025-26902 | WordPress Brizy Pro plugin <= 2.6.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-26903 | WordPress InPost Gallery plugin <= 2.1.4.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-26910 | WordPress WPBookit plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-27189 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) |
| CVE-2025-27276 | WordPress Photo Gallery ( Responsive ) plugin <= 4.0 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-27277 | WordPress Add Linked Images To Gallery plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-27290 | WordPress Select Erima Zarinpal Donate Plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27298 | WordPress WP Video Posts plugin <= 3.5.1 - CSRF to Remote Code Execution (RCE) vulnerability |
| CVE-2025-27311 | WordPress Bulk Content Creator Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27315 | WordPress All-In-One Cufon Plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27316 | WordPress JPG, PNG Compression and Optimization Plugin <= 1.7.35 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27317 | WordPress RAYS Grid Plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27318 | WordPress Simple Google Sitemap Plugin <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27321 | WordPress Blightly Explorer plugin <= 2.3.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-27454 | CVE-2025-27454 |
| CVE-2025-27579 | In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address (aka stratum... |
| CVE-2025-27792 | Opal vulnerable to CSRF protection bypass |
| CVE-2025-27912 | An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra... |
| CVE-2025-2797 | Woffice Core <= 5.4.21 - Cross-Site Request Forgery to User Registration Approval |
| CVE-2025-2832 | mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 cross-site request forgery |
| CVE-2025-2863 | Cross-site request forgery (CSRF) vulnerability in saTECH BCU |
| CVE-2025-2871 | WordPress Mega Menu – QuadMenu <= 3.2.0 - Cross-Site Request Forgery to Limited User Meta Update |
| CVE-2025-28856 | WordPress W3Counter Free Real-Time Web Stats plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28857 | WordPress Rankchecker.io Integration plugin <= 1.0.9 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28859 | WordPress Maintenance Notice plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28860 | WordPress Google News Editors Picks Feed Generator plugin <= 2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-28861 | WordPress WP jQuery Persian Datepicker plugin <= 0.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-28862 | WordPress Comment Date and Gravatar remover plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28863 | WordPress Delete Original Image plugin <= 0.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28864 | WordPress Builder for Contact Form 7 by Webconstruct plugin <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28866 | WordPress Login Logger plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28867 | WordPress Frontpage category filter plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28868 | WordPress ZipList Recipe plugin <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28876 | WordPress Skrill Official plugin <= 1.0.65 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28881 | WordPress Mobile Themes plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28883 | WordPress WP Compare Tables plugin <= 1.0.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-28884 | WordPress WP Bulk Post Duplicator plugin <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28886 | WordPress REST API TO MiniProgram plugin <= 4.7.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28887 | WordPress Plugins Last Updated Column plugin <= 0.1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28891 | WordPress price-calc plugin <= 0.6.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-28892 | WordPress FTP Sync plugin <= 1.1.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-28894 | WordPress List of Posts from each Category plugin for WordPress plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-28897 | WordPress Domain Theme plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-28900 | WordPress TabGarb Pro plugin <= 2.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-28901 | WordPress Members page only for logged in users plugin <= 1.4.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-28902 | WordPress Contact Form 7 Select Box Editor Button plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28909 | WordPress WP No-Bot Question plugin <= 0.1.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28910 | WordPress WP Hide Admin Bar plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28912 | WordPress Custom Dashboard Page plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28913 | WordPress WP Add Active Class To Menu Item plugin <=1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28922 | WordPress Go To Top plugin <= 0.0.8 - CSRF to Stored XSS vulnerability |
| CVE-2025-28923 | WordPress No Disposable Email plugin <= 2.5.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-28925 | WordPress WATI Chat and Notification plugin <= 1.1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28927 | WordPress Display Template Name plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28931 | WordPress WordPress Hashtags plugin <= 0.3.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-28932 | WordPress Insert Code plugin <= 2.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-28933 | WordPress MaxA/B plugin <= 2.2.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-30598 | WordPress OSS Upload - <= <= 4.8.9 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30601 | WordPress Flipdish Ordering System plugin <= 1.4.16 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-30603 | WordPress CopyLink plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-30608 | WordPress WordPress SQL Backup - <= <= 3.5.2 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30612 | WordPress Replace Default Words plugin <= 1.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-30615 | WordPress WP e-Commerce Style Email plugin <= 0.6.2 - CSRF to Remote Code Execution vulnerability |
| CVE-2025-30617 | WordPress Rewrite - <= <= 0.2.1 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30619 | WordPress SpeakPipe - <= <= 0.2 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30620 | WordPress WP Odoo Form Integrator plugin <=1.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-30621 | WordPress Translator plugin <= 0.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-30629 | WordPress Bitly URL Shortener <= 1.3.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30632 | WordPress Global Translator <= 2.0.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-3064 | WPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function |
| CVE-2025-30764 | WordPress Football Pool plugin <= 2.12.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-30769 | WordPress WIP WooCarousel Lite plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-30783 | WordPress WP Google Review Slider plugin <= 16.0 - CSRF to SQL Injection vulnerability |
| CVE-2025-30787 | WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to Stored XSS vulnerability |
| CVE-2025-30788 | WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to SQL Injection vulnerability |
| CVE-2025-30908 | WordPress Web Directory Free plugin <= 1.7.6 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30912 | WordPress Float menu plugin <= 6.1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-30919 | WordPress Store Locator Widget plugin <= 20200131 - CSRF to Stored XSS vulnerability |
| CVE-2025-30923 | WordPress Gift Message for WooCommerce plugin <= 1.7.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30946 | WordPress Custom Bulk/Quick Edit <= 1.6.10 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30948 | WordPress Layouts for Elementor <= 1.11 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30956 | WordPress Booqable Rental <= 2.4.20 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30965 | WordPress WPJobBoard plugin < 5.11.1 - Multiple Cross Site Request Forgery (CSRF) vulnerabilities vulnerability |
| CVE-2025-30967 | WordPress WPJobBoard plugin < 5.11.1 - CSRF to Remote Code Execution (RCE) vulnerability |
| CVE-2025-30968 | WordPress Advanced Post List <= 0.5.6.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30980 | WordPress Simple Keyword to Link <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30981 | WordPress WP-Recall plugin <= 16.26.14 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-30986 | WordPress Elite Video Player <= 10.0.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-3099 | Advanced Search by My Solr Server <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-30994 | WordPress CubeWP – All-in-One Dynamic Content Framework plugin <= 1.1.23 - Cross Site Request Forgery (CSRF) to Settings Chan... |
| CVE-2025-30995 | WordPress Widgetize Pages Light plugin <= 3.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-31005 | WordPress Easyfonts plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31010 | WordPress SimplyRETS Real Estate IDX plugin <= 3.0.3 - CSRF to Multiple Admin Actions vulnerability |
| CVE-2025-31023 | WordPress Seo Meta Tags plugin <= 1.4 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-31026 | WordPress Comment Validation Reloaded plugin <= 0.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-31032 | WordPress Pagopar – WooCommerce Gateway plugin <= 2.7.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31033 | WordPress Buddypress Humanity plugin <= 1.2 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-31034 | WordPress Customize Login Page plugin <= 1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-31036 | WordPress WPSolr plugin <= 24.0 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-28974 | WordPress Free WP Mail SMTP plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-28981 | WordPress WP Mail Options plugin <= 0.2.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-28984 | WordPress Subscription Renewal Reminders for WooCommerce plugin <= 1.3.7 - Cross Site Request Forgery to Notice Dismissal vul... |
| CVE-2025-28986 | WordPress Epicwin Plugin plugin <= 1.5 - CSRF to SQL Injection vulnerability |
| CVE-2025-29005 | WordPress HR Management Lite <= 3.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-2907 | Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update |
| CVE-2025-2935 | Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms <= 2024.7 - Cross-Site Request Forgery to Multiple Administrat... |
| CVE-2025-29766 | Tuleap has missing CSRF protections on artifact submission & edition from the tracker view |
| CVE-2025-29929 | Tuleap is missing CSRF protection on tracker hierarchy administration |
| CVE-2025-3037 | yzk2356911358 StudentServlet-JSP cross-site request forgery |
| CVE-2025-30521 | WordPress GP Back To Top plugin <= 3.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30522 | WordPress Contact Form 7 Material Design plugin <= 1.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-30526 | WordPress Typekit plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30528 | WordPress Awesome Logos plugin <= 1.2 - CSRF to SQL Injection vulnerability |
| CVE-2025-30529 | WordPress Auto Load Next Post plugin <= 1.5.14 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30531 | WordPress WP Ride Booking plugin <= 2.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30534 | WordPress Image Captcha plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-30535 | WordPress External image replace plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-30538 | WordPress Simple Optimizer plugin <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30541 | WordPress Info Boxes Shortcode And Widgets plugin <= 1.15 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30542 | WordPress WP SoundCloud Ultimate plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30546 | WordPress Cackle plugin <= 4.33 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30549 | WordPress Yummly Rich Recipes plugin <= 4.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30550 | WordPress CallPhone'r plugin <= 1.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-30552 | WordPress WordPress Admin Bar Improved plugin <= 3.3.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-30555 | WordPress WordPres 同步微博 plugin <= 1.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-30556 | WordPress Fix Rss Feeds plugin <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30557 | WordPress Easy 301 Redirects plugin <= 1.33 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30558 | WordPress ANAC XML Render plugin <= 1.5.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-30560 | WordPress jQuery Dropdown Menu plugin <= 3.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-30561 | WordPress CAS Maestro plugin <= 1.1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-30564 | WordPress Custom Script Integration - <= <= 2.1 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30565 | WordPress banner-manager plugin <= 16.04.19 - CSRF to Stored XSS vulnerability |
| CVE-2025-30568 | WordPress Super Static Cache - <= <= 3.3.5 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30572 | WordPress Simple Rating plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-30576 | WordPress Hacklog Remote Image Autosave - <= <= 2.1.0 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30577 | WordPress Browser Address Bar Color plugin <= 3.3 - Cross Site Request Forgery (CSRF) to Stored XSS Vulnerability |
| CVE-2025-30578 | WordPress AdSense Privacy Policy plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) to Stored XSS Vulnerability |
| CVE-2025-30583 | WordPress Pro Rank Tracker plugin <= 1.0.0 - CSRF to Stored XSS Vulnerability |
| CVE-2025-30584 | WordPress AlphaOmega Captcha & Anti-Spam Filter plugin <= 3.3 - CSRF to Stored XSS Vulnerability |
| CVE-2025-30585 | WordPress Generate Post Thumbnails - <= <= 0.8 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30586 | WordPress cTabs plugin <= 1.3 - CSRF to Stored XSS Vulnerability |
| CVE-2025-30587 | WordPress LH OGP Meta plugin <= 1.73 - CSRF to Stored XSS Vulnerability |
| CVE-2025-30588 | WordPress Map Contact plugin <= 3.0.4 - CSRF to Stored XSS Vulnerability |
| CVE-2025-30801 | WordPress TWB Woocommerce Reviews plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30804 | WordPress wpShopGermany IT-RECHT KANZLEI plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30805 | WordPress Flexible Cookies plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30811 | WordPress ValidateCertify plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30815 | WordPress Hesabfa Accounting plugin <= 2.1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30816 | WordPress publish post email notification plugin <= 1.0.2.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabil... |
| CVE-2025-30822 | WordPress Custom Login Logo Plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30823 | WordPress Anthologize Plugin <= 0.8.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30833 | WordPress Verge3D Publishing and E-Commerce Plugin <= 4.8.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30842 | WordPress Christmas Panda plugin <= 1.0.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30854 | WordPress Serial Codes Generator and Validator with WooCommerce Support plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) v... |
| CVE-2025-30856 | WordPress Custom Field For WP Job Manager plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30857 | WordPress Currency Switcher for WooCommerce plugin <= 0.0.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-30862 | WordPress reCAPTCHA for all plugin <= 2.22 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30863 | WordPress Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.0.9 - Cross Site Requ... |
| CVE-2025-30865 | WordPress 3DPrint Lite plugin <= 2.1.3.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30872 | WordPress Product Author for WooCommerce plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30888 | WordPress Custom Fields Account Registration For Woocommerce Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31677 | AI (Artificial Intelligence) - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-003 |
| CVE-2025-31680 | Matomo Analytics - Moderately critical - Cross site request forgery - SA-CONTRIB-2025-008 |
| CVE-2025-31683 | Google Tag - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-012 |
| CVE-2025-31684 | OAuth2 Client - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-013 |
| CVE-2025-31688 | Configuration Split - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-017 |
| CVE-2025-31689 | General Data Protection Regulation - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-018 |
| CVE-2025-31690 | Cache Utility - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-019 |
| CVE-2025-31751 | WordPress Breaking News WP Plugin <= 1.3 - CSRF to Settings Change vulnerability |
| CVE-2025-31753 | WordPress Advanced Speed Increaser Plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31756 | WordPress TZ PlusGallery Plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31763 | WordPress Cache control by Cacholong Plugin <= 5.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31769 | WordPress CLP – Custom Login Page by NiteoThemes plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31775 | WordPress Google SEO Pressor for Rich snippets Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31776 | WordPress Uptime Robot Plugin <= 2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31779 | WordPress Query Wrangler plugin <= 1.5.53 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31784 | WordPress Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more Plugin <= 1.4.0 - Cross Site Request Forgery... |
| CVE-2025-31785 | WordPress Clearbit Reveal plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31807 | WordPress Product Notices for WooCommerce plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31808 | WordPress SCSS WP Editor Plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31038 | WordPress Essential Breadcrumbs plugin <= 1.1.1 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-31068 | WordPress Seven Stars <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31079 | WordPress Usermaven plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-3131 | ECA: Event - Condition - Action - Critical - Cross site request forgery - SA-CONTRIB-2025-031 |
| CVE-2025-31328 | Cross-Site Request Forgery (CSRF) vulnerability in SAP S/4 HANA (Learning Solution) |
| CVE-2025-31375 | WordPress Scheduled plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-31382 | WordPress Language Field plugin <= 0.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-31383 | WordPress FrescoChat Live Chat plugin <= 3.2.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-31385 | WordPress Site Table of Contents plugin <= 0.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-31388 | WordPress The World plugin <= 0.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-31390 | WordPress Social Crowd plugin <= 0.9.6.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31391 | WordPress Script Compressor plugin <= 1.7.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31392 | WordPress Smart Product Gallery Slider plugin <= 1.0.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-31393 | WordPress Social Bookmarking RELOADED plugin <= 3.18 - CSRF to Stored XSS vulnerability |
| CVE-2025-31395 | WordPress Easy Custom CSS plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-31399 | WordPress CG Scroll To Top plugin <= 3.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-31400 | WordPress WS Audio Player plugin <= 1.1.8 - CSRF to Stored XSS vulnerability |
| CVE-2025-31401 | WordPress MMX – Make Me Christmas plugin <= 1.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-31402 | WordPress NewsBoard Post and RSS Scroller plugin <= 1.2.12 - CSRF to Stored XSS vulnerability |
| CVE-2025-31404 | WordPress AF Tell a Friend plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-31410 | WordPress WP Church Donation plugin <= 1.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31435 | WordPress Microblog Poster plugin <= 2.1.6 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-31438 | WordPress WP Supersized <= 3.1.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31439 | WordPress Browser Caching with .htaccess 1.2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31440 | WordPress Terms of Use plugin <= 2.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-31443 | WordPress KK I Like It plugin <= 1.7.5.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-31444 | WordPress ShowTime Slideshow plugin <= 1.6 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-31447 | WordPress NertWorks All in One Social Share Tools <=1.26 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31448 | WordPress Simple Trackback Disabler <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31449 | WordPress The Visitor Counter plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-31456 | WordPress Ultimate Security Checker plugin <= 4.2 - Cross Site Request Forgery (CSRF) to Security Rescan vulnerability |
| CVE-2025-31457 | WordPress LWS SMS <= 2.4.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31458 | WordPress Video Embedder plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-31459 | WordPress Login Alert plugin <= 0.2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31460 | WordPress OmniLeads Scripts and Tags Manager plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-31474 | WordPress WP Database Optimizer <= 1.2.1.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31482 | FreshRSS vulnerable to DoS by malicious feed entry loading logout URL |
| CVE-2025-3150 | itning Student Homework Management System cross-site request forgery |
| CVE-2025-3153 | Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 - CSRF and XSS in Concrete CMS Custom Address attribute |
| CVE-2025-31566 | WordPress Rio Video Gallery plugin <= 2.3.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-31569 | WordPress wordpress related Posts with thumbnails plugin <= 3.0.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31570 | WordPress Related Posts Widget with Thumbnails plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-31572 | WordPress Multi Days Events and Multi Events in One Day Calendar plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerab... |
| CVE-2025-31583 | WordPress WP Copy Media URL plugin <= 2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31585 | WordPress Leadfox for WordPress plugin <= 2.1.8 - CSRF to Stored XSS vulnerability |
| CVE-2025-31588 | WordPress Elfsight Testimonials Slider plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-31600 | WordPress DesignO plugin <= 2.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31601 | WordPress Appointy Appointment Scheduler plugin <= 4.2.1 - CSRF to Settings Change vulnerability |
| CVE-2025-31602 | WordPress Apimo Connector plugin <= 2.6.3.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-31613 | WordPress AB Google Map Travel plugin <= 4.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-31809 | WordPress Labinator Content Types Duplicator Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31814 | WordPress OwnerRez Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31828 | WordPress Easy!Appointments plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-31839 | WordPress Footer Contacts Bar Plugin <= 1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31840 | WordPress Simple Fixed Notice Plugin <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31845 | WordPress Theme Duplicator Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31852 | WordPress Bulk Product Sync plugin <= 8.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31859 | WordPress Feedbucket – Website Feedback Tool Plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31880 | WordPress Pearl plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31888 | WordPress WP Multi Store Locator Plugin <= 2.5.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31904 | WordPress Ebook Downloader plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-31906 | WordPress WP Profitshare Plugin <= 1.4.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-31908 | WordPress JSON Structuring Markup plugin <= 0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31915 | WordPress Pixel WordPress Form BuilderPlugin & Autoresponder <= 1.0.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31921 | WordPress WP Ultimate Tours Builder <= 1.055 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31922 | WordPress CSS3 Accordions for WordPress plugin <= 3.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-32112 | WordPress Sidebar Manager Light plugin <= 1.1.8 - CSRF to Stored XSS vulnerability |
| CVE-2025-32113 | WordPress Libro de Reclamaciones y Quejas plugin <= 0.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-32241 | WordPress Official CleverReach WooCommerce Integration Plugin <= 3.4.3 - CSRF to Settings Change vulnerability |
| CVE-2025-32247 | WordPress AI Content Creator plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32248 | WordPress SwiftXR (3D/AR/VR) Viewer plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32249 | WordPress DirectoryPress – Business Directory And Classified Ad Listing Plugin <=3.6.19 - Cross Site Request Forgery (CSRF) v... |
| CVE-2025-32250 | WordPress Rollbar plugin <= 2.7.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32261 | WordPress Advanced All in One Admin Search by WP Spotlight <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-32262 | WordPress RDP Wiki Embed plugin <= 1.2.20 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-32263 | WordPress Sequential Order Numbers for WooCommerce plugin <= 3.6.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32264 | WordPress UltraAddons – Elementor Addons plugin <= 2.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32265 | WordPress JobWP plugin <= 2.3.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32266 | WordPress 404 Image Redirection (Replace Broken Images) plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32267 | WordPress WP to Hootsuite plugin <= 1.5.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32268 | WordPress QR Code Tag for WC plugin <= 1.9.36 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-32269 | WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Plugin <= 1.1.3 - Cross Site Request... |
| CVE-2025-32270 | WordPress Broadstreet Plugin <= 1.51.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-32271 | WordPress Woocommerce Role Pricing Plugin <= 3.5.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32272 | WordPress Wishlist Plugin <= 1.0.44 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32273 | WordPress Freetobook Responsive Widget Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32274 | WordPress w3all phpBB integration Plugin <= 2.9.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32276 | WordPress Administrator Z plugin <= 2025.03.04 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32278 | WordPress Table Block by RioVizual plugin <= 2.1.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32280 | WordPress WP Project Manager plugin <= 2.6.22 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31616 | WordPress Varnish WordPress plugin <= 1.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-31617 | WordPress PostmarkApp Email Integrator plugin <= 2.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-31623 | WordPress Rich Text Editor plugin <= 1.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31639 | WordPress Spare <= 1.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-32476 | WordPress Advanced Tag Lists plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-32477 | WordPress WP-Easy Menu plugin <= 0.41 - CSRF to Stored XSS vulnerability |
| CVE-2025-32478 | WordPress WP SexyLightBox plugin <= 0.5.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-32479 | WordPress Flags Widget plugin <= 1.0.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-32480 | WordPress Windows Live Writer plugin <= 0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32481 | WordPress Nino Social Connect plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-32482 | WordPress Custom Smilies plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-32484 | WordPress WP-Planification – WP-Planning plugin <= 2.3.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32485 | WordPress WP Performance Pack <= 2.5.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-32494 | WordPress reCAPTCHA Jetpack <= 0.2.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-32496 | WordPress Ultra Demo Importer plugin <= 1.0.5 - CSRF to RCE vulnerability |
| CVE-2025-32497 | WordPress Spoiler Block plugin <= 1.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-32498 | WordPress VKontakte Cross-Post plugin <= 0.3.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-32500 | WordPress Codescar Radio Widget plugin <= 0.4.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32501 | WordPress RentSyst plugin <= 2.0.92 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-32502 | WordPress ePaper Lister for Yumpu plugin <= 1.4.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-32505 | WordPress MultiMailer plugin <= 1.0.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-32518 | WordPress ALD Login Page plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32545 | WordPress WooCommerce Products without featured images Plugin <= 0.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerabi... |
| CVE-2025-32546 | WordPress All push notification for WP Plugin <= 1.5.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32547 | WordPress All push notification for WP Plugin <= 1.5.3 - CSRF to SQL Injection vulnerability |
| CVE-2025-32555 | WordPress SEO, Nutrition and Print for Recipes by Edamam plugin <= 3.3 - CSRF to Cross-Site Scripting vulnerability |
| CVE-2025-32556 | WordPress Simple Post Meta Manager Plugin <= 1.0.9 - CSRF to Reflected Cross-Site Scripting vulnerability |
| CVE-2025-32559 | WordPress REVE Chat plugin <= 6.2.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-32563 | WordPress WP Calais Auto Tagger plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-3257 | xujiangfei admintwo updateSet cross-site request forgery |
| CVE-2025-32575 | WordPress WP w3all phpBB Plugin <= 2.9.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-32576 | WordPress WP shop plugin <= 2.6.0 - CSRF to Arbitrary File Upload vulnerability |
| CVE-2025-32584 | WordPress Chat2 plugin <= 3.6.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-32591 | WordPress WP Abstracts Plugin <= 2.7.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-32597 | WordPress WordPress Events Calendar Plugin – connectDaily plugin <= 1.4.8 - CSRF to Cross-Site Scripting vulnerability |
| CVE-2025-32606 | WordPress Listings for Buildium plugin <= 0.1.4 - CSRF to Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2025-32610 | WordPress Foliopress WYSIWYG plugin <= 2.6.18 - CSRF to Stored XSS vulnerability |
| CVE-2025-32612 | WordPress User Session Synchronizer plugin <= 1.4.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-32616 | WordPress Nimbata Call Tracking plugin <= 1.7.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32617 | WordPress Multiple Location Google Map plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32619 | WordPress KeyCAPTCHA plugin <= 2.5.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32621 | WordPress WP Map Route Planner plugin <= 1.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-32623 | WordPress PlainInventory plugin <= 3.1.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-32641 | WordPress Anant Addons for Elementor plugin <= 1.1.5 - CSRF to Arbitrary Plugin Installation vulnerability |
| CVE-2025-32642 | WordPress Vite Coupon plugin <= 1.0.7 - CSRF to Remote Code Execution (RCE) vulnerability |
| CVE-2025-32644 | WordPress IP2Location World Clock Plugin <= 1.1.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-32645 | WordPress Custom Posts Order Plugin <= 4.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32655 | WordPress Restrict User Registration plugin <= 1.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32659 | WordPress FraudLabs Pro for WooCommerce plugin <= 2.22.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-32661 | WordPress Interactive US Map plugin <= 2.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-24875 | SameSite Defense in Depth not applied for some cookies in SAP Commerce |
| CVE-2025-24897 | Misskey CSRF vulnerability due to insecure configuration of authentication cookie attributes |
| CVE-2025-24900 | Concorde CSRF vulnerability due to insecure configuration of authentication cookie attributes |
| CVE-2025-3635 | Moodle: csrf risk in moodle user tours manager allows tour duplication |
| CVE-2025-3638 | Moodle: csrf risk in brickfield tool's analysis request action |
| CVE-2025-36513 | Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd.. If a user views a crafte... |
| CVE-2025-36576 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high priv... |
| CVE-2025-36728 | SimpleHelp Cross Site Request Forgery |
| CVE-2025-3687 | misstt123 oasys Sticky Notes cross-site request forgery |
| CVE-2025-32282 | WordPress ShareThis Dashboard for Google Analytics plugin <= 3.2.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32310 | WordPress QuickCal plugin <= 1.0.13 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-32673 | WordPress Epeken All Kurir plugin <= 1.4.6.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-32678 | WordPress WP Show Stats plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32679 | WordPress User Registration Using Contact Form 7 plugin <= 2.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-3284 | User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request For... |
| CVE-2025-32922 | WordPress WP2LEADS plugin <= 3.5.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-34050 | AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery |
| CVE-2025-34133 | Wimi Teamwork < v7.38.17 CSRF |
| CVE-2025-35030 | Medical Informatics Engineering Enterprise Health cross site request forgery |
| CVE-2025-3557 | ScriptAndTools eCommerce-website-in-PHP cross-site request forgery |
| CVE-2025-3561 | ghostxbh uzy-ssm-mall cross-site request forgery |
| CVE-2025-3808 | zhenfeng13 My-BBS cross-site request forgery |
| CVE-2025-3843 | panhainan DS-Java cross-site request forgery |
| CVE-2025-39437 | WordPress Anthologize plugin <= 0.8.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39438 | WordPress Theme Changer plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-3907 | Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046 |
| CVE-2025-39351 | WordPress Grand Restaurant WordPress theme <= 7.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39371 | WordPress Author Box Plugin With Different Description plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39374 | WordPress Best Posts Summary plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-39375 | WordPress Easy Child Theme Creator plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39381 | WordPress KiotViet Sync plugin <= 1.8.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-39414 | WordPress spam-stopper plugin <= 3.1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-39415 | WordPress Social Media Links plugin <= 1.0.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-39416 | WordPress translit it! plugin <= 1.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-39417 | WordPress Redirect wordpress to welcome or landing page plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-39418 | WordPress RSS Manager plugin <= 0.06 - CSRF to Stored XSS vulnerability |
| CVE-2025-39419 | WordPress Revision Diet plugin <= 1.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-39421 | WordPress WP Sticky Side Buttons plugin <= 2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39422 | WordPress WP Social Bookmarking plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39440 | WordPress Broken Links Remover plugin <= 1.2.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-39441 | WordPress Dashboard Notepads plugin <= 1.2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-39442 | WordPress Review Wave – Google Places Reviews plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39443 | WordPress Verge3D plugin <= 4.9.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39453 | WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.9.3 - Cross Site Request Forgery (CSRF) to Settings Change vul... |
| CVE-2025-39455 | WordPress IP2Location Variables plugin <= 2.9.5 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39472 | WordPress WooCommerce Social Login plugin < 2.8.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39512 | WordPress Bulk Term Editor <= 1.1.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-39517 | WordPress Basic Interactive World Map plugin <= 2.7 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-39530 | WordPress Site Search 360 plugin <= 2.1.7 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-39544 | WordPress WP Tools plugin <= 5.18 - CSRF to Arbitrary File Deletion vulnerability |
| CVE-2025-39546 | WordPress ElementsReady Addons for Elementor <= 6.6.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-39423 | WordPress Add to Header plugin <= 1.0 - CSRF to XSS vulnerability |
| CVE-2025-39424 | WordPress Simple Maps plugin <= 0.98 - CSRF to XSS vulnerability |
| CVE-2025-39425 | WordPress Style Manager plugin <= 2.2.7 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-39426 | WordPress illow – Cookies Consent plugin <= 0.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39430 | WordPress mLanguage plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39431 | WordPress Amazon Showcase WordPress Plugin plugin <= 2.2 - CSRF to XSS vulnerability |
| CVE-2025-39433 | WordPress Bknewsticker plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39435 | WordPress My Marginalia plugin <= 1.0.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-39563 | WordPress Conditional Payments for WooCommerce <= 3.3.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-39564 | WordPress Conditional Shipping for WooCommerce <= 3.4.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-3959 | withstars Books-Management-System reader_delete.html cross-site request forgery |
| CVE-2025-39593 | WordPress Ever Accounting <= 2.1.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-39600 | WordPress Integration for WooCommerce and QuickBooks <= 1.3.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-39601 | WordPress Custom CSS, JS & PHP plugin <= 2.4.1 - CSRF to RCE vulnerability |
| CVE-2025-39547 | WordPress Internal Link Optimiser plugin <= 5.1.3 - CSRF to XSS vulnerability |
| CVE-2025-39548 | WordPress Right Click Disable OR Ban plugin <= 1.1.17 - CSRF to Stored XSS vulnerability |
| CVE-2025-41661 | Weidmueller: Security routers IE-SR-2TX are affected by CSRF |
| CVE-2025-4188 | Advanced Reorder Image Text Slider <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-4189 | Audio Comments Plugin <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-4194 | AlT Monitoring <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-4198 | Alink Tap <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-4199 | Abundatrade Plugin <= 1.8.02 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-4327 | MRCMS cross-site request forgery |
| CVE-2025-4337 | AHAthat Plugin <= 1.6 - Cross-Site Request Forgery to AHA Page Deletion |
| CVE-2025-43809 | Cross-Site Request Forgery (CSRF) vulnerability in the server (license) registration page in Liferay Portal 7.4.0 through 7.4... |
| CVE-2025-43835 | WordPress wp-cyr-cho plugin <= 0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-43840 | WordPress CheckBot plugin <= 1.05 - CSRF to Stored XSS vulnerability |
| CVE-2025-4580 | File Provider <= 1.2.3 - Item Deletion via CSRF |
| CVE-2025-4592 | AI Image Lab – Free AI Image Generator <= 1.0.6 - Cross-Site Request Forgery to API Key Update |
| CVE-2025-46231 | WordPress affiliate-toolkit <= 3.7.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46241 | WordPress Appointment Booking Calendar plugin <= 1.3.92 - CSRF to SQL Injection vulnerability |
| CVE-2025-46243 | WordPress Recover abandoned cart for WooCommerce <= 2.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46245 | WordPress CM Ad Changer <= 2.0.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46246 | WordPress CM Answers <= 3.3.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-32664 | WordPress Nepali Date Utilities plugin <= 1.0.13 - CSRF to Stored XSS vulnerability |
| CVE-2025-32667 | WordPress Doppler Forms plugin <= 2.4.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-32669 | WordPress Mergado Pack plugin <= 4.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-46435 | WordPress Time Based Greeting plugin <= 2.2.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-46436 | WordPress SCSS-Library <= 0.4.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46439 | WordPress Plugin Central plugin <= 2.5.1 - CSRF to Arbitrary File Deletion vulnerability |
| CVE-2025-46442 | WordPress Loan Calculator plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-46450 | WordPress occupancyplan plugin <= 1.0.3.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-46452 | WordPress Google News plugin <= 2.5.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-46457 | WordPress Wp Custom CMS Block plugin <= 2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-46458 | WordPress occupancyplan plugin <= 1.0.3.0 - CSRF to SQL Injection vulnerability |
| CVE-2025-46462 | WordPress WPVN <= 0.7.8 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46465 | WordPress Print Science Designer plugin <= 1.3.155 - CSRF to Stored XSS vulnerability |
| CVE-2025-46249 | WordPress Simple calendar for Elementor <= 1.6.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46251 | WordPress VikRestaurants Table Reservations and Take-Away plugin <= 1.3.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-46257 | WordPress Element Pack Pro Plugin < 8.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-46721 | nosurf vulnerable to CSRF due to non-functional same-origin request checks |
| CVE-2025-46466 | WordPress Modern Polls plugin <= 1.0.10 - CSRF to Stored XSS vulnerability |
| CVE-2025-46492 | WordPress Call Now PHT Blog plugin <= 2.4.1 - CSRF to XSS vulnerability |
| CVE-2025-46495 | WordPress Drop Caps plugin <= 2.1 - CSRF to XSS vulnerability |
| CVE-2025-46497 | WordPress Navegg Analytics plugin <= 3.3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-46498 | WordPress Zalo Official Live Chat <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46504 | WordPress Vasaio QR Code plugin <= 1.2.5 - CSRF to XSS vulnerability |
| CVE-2025-46506 | WordPress WpZon – Amazon Affiliate Plugin plugin <= 1.3 - CSRF to XSS vulnerability |
| CVE-2025-46507 | WordPress Unsafe Mimetypes plugin <= 0.1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-46508 | WordPress Advanced lazy load plugin <= 1.6.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-46510 | WordPress Contact Form 7 Calendar plugin <= 3.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-46512 | WordPress Custom Functions Plugin plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-46513 | WordPress All in One Time Clock Lite <= 1.3.324 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46514 | WordPress Milat jQuery Automatic Popup plugin <= 1.3.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-46743 | Cross-Site Request Forgery |
| CVE-2025-47466 | WordPress Ultimate WP Mail <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47468 | WordPress Hash Form <= 1.2.8 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47470 | WordPress GPT3 AI Content Writer plugin <= 1.9.14 - Cross Site Request Forgery (CSRF) to Prompt Generation vulnerability |
| CVE-2025-46516 | WordPress Twitter Card Generator plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-46520 | WordPress Related Posts via Taxonomies plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-46522 | WordPress Tabs plugin <= 4.0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-46524 | WordPress WP Filter Post Category plugin <= 2.1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-46528 | WordPress Availability Calendar <= 0.2.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46530 | WordPress Hacklog Remote Attachment <= 1.3.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46547 | In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attack... |
| CVE-2025-47410 | Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on t... |
| CVE-2025-47446 | WordPress Listamester <= 2.3.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47447 | WordPress Cool Author Box <= 3.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47448 | WordPress WP Hotel Booking <= 2.1.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47451 | WordPress Product Quantity Dropdown For Woocommerce plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vuln... |
| CVE-2025-47459 | WordPress WP Fundraising Donation and Crowdfunding Platform <= 1.7.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47462 | WordPress Challan plugin <= 3.7.58 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-47583 | WordPress Salon booking system plugin <= 10.16 - CSRF to Arbitrary Content Deletion vulnerability |
| CVE-2025-47590 | WordPress WPSpeed <= 2.6.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47594 | WordPress Soccer Live Scores <= 1.0.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47596 | WordPress Beacon Lead Magnets and Lead Capture <= 1.5.8 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47597 | WordPress WP Podcasts Manager <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47606 | WordPress Simple Giveaways <= 2.48.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47609 | WordPress EasyMe Connect <= 3.0.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47614 | WordPress LessButtons Social Sharing and Statistics plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) to Settings Change vu... |
| CVE-2025-47620 | WordPress Martins Free Monetized Ad Exchange Network plugin <= 1.0.5 - CSRF to XSS vulnerability |
| CVE-2025-47624 | WordPress DoFollow Case by Case <= 3.5.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47633 | WordPress Awin – Advertiser Tracking for WooCommerce plugin <= 2.0.0 - CSRF to Product Feed Regeneration vulnerability |
| CVE-2025-47639 | WordPress Supertext Translation and Proofreading plugin <= 4.25 - CSRF to Stored XSS vulnerability |
| CVE-2025-47647 | WordPress Sidebar Manager Light <= 1.18 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47473 | WordPress PW WooCommerce Bulk Edit <= 2.134 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47491 | WordPress Contact Form Widget <= 1.4.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47514 | WordPress ELI's Related Posts Footer Links and Widget plugin <= 1.2.04.20 - Cross Site Request Forgery (CSRF) to Stored XSS v... |
| CVE-2025-47517 | WordPress Accept Donations with PayPal plugin <= 1.4.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-47519 | WordPress Easy PayPal Events <= 1.2.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47523 | WordPress Seznam Webmaster <= 1.4.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47533 | WordPress Graphina plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) to Local File Inclusion vulnerability |
| CVE-2025-47542 | WordPress Simple calendar for Elementor <= 1.6.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47543 | WordPress TrueBooker <= 1.0.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47546 | WordPress WP Compress <= 6.30.30 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47551 | WordPress Wiki Embed plugin <= 1.4.6 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-48303 | WordPress Post Type Converter plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-47648 | WordPress Pays – WooCommerce Payment Gateway <= 2.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47655 | WordPress theMarketer plugin <= 1.4.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-47661 | WordPress 워드프레스 결제 심플페이 <= 5.2.11 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47667 | WordPress LiveAgent <= 4.4.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47674 | WordPress Credova_Financial <= 2.5.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47681 | WordPress Web Accessibility with Max Access <= 2.0.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47684 | WordPress Smaily for WP <= 3.1.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47685 | WordPress Contribuinte Checkout plugin <= 2.0.02 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-47701 | Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047 |
| CVE-2025-47708 | Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054 |
| CVE-2025-48233 | WordPress Affiliates Manager Google reCAPTCHA Integration plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) to Stored XSS v... |
| CVE-2025-48238 | WordPress AWcode Toolkit plugin <= 1.0.18 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48243 | WordPress reCAPTCHA for all <= 2.26 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48255 | WordPress Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP <= 6.2.4 - Cross Site Request Forgery (CSRF) Vulner... |
| CVE-2025-3964 | withstars Books-Management-System Article del cross-site request forgery |
| CVE-2025-3979 | dazhouda lecms Password Change index.php cross-site request forgery |
| CVE-2025-3997 | dazhouda lecms Personal Information Page index.php cross-site request forgery |
| CVE-2025-41254 | Spring Framework STOMP CSRF Vulnerability |
| CVE-2025-4282 | SourceCodester/oretnom23 Stock Management System Users.php cross-site request forgery |
| CVE-2025-42908 | Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAP |
| CVE-2025-42923 | Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (F4044 Manage Work Center Groups) |
| CVE-2025-43745 | A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 throug... |
| CVE-2025-43748 | Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.... |
| CVE-2025-4375 | Cross-Site Request Forgery vulnerability in Pro Cloud Server's WebEA |
| CVE-2025-48077 | WordPress Block Country plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48078 | WordPress Slick Google Map plugin <= 0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48083 | WordPress wpNamedUsers plugin <= 0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48085 | WordPress Simple Stripe plugin <= 0.9.17 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48099 | WordPress Search & Filter plugin <= 1.2.17 - Cross Site Request Forgery (CSRF) to Open Redirect vulnerability |
| CVE-2025-48104 | WordPress Floating Window Music Player plugin <= 3.4.2 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48109 | WordPress XM-Backup plugin <= 0.9.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-48111 | WordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-48114 | WordPress ShayanWeb Admin FontChanger plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48115 | WordPress ValidateCertify <= 1.6.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48144 | WordPress Import Export For WooCommerce plugin <= 1.6.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-48146 | WordPress SEO Flow by LupsOnline plugin <= 2.2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-48153 | WordPress Import CDN-Remote Images plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49237 | WordPress POEditor plugin <= 0.9.10 - CSRF to Arbitrary File Deletion vulnerability |
| CVE-2025-49238 | WordPress Everest Backup <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49239 | WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.5.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49269 | WordPress Market Exporter <= 2.0.22 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49273 | WordPress WP Tools <= 5.24 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49283 | WordPress Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant <= 4.1.1 - Cross Site Request Forgery (CSRF)... |
| CVE-2025-48259 | WordPress WP Mapa Politico España plugin <= 3.8.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-48264 | WordPress Product Code for WooCommerce plugin <= 1.5.0 - CSRF to Database Update vulnerability |
| CVE-2025-48265 | WordPress Year Make Model Search for WooCommerce plugin <= 1.0.11 - Cross Site Request Forgery (CSRF) to Settings Change vuln... |
| CVE-2025-48284 | WordPress Japanized For WooCommerce <= 2.6.40 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48285 | WordPress Falang multilanguage <= 1.3.61 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48483 | FreeScout Stored XSS leads to CSRF |
| CVE-2025-48497 | Cross-site request forgery vulnerability exists in iroha Board versions v0.10.12 and earlier. If a user accesses a specially... |
| CVE-2025-48740 | A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 befor... |
| CVE-2025-4887 | SourceCodester Online Student Clearance System cross-site request forgery |
| CVE-2025-48885 | application-urlshortener users can create arbitrary pages as long as they have view access to them |
| CVE-2025-48921 | Open Social - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-079 |
| CVE-2025-48991 | Tuleap missing CSRF protection on tracker canned responses administration |
| CVE-2025-49040 | WordPress Backup Bolt plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-49044 | WordPress Simple Poll plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-49284 | WordPress WP Maintenance Mode & Site Under Construction <= 4.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49285 | WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 3.8.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49286 | WordPress WP Table Builder <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49291 | WordPress Calculated Fields Form <= 5.3.58 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49317 | WordPress WP Page Loading <= 1.0.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49332 | WordPress WP Time Slots Booking Form <= 1.2.30 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49341 | WordPress PDF Creator Lite plugin <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-49347 | WordPress WP sIFR plugin <= 0.6.8.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-49351 | WordPress Create Posts & Terms plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-49373 | WordPress Evergreen Content Poster plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-49381 | WordPress ads.txt Guru Connect Plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49382 | WordPress JobZilla - Job Board WordPress Theme Theme <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49391 | WordPress Sign-up Sheets Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49399 | WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49425 | WordPress Konami Easter Egg <= v0.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49426 | WordPress Cookie Warning plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-48304 | WordPress Google XML News Sitemap plugin plugin <= 0.02 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-49435 | WordPress Wp Easy Allopass <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49439 | WordPress Atelier Create CV plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-49440 | WordPress WP Security Master <= 1.0.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49445 | WordPress Interactive UK Regional Map plugin <= 2.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-49446 | WordPress Admin Notes <=1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49449 | WordPress Interactive Regional Map of Africa <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49453 | WordPress BP Profile as Homepage plugin <= 1.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-49462 | Zoom Clients - Cross-site Scripting |
| CVE-2025-49510 | WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.1.0 - Cross Site Request Forgery (CSRF) vulnerabil... |
| CVE-2025-49511 | WordPress Civi Framework plugin <= 2.1.6 - Cross Site Request Forgery (CSRF) to User Deactivation vulnerability |
| CVE-2025-49555 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) |
| CVE-2025-4966 | WP Online Users Stats <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via hk_dataset_results Function |
| CVE-2025-49856 | WordPress Responsive Plus plugin <= 3.2.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-49865 | WordPress Advanced Settings plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49895 | WordPress ServerBuddy by PluginBuddy.com plugin <= 1.0.5 - CSRF to PHP Object Injection vulnerability |
| CVE-2025-49896 | WordPress WP Discord Post Plus – Supports Unlimited Channels plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerabili... |
| CVE-2025-49964 | WordPress ClipLink plugin <= 1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49965 | WordPress PixelBeds Channel Manager and Hotel Booking Engine plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49966 | WordPress Oganro Travel Portal Search Widget for HotelBeds APITUDE API plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vuln... |
| CVE-2025-49967 | WordPress Live Sports Streamthunder plugin <= 2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49968 | WordPress XML Travel Portal Widget plugin <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49972 | WordPress TM Replace Howdy plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49975 | WordPress JobWP plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49977 | WordPress WP Inventory Manager plugin <= 2.3.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-50036 | WordPress Mailing Group Listserv plugin <= 3.0.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-50044 | WordPress Real Estate Manager plugin <= 7.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48306 | WordPress Savyour Affiliate Partner plugin <= 2.1.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-48307 | WordPress SEO For Images plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48308 | WordPress Newsletter subscription optin module plugin <= 1.2.9 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilit... |
| CVE-2025-48309 | WordPress BetPress plugin <= 1.0.1 Lite - CSRF to Stored XSS vulnerability |
| CVE-2025-48310 | WordPress Table Editor plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-48311 | WordPress Invisible Optin plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48318 | WordPress 多说社会化评论框 plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-48320 | WordPress 百度分享按钮 plugin <= 1.0.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-48321 | WordPress Ultimate twitter profile widget plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-48325 | WordPress WP Admin Theme plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48328 | WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) to Settings Change vulne... |
| CVE-2025-48340 | WordPress User Profile Meta Manager plugin <= 1.02 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-48342 | WordPress Dynamic Pricing & Discounts Lite for WooCommerce <= 2.0.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48343 | WordPress WPMU Ldap Authentication plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48344 | WordPress Rootspersona <= 3.7.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48351 | WordPress Kento Splash Screen plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48353 | WordPress Clickbank WordPress Plugin (Niche Storefront) plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) to Stored XSS vul... |
| CVE-2025-48357 | WordPress Century ToolKit plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Activation vulnerability |
| CVE-2025-50179 | Tuleap missing CSRF protection on tracker reports manipulation |
| CVE-2025-5019 | Hive Support <= 1.2.4 - Cross-Site Request Forgery via hs_update_ai_chat_settings Function |
| CVE-2025-5033 | XiaoBingby TeaCMS addUser cross-site request forgery |
| CVE-2025-5132 | Tmall Demo logout cross-site request forgery |
| CVE-2025-5142 | Simple Page Access Restriction <= 1.0.31 - Cross-Site Request Forgery via Multiple Parameters |
| CVE-2025-5185 | Summer Pearl Group Vacation Rental Management Platform cross-site request forgery |
| CVE-2025-52463 | Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earlier. If this vulnerability... |
| CVE-2025-52711 | WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Cross Site Request Forgery (CSRF... |
| CVE-2025-52765 | WordPress NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52767 | WordPress NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53095 | Sunshine application-wide CSRF in the UI leads to command injection as Administrator |
| CVE-2025-53193 | WordPress Burst Statistics plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53197 | WordPress Cookiebot plugin <= 4.5.8 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53203 | WordPress WooCommerce PDF Invoice Builder plugin <= 1.2.148 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53219 | WordPress WP-Database-Optimizer-Tools Plugin <= 0.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49069 | WordPress Contact Forms by Cimatti plugin <= 1.9.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-49077 | WordPress Dynamic Pricing and Discount Rules plugin <= 2.2.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-52769 | WordPress flexo-social-gallery Plugin <= 1.0006 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52772 | WordPress Virtual Moderator plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52780 | WordPress Logo Manager For Samandehi plugin <= 0.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52781 | WordPress TinyNav plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52783 | WordPress Change Cart button Colors WooCommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52784 | WordPress Bluff Post plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52789 | WordPress Lewe ChordPress plugin <= 3.9.7 - Cross Site Request Forgery (CSRF) to Stored XSS Vulnerability |
| CVE-2025-52790 | WordPress WP-DownloadCounter plugin <= 1.01 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52791 | WordPress Knowledge Base – Knowledge Base Maker plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52792 | WordPress WP User Stylesheet Switcher plugin <= v2.2.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52793 | WordPress Esselink.nu Settings plugin <= 2.94 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-20195 | A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacke... |
| CVE-2025-20228 | Maintenance mode state change of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF) in Splunk Enterpri... |
| CVE-2025-2111 | WP Headers And Footers <= 3.1.1 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2025-53262 | WordPress Writesonic plugin <= 1.0.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53263 | WordPress Address Autocomplete via Google for Gravity Forms plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53264 | WordPress ONet Regenerate Thumbnails plugin <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53265 | WordPress Virusdie plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53267 | WordPress Hide Admin Bar From Front End plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53268 | WordPress Import external attachments plugin <= 1.5.12 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53269 | WordPress My Wp Brand plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53270 | WordPress CTA plugin <= 1.6.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53271 | WordPress Additional Order Filters for WooCommerce plugin <= 1.22 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53272 | WordPress Image Cleanup plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53273 | WordPress Slickstream plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53274 | WordPress WP Permalink Translator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53277 | WordPress IS-theme-companion plugin <= 1.57 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53305 | WordPress WP Forum Server plugin <= 1.8.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53308 | WordPress Image Slider With Description plugin <= 9.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53310 | WordPress HidePost plugin <= 2.3.8 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53311 | WordPress Navayan Subscribe plugin <= 1.13 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53312 | WordPress OnionBuzz plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53313 | WordPress Twitch TV Embed Suite plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53314 | WordPress WP Optimizer plugin <= 2.3.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53315 | WordPress Relocate Upload plugin <= 0.24.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53316 | WordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53317 | WordPress WPShapere Lite plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53327 | WordPress Aioseo Multibyte Descriptions plugin <= 0.0.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48359 | WordPress ATT YouTube Widget plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48362 | WordPress Hesabfa Accounting plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-48363 | WordPress Popup for CF7 with Sweet Alert plugin <= 1.6.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-5410 | Mist Community Edition middleware.py session_start_response cross-site request forgery |
| CVE-2025-54174 | Cross-Site Request Forgery in QuickCMS |
| CVE-2025-53329 | WordPress Społecznościowa 6 PL 2013 plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53331 | WordPress RSS Digest plugin <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53332 | WordPress Track Everything plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53338 | WordPress re.place plugin <= 0.2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53344 | WordPress Thim Core Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53347 | WordPress Kalium Theme plugin <= 3.18.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53451 | WordPress Mihdan: No External Links Plugin <= 5.1.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53456 | WordPress SEO Backlink Monitor Plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53483 | SecurePoll: Multiple admin actions vulnerable to Cross-Site Request Forgery |
| CVE-2025-54010 | WordPress FluentSnippets plugin <= 10.50 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54020 | WordPress AntiSpam for Contact Form 7 plugin <= 0.6.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54022 | WordPress Coupon Affiliates plugin <= 6.4.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54030 | WordPress WooCommerce Google Sheet Connector plugin <= 1.3.20 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54033 | WordPress Theme Builder For Elementor plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53249 | WordPress Build App Online Plugin <= 1.0.23 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53254 | WordPress Cyrlitera plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53261 | WordPress WP YouTube Live plugin <= 1.10.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53540 | CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution |
| CVE-2025-53568 | WordPress Radio Station plugin <= 2.5.12 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53569 | WordPress Trust Payments Gateway for WooCommerce (JavaScript Library) plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) Vul... |
| CVE-2025-53587 | WordPress Findgo Theme <= 1.3.57 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53897 | Kiteworks MFT has a Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2025-54256 | Dreamweaver Desktop | Cross-Site Request Forgery (CSRF) (CWE-352) |
| CVE-2025-54286 | CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI |
| CVE-2025-54671 | WordPress oik Plugin plugin <= 4.15.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54672 | WordPress Photo Engine Plugin plugin <= 6.4.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54673 | WordPress Chartify Plugin plugin <= 3.5.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54674 | WordPress Product Configurator for WooCommerce Plugin plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58430 | listmonk Vulnerable to CSRF to XSS Chain That Can Lead to Admin Account Takeover |
| CVE-2025-52794 | WordPress Creative Contact Form plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52795 | WordPress WP Front User Submit / Front Editor plugin <= 4.9.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52797 | WordPress StoryMap Plugin <= 2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52825 | WordPress Real Estate Manager plugin <= 7.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52841 | Laundry 2.3.0 - Account Takeover via CSRF |
| CVE-2025-54541 | Cross-Site Request Forgery in QuickCMS |
| CVE-2025-54702 | WordPress Ebook Store Plugin plugin <= 5.8013 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54703 | WordPress Integrate Google Drive Plugin plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54728 | WordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54732 | WordPress WPDM – Premium Packages Plugin <= 6.0.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54782 | @nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers |
| CVE-2025-55147 | CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R... |
| CVE-2025-5521 | WuKongOpenSource WukongCRM updataPassword cross-site request forgery |
| CVE-2025-5766 | code-projects Laundry System cross-site request forgery |
| CVE-2025-58199 | WordPress Fastly Plugin <= 1.2.28 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58200 | WordPress Flexible FAQ Plugin <= 0.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58202 | WordPress Simple Page Access Restriction Plugin <= 1.0.32 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58217 | WordPress Instant Breaking News Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58219 | WordPress Show Pages List Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58224 | WordPress Printeers Print & Ship Plugin <= 1.17.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58236 | WordPress Force Update Translations Plugin <= 0.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58244 | WordPress Constructo Theme <= 4.3.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58250 | WordPress Findgo Theme <= 1.3.55 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58255 | WordPress Custom Post Type Images Plugin <= 0.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58259 | WordPress Nokri Theme <= 1.6.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58261 | WordPress Mavis HTTPS to HTTP Redirection Plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58262 | WordPress Sweet Energy Efficiency Plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58267 | WordPress Stock Message Plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54675 | WordPress YITH WooCommerce Popup Plugin plugin <= 1.48.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54682 | WordPress Connector for Gravity Forms and Google Sheets Plugin plugin <= 1.2.4 - Cross Site Request Forgery (CSRF) Vulnerabil... |
| CVE-2025-54694 | WordPress Button Block Plugin plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-5732 | code-projects Traffic Offense Reporting System cross-site request forgery |
| CVE-2025-57960 | WordPress Travel Map Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57970 | WordPress SALESmanago Plugin <= 3.8.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57977 | WordPress Flexible PDF Invoices for WooCommerce & WordPress Plugin <= 6.0.13 - Cross Site Request Forgery (CSRF) Vulnerabilit... |
| CVE-2025-57978 | WordPress Advanced Appointment Booking & Scheduling Plugin <= 1.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57983 | WordPress BP Disable Activation Reloaded Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57992 | WordPress Mail Baby SMTP Plugin <= 2.8 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58010 | WordPress SV Proven Expert Plugin <= 2.0.06 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58013 | WordPress CouponXxL Theme <= 4.5.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58014 | WordPress Quiz Maker Plugin <= 6.7.0.61 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58032 | WordPress WP Compiler Plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58939 | WordPress Super Store Finder plugin <= 7.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-54035 | WordPress Newsletters plugin <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54036 | WordPress Webba Booking plugin <= 5.1.20 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54038 | WordPress Restaurant Menu by MotoPress plugin <= 2.4.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54039 | WordPress Animator plugin <= 3.0.16 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54041 | WordPress Wallet System for WooCommerce plugin <= 2.6.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54042 | WordPress WP Post Hide plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54052 | WordPress Realtyna Organic IDX plugin <= 5.0.0 - Local File Inclusion Vulnerability |
| CVE-2025-55057 | Multiple CWE-352 Cross-Site Request Forgery (CSRF) |
| CVE-2025-55744 | UnoPim vulnerable to CSRF on Product edit feature and creation of other types |
| CVE-2025-55758 | Extension - jdownloads.com - CSRF vectors in jDownloads component 1.0.0 - 4.0.47 for Joomla |
| CVE-2025-57885 | WordPress Fluent Support Plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57892 | WordPress Simple Statistics for Feeds Plugin <= 20250322 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57893 | WordPress WP Fast Total Search Plugin <= 1.79.270 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57895 | WordPress JobWP Plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57902 | WordPress RIS Version Switcher – Downgrade or Upgrade WP Versions Easily Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vu... |
| CVE-2025-57905 | WordPress AgreeMe Checkboxes For WooCommerce Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57914 | WordPress Deliver via Shipos for WooCommerce Plugin <= 3.0.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57915 | WordPress TOCHAT.BE Plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57918 | WordPress LinkedInclude Plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57924 | WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57927 | WordPress Dashboard Notepad Plugin <= 1.42 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57930 | WordPress Double the Donation Plugin <= 2.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57931 | WordPress Popup box plugin <= 5.5.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-57933 | WordPress Piotnet Forms Plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57934 | WordPress LWS Affiliation Plugin <= 2.3.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57942 | WordPress Emergency Password Reset Plugin <= 9.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57946 | WordPress payOS Plugin <= 1.0.61 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58657 | WordPress Grid Plugin <= 2.3.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58670 | WordPress WP Content Protection Plugin <= 1.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58675 | WordPress Interact: Embed A Quiz On Your Site Plugin <= 3.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58676 | WordPress HORIZONTAL SLIDER Plugin <= 2.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58677 | WordPress ShrinkTheWeb (STW) Website Previews Plugin <= 2.8.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58687 | WordPress Current Age Plugin Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58688 | WordPress Casengo Live Chat Support Plugin <= 2.1.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58690 | WordPress Doliconnect Plugin <= 9.5.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58792 | WordPress Authors List Plugin <= 2.0.6.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58794 | WordPress Notification for Telegram Plugin <= 3.4.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58798 | WordPress BCM Duplicate Menu Plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58799 | WordPress Custom WooCommerce Checkout Fields Editor Plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58800 | WordPress WP Email Template Plugin <= 2.8.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58801 | WordPress Responder Plugin <= 4.3.8 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58802 | WordPress TrustMate.io – WooCommerce integration Plugin <= 1.14.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58268 | WordPress WPMK PDF Generator Plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58270 | WordPress NIX Anti-Spam Light Plugin <= 0.0.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58272 | Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a mal... |
| CVE-2025-58831 | WordPress Parallax Scrolling Enllax.js Plugin <= 0.0.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58833 | WordPress Invelity MyGLS connect Plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58843 | WordPress Auto Last Youtube Video Plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58844 | WordPress Database to Excel Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58845 | WordPress Bulk Watermark Plugin <= 1.6.10 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58846 | WordPress WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule Plugin <= 2020.1.0 -... |
| CVE-2025-58847 | WordPress WN Flipbox Pro Plugin <= 2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58848 | WordPress WP likes Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58849 | WordPress Hide Real Download Path Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-5885 | Konica Minolta bizhub cross-site request forgery |
| CVE-2025-58852 | WordPress MSTW League Manager Plugin <= 2.10 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58853 | WordPress Popping Sidebars and Widgets Light Plugin <= 1.27 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58854 | WordPress Ultimate AJAX Login Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58856 | WordPress Woocommerce Notify Updated Product Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58859 | WordPress Add to Feedly Plugin <= 1.2.11 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58860 | WordPress Enable Latex Plugin <= 1.2.16 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58861 | WordPress Quick Event Calendar Plugin <= 1.4.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58865 | WordPress Compact Admin Plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58869 | WordPress SimaCookie Plugin <= 1.3.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58878 | WordPress Woocommerce Gifts Product Plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-5888 | jsnjfz WebStack-Guns cross-site request forgery |
| CVE-2025-58914 | WordPress Di Themes Demo Site Importer plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Plugin Activation vulnerability |
| CVE-2025-58918 | WordPress Entrada theme <= 5.7.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-58956 | WordPress WP Attractive Donations System Plugin < 1.29 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58975 | WordPress Advanced Settings Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58991 | WordPress WooCommerce Booking Bundle Hours Plugin <= 0.7.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58997 | WordPress Mow Theme <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58999 | WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Cross Site Request Forgery (CSRF)... |
| CVE-2025-5900 | Tenda AC9 cross-site request forgery |
| CVE-2025-59009 | WordPress Listify theme <= 3.2.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-5924 | WP Firebase Push Notification <= 1.2.0 - Cross-Site Request Forgery to Broadcast Notification |
| CVE-2025-5925 | Bunny’s Print CSS <= 0.95 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-5926 | Link Shield <= 0.5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-5928 | WP Sliding Login/Dashboard Panel <= 2.1.1 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-5930 | WP2HTML <= 1.0.2 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-5932 | Homerunner <= 1.0.29 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-5933 | RD Contacto <= 1.4 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-5936 | VR Calendar <= 2.4.7 - Cross-Site Request Forgery to Calendar Sync |
| CVE-2025-5937 | MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet <= 3.2.0 - Cross-Site Request Forgery to Set... |
| CVE-2025-5938 | Digital Marketing and Agency Templates Addons for Elementor <= 1.1.1 - Cross-Site Request Forgery to Import |
| CVE-2025-59428 | EspoCRM allows arbitrary user creation via stored SVG injection and CSRF |
| CVE-2025-59480 | Inadequate validation of SSO redirect credentials permits credential theft |
| CVE-2025-59568 | WordPress Zoho Flow Plugin <= 2.14.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-59572 | WordPress WorkScout-Core Plugin < 1.7.06 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-6001 | VirtueMart - Cross Site Request Forgery (CSRF) |
| CVE-2025-60075 | WordPress hpb seo plugin for WordPress plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-60093 | WordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60111 | WordPress Javo Core Plugin <= 3.0.0.266 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60113 | WordPress Groovy Menu Plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60115 | WordPress Instapage Plugin Plugin <= 3.5.12 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60117 | WordPress Vehica Core Plugin <= 1.0.100 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60132 | WordPress Video Blogster Lite Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-59845 | Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass |
| CVE-2025-5988 | Aap-gateway: csrf origin checking is disabled |
| CVE-2025-59949 | FreshRSS has Logout CSRF that Leads to DoS via <track src> |
| CVE-2025-60168 | WordPress HotelRunner Booking Widget Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60169 | WordPress W3SCloud Contact Form 7 to Zoho CRM Plugin <= 3.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60170 | WordPress HTACCESS IP Blocker Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60171 | WordPress Conditional Cart Messages for WooCommerce – YourPlugins.com Plugin <= 1.2.10 - Cross Site Request Forgery (CSRF) Vu... |
| CVE-2025-60172 | WordPress Flytedesk Digital Plugin <= 20181101 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60173 | WordPress GST for WooCommerce Plugin <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60208 | WordPress Advanced Custom Fields : CPT Options Pages plugin <= 2.0.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-6041 | yContributors <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-6053 | Zuppler Online Ordering <= 2.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-6054 | YANewsflash <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-58469 | QuLog Center |
| CVE-2025-58804 | WordPress WooCommerce Single Page Checkout Plugin <= 1.2.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58806 | WordPress WordPress Error Monitoring by Bugsnag Plugin <= 1.6.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58807 | WordPress Purge Varnish Cache Plugin <= 2.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58809 | WordPress To Lead For Salesforce Plugin <= 2.7.3.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58818 | WordPress Developer Tools Blocker Plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-59110 | Cross-Site Request Forgery in Windu CMS |
| CVE-2025-59112 | Cross-Site Request Forgery in Windu CMS |
| CVE-2025-59114 | Cross-Site Request Forgery in Windu CMS |
| CVE-2025-59130 | WordPress Appointify plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-59131 | WordPress WP-CalDav2ICS plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-59132 | WordPress Duplicate Content Cure plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-59137 | WordPress Behance Portfolio Manager plugin <= 1.7.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62245 | Cross-site request forgery (CSRF) vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through... |
| CVE-2025-60134 | WordPress WP Media Categories Plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60137 | WordPress Post Featured Video Plugin <= 1.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60139 | WordPress Sendle Shipping Plugin <= 6.02 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60145 | WordPress Lenix scss compiler Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60156 | WordPress AR For WordPress Plugin <= 7.98 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60164 | WordPress NewsmanApp Plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-61604 | WeGIA: Cross-Site Request Forgery (CSRF) Vulnerability in `control.php` Endpoint |
| CVE-2025-61930 | Emlog Pro has CSRF issue that Enables Admin Password Reset |
| CVE-2025-62005 | WordPress SUMO Memberships for WooCommerce plugin < 7.8.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62009 | WordPress UPC/EAN/GTIN Code Generator plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62061 | WordPress Product Catalog Simple plugin <= 1.8.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62080 | WordPress Live Shopping & Shoppable Videos For WooCommerce plugin <= 2.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62084 | WordPress iNext Woo Pincode Checker plugin <= 2.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62089 | WordPress Mergado Pack plugin <= 4.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62101 | WordPress Pardakht Delkhah plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62102 | WordPress DoFollow Case by Case plugin <= 3.5.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62103 | WordPress Media Library File Download plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62107 | WordPress Feather Login Page plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62112 | WordPress Import into Easy Property Listings plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62113 | WordPress Co-marquage service-public.fr plugin <= 0.5.77 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62117 | WordPress EasyIndex plugin <= 1.1.1704 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62120 | WordPress OpenHook plugin <= 4.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62123 | WordPress WP Gmail SMTP plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62133 | WordPress FormFacade plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62134 | WordPress Contact Form Widget plugin <= 1.5.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-6214 | Omnishop <= 1.0.9 - Cross-Site Request Forgery to Arbitrary User Deletion via /users/delete REST Endpoint |
| CVE-2025-62148 | WordPress Robots.txt rewrite plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-6055 | Zen Sticky Social <= 0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-6059 | Seraphinite Accelerator <= 2.27.21 - Cross-Site Request Forgery to Multiple Administrative Actions |
| CVE-2025-6062 | Yougler Blogger Profile Page <= v1.01 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-6063 | XiSearch bar <= 2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-6064 | WP URL Shortener <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-6105 | jflyfox jfinal_cms HOME.java cross-site request forgery |
| CVE-2025-6106 | WuKongOpenSource WukongCRM AdminRoleController.java cross-site request forgery |
| CVE-2025-62497 | Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially cra... |
| CVE-2025-62593 | Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack |
| CVE-2025-62733 | WordPress Custom Sidebars by ProteusThemes plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62734 | WordPress Media Library Downloader plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62739 | WordPress Add Custom Codes plugin <= 4.80 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62762 | WordPress SMTP Mail plugin <= 1.3.47 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62771 | Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks. |
| CVE-2025-58576 | Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to... |
| CVE-2025-58611 | WordPress Tickera Plugin <= 3.5.5.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-64357 | WordPress Advanced Database Cleaner plugin <= 3.1.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64368 | WordPress Bard theme <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62258 | CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.... |
| CVE-2025-62346 | HCL Glovius Cloud is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62687 | Cross-site request forgery vulnerability exists in LogStare Collector. If a user views a crafted page while logged, unintende... |
| CVE-2025-62933 | WordPress Awesome Testimonials plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62934 | WordPress WP Business Hours plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62945 | WordPress Did Prestashop Display plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62950 | WordPress Contest Gallery plugin <= 28.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62956 | WordPress Reloadly plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62957 | WordPress NikanWP WooCommerce Reporting plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62958 | WordPress Simple Content Templates for Blog Posts & Pages plugin <= 2.2.61 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62962 | WordPress CloudSearch plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62975 | WordPress Raychat plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62986 | WordPress FanBridge signup plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62992 | WordPress Everest Backup plugin <= 2.3.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-63012 | WordPress WP Hotel Booking plugin <= 2.2.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-63014 | WordPress Gmedia Photo Gallery plugin <= 1.24.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-65027 | RomM Chained XSS and CSRF Vulnerabilities Enable Admin Account Takeover |
| CVE-2025-62190 | CSRF Allows Call Initiation and Message Delivery |
| CVE-2025-63040 | WordPress Post Snippets plugin <= 4.0.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-63060 | WordPress Kallyas theme <= 4.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-6341 | code-projects School Fees Payment System cross-site request forgery |
| CVE-2025-64117 | Tuleap missing CSRF protection in the management of SVN commit rules and immutable tags |
| CVE-2025-64166 | Mercurius: Incorrect Content-Type parsing can lead to CSRF attack |
| CVE-2025-64201 | WordPress PowerPress Podcasting plugin <= 11.13.12 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64226 | WordPress Stockie Extra plugin <= 1.2.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64237 | WordPress Quick Interest Slider plugin <= 3.1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64239 | WordPress RTL Tester plugin <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64240 | WordPress Freshchat plugin <= 2.3.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64256 | WordPress Simple Folio plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64262 | WordPress Auto Prune Posts plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64271 | WordPress WP Plugin Manager plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64286 | WordPress WP Rentals theme <= 3.13.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64288 | WordPress Premmerce plugin <= 1.3.19 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62797 | CSRF in FluxCP account endpoints allows account takeover / state-changing actions |
| CVE-2025-6284 | PHPGurukul Car Rental Portal cross-site request forgery |
| CVE-2025-62866 | WordPress Auto Alt Text plugin <= 2.5.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62871 | WordPress Just TinyMCE Custom Styles plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62872 | WordPress Social Photo Fetcher plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62873 | WordPress WP Flashy Marketing Automation plugin <= 2.0.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62880 | WordPress Custom 404 Pro plugin <= 3.12.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62886 | WordPress Pricing Table builder plugin <= 1.5.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62890 | WordPress Premmerce Brands for WooCommerce plugin <= 1.2.13 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62891 | WordPress Off-Canvas Sidebars & Menus (Slidebars) plugin <= 0.5.8.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62896 | WordPress Multilang Contact Form plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64482 | Tuleap missing CSRF protections in the File Release System |
| CVE-2025-64498 | Tuleap has a Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64499 | Tuleap is missing CSRF protections for its planning management API |
| CVE-2025-6476 | SourceCodester Gym Management System cross-site request forgery |
| CVE-2025-65107 | Langfuse SSO Account Takeover via CSRF or phishing attack |
| CVE-2025-68529 | WordPress WP Email Capture plugin <= 3.12.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-68567 | WordPress My auctions allegro plugin <= 3.6.32 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-68573 | WordPress Simple Keyword to Link plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-68580 | WordPress Advanced Classifieds & Directory Pro plugin <= 3.2.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-68583 | WordPress Fast User Switching plugin <= 1.4.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-68584 | WordPress Vimeotheque plugin <= 2.3.5.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64290 | WordPress Premmerce Product Search for WooCommerce plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-66061 | WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-66064 | WordPress Giveaways and Contests by RafflePress plugin <= 1.12.20 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-66097 | WordPress I Order Terms plugin <= 1.5.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67465 | WordPress Simple Link Directory plugin <= 8.8.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67467 | WordPress GiveWP plugin <= 4.13.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67469 | WordPress PDF Thumbnail Generator plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67471 | WordPress Quick Contact Form plugin <= 8.2.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67472 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Cross Site Request Forgery (CSRF) vul... |
| CVE-2025-67473 | WordPress CWW Companion plugin <= 1.3.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67534 | WordPress Rencontre plugin <= 3.13.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-68082 | WordPress Semrush Content Toolkit plugin <= 1.1.32 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-68083 | WordPress Meks Quick Plugin Disabler plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-68158 | Authlib: 1-click Account Takeover |
| CVE-2025-6864 | SeaCMS admin_type.php cross-site request forgery |
| CVE-2025-6865 | DaiCuo index cross-site request forgery |
| CVE-2025-68601 | WordPress Five Star Restaurant Reservations plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-7202 | Cross-Site Request Forgery (CSRF) allowed remote control of Elgato Key Lights |
| CVE-2025-64760 | Tuleap has missing CSRF protections in its tracker trigger management system |
| CVE-2025-6478 | CodeAstro Expense Management System cross-site request forgery |
| CVE-2025-66407 | Weblate has Server-Side Request Forgery vulnerability |
| CVE-2025-66529 | WordPress Chartify plugin <= 3.6.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-66531 | WordPress Salon booking system plugin <= 10.30.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67590 | WordPress Ultimate FAQ plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67591 | WordPress JNews Paywall plugin < 12.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67593 | WordPress UsersWP plugin <= 1.2.48 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67595 | WordPress Quiz Maker plugin <= 6.7.0.82 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67596 | WordPress Business Directory plugin <= 6.4.19 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67598 | WordPress SupportCandy plugin <= 3.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67622 | WordPress Evergreen Post Tweeter plugin <= 1.8.9 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-67625 | WordPress Trade Runner plugin <= 3.14 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67626 | WordPress WP SEO Search plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67646 | TableProgressTracking's missing CSRF protection allows unauthorized state changes |
| CVE-2025-6781 | Copymatic – AI Content Writer & Generator <= 2.1 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-69021 | WordPress Popup box plugin <= 6.0.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-7052 | LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function |
| CVE-2025-63030 | WordPress New User Approve plugin <= 3.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-6459 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Cross-Site Request Forgery to PHP Code Injection in bs... |
| CVE-2025-64700 | Cross-site request forgery vulnerability exists in GROWI v7.3.3 and earlier. If a user views a malicious page while logged in... |
| CVE-2025-65962 | Tuleap has missing CSRF protections its in tracker field dependencies |
| CVE-2025-66595 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to Cros... |
| CVE-2025-66629 | HedgeDoc is missing state parameter in OAuth2 flows could lead to CSRF |
| CVE-2025-6664 | CodeAstro Patient Record Management System cross-site request forgery |
| CVE-2025-6670 | Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services |
| CVE-2025-6790 | QSM < 10.2.3 - Template Creation via CSRF |
| CVE-2025-68434 | opensourcepos has Cross-Site Request Forgery vulnerability that leads to Unauthorized Administrator Creation |
| CVE-2025-68481 | FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO |
| CVE-2025-68998 | WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-69238 | Cross-Site Request Forgery in Raytha CMS |
| CVE-2025-7133 | CodeAstro Online Movie Ticket Booking System cross-site request forgery |
| CVE-2025-7330 | Rockwell Automation 1783-NATR Cross-Site Request Forgery Vulnerability |
| CVE-2025-7369 | Shortcodes Ultimate <= 7.4.2 - Cross-Site Request Forgery to Arbitrary Shortcode Execution |
| CVE-2025-7379 | A security bypass vulnerability was found in DataSync Center installed on ADM |
| CVE-2025-7834 | PHPGurukul Complaint Management System cross-site request forgery |
| CVE-2025-7835 | iThoughts Advanced Code Editor <= 1.2.10 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-7839 | Restore Permanently delete Post or Page Data <= 1.0 - Cross-Site Request Forgery |
| CVE-2025-7841 | Sertifier Certificate & Badge Maker for WordPress – Tutor LMS <= 1.19 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-7842 | Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion |
| CVE-2025-8102 | Easy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_... |
| CVE-2025-8103 | WPeMatico RSS Feed Fetcher <= 2.8.7 - Cross-Site Request Forgery to Plugin Deactivation via handle_feedback_submission Functi... |
| CVE-2025-8104 | Memory Usage <= 3.98 - Cross-Site Request Forgery to Limited Plugin Installation via wpmemory_install_plugin Function |
| CVE-2025-8119 | Cross-Site Request Forgery in PAD CMS |
| CVE-2025-8335 | code-projects Simple Car Rental System cross-site request forgery |
| CVE-2025-8383 | Depicter <= 4.0.4 - Cross-Site Request Forgery |
| CVE-2025-8592 | Inspiro <= 2.1.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation |
| CVE-2025-8606 | GSheetConnector For Gravity Forms <= 1.3.23 - Cross-Site Request Forgery to Arbitrary Plugin Activation/Deactivation |
| CVE-2025-7078 | 07FLYCMS/07FLY-CMS/07FlyCRM cross-site request forgery |
| CVE-2025-7667 | Restrict File Access <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion |
| CVE-2025-7668 | Linux Promotional Plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7669 | Avishi WP PayPal Payment Button <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7683 | LatestCheckins <= 1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7684 | Last.fm Recent Album Artwork <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7685 | Like & Share My Site <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7686 | weichuncai(WP伪春菜) <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7687 | Latest Post Accordian Slider <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7688 | Add User Meta <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7690 | Affiliate Plus <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-8223 | jerryshensjf JPACookieShop 蛋糕商城JPA版 AdminTypeCustController.java cross-site request forgery |
| CVE-2025-8479 | Zoho Flow <= 2.14.1 - Cross-Site Request Forgery |
| CVE-2025-8481 | Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid <= 1.1.7 - Cross-Site Request Forgery |
| CVE-2025-8491 | Easy restaurant menu manager <= 2.0.2 - Cross-Site Request Forgery to Menu Upload |
| CVE-2025-8505 | 495300897 wx-shop cross-site request forgery |
| CVE-2025-8814 | atjiu pybbs CookieUtil.java setCookie cross-site request forgery |
| CVE-2025-8992 | mtons mblog cross-site request forgery |
| CVE-2025-9374 | Ultimate Tag Warrior Importer <= 0.2 - Cross-Site Request Forgery |
| CVE-2025-9616 | PopAd <= 1.0.4 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-9617 | Publish approval <= 1.1 - Cross-Site Request Forgery |
| CVE-2025-9618 | Related Posts Lite <= 1.12 - Cross-Site Request Forgery |
| CVE-2025-9620 | Seo Monster <= 3.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-9621 | WidgetPack Comment System <= 1.6.1 - Cross-Site Request Forgery |
| CVE-2025-9622 | WP Blast | SEO & Performance Booster <= 1.8.6 - Cross-Site Request Forgery to Cache Clearing |
| CVE-2025-9623 | Admin in English with Switch <= 1.1 - Cross-Site Request Forgery |
| CVE-2025-68885 | WordPress Custom Post Status plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-7756 | code-projects E-Commerce Site cross-site request forgery |
| CVE-2025-7812 | Video Share VOD – Turnkey Video Site Builder Script <= 2.7.6 - Cross-Site Request Forgery to Command Injection |
| CVE-2025-7965 | CBX Restaurant Booking <= 1.2.1 - Plugin Reset via CSRF |
| CVE-2025-8669 | Customify <= 0.4.11 - Cross-Site Request Forgery |
| CVE-2025-8711 | CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R... |
| CVE-2025-8739 | zhenfeng13 My-Blog save cross-site request forgery |
| CVE-2025-9213 | TextBuilder 1.0.0 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation via Account Takeover |
| CVE-2025-9880 | Side Slide Responsive Menu <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-9881 | Ultimate Blogroll <= 2.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-9882 | osTicket WP Bridge <= 1.9.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-9883 | Browser Sniff <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-9884 | Mobile Site Redirect <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-9885 | MPWizard – Create Mercado Pago Payment Links <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion |
| CVE-2025-9886 | Trinity Audio <= 5.20.2 - Cross-Site Request Forgery |
| CVE-2025-9887 | Custom Login And Signup Widget <= 1.0 - Cross-Site Request Forgery |
| CVE-2025-9888 | Maspik <= 2.5.6 - Cross-Site Request Forgery |
| CVE-2025-9889 | ContentMX Content Publisher <= 1.0.6 - Cross-Site Request Forgery |
| CVE-2025-9890 | Theme Editor <= 3.0 - Cross-Site Request Forgery to Remote Code Execution |
| CVE-2025-9891 | User Sync – Remote User Sync <= 1.0.2 - Cross-Site Request Forgery to Plugin Deactivation |
| CVE-2025-9892 | Restrict User Registration <= 1.0.1 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-9893 | VM Menu Reorder plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-9894 | Sync Feedly <= 1.0.1 - Cross-Site Request Forgery to Sync Trigger |
| CVE-2025-9895 | Notification Bar <= 2.2 - Cross-Site Request Forgery |
| CVE-2025-9896 | HidePost <= 2.3.8 - Cross-Site Request Forgery |
| CVE-2026-1377 | imwptip <= 1.1 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-9625 | Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery |
| CVE-2025-9626 | Page Blocks <= 1.1.0 - Cross-Site Request Forgery |
| CVE-2025-9627 | Run Log <= 1.7.10 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-9628 | The integration of the AMO.CRM <= 1.0.1 - Cross-Site Request Forgery |
| CVE-2025-9629 | USS Upyun <= 1.5.0 - Cross-Site Request Forgery |
| CVE-2025-9630 | WP SinoType <= 1.0 - Cross-Site Request Forgery |
| CVE-2025-9631 | AutoCatSet <= 2.1.4 - Cross-Site Request Forgery |
| CVE-2025-9632 | PhpList Subber <= 1.1 - Cross-Site Request Forgery |
| CVE-2025-9633 | LH Signing <= 2.83 - Cross-Site Request Forgery |
| CVE-2025-9634 | Plugin updates blocker <= 0.2 - Cross-Site Request Forgery |
| CVE-2025-9635 | Analytics Reduce Bounce Rate <= 2.3 - Cross-Site Request Forgery |
| CVE-2025-9747 | Koillection csrf_protection_controller.js cross-site request forgery |
| CVE-2026-1128 | WP eCommerce <= 3.15.1 - Coupon Deletion via CSRF |
| CVE-2026-1142 | PHPGurukul News Portal cross-site request forgery |
| CVE-2025-8891 | OceanWP <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation |
| CVE-2025-9944 | Professional Contact Form <= 1.0.0 - Cross-Site Request Forgery to Test Email Sending |
| CVE-2025-9945 | Optimize More! – CSS <= 1.0.3 - Cross-Site Request Forgery to Plugin Settings Reset |
| CVE-2025-9946 | LockerPress – WordPress Security Plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-9948 | Chat by Chatwee <= 2.1.3 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-9949 | Internal Links Manager <= 3.0.1 - Cross-Site Request Forgery |
| CVE-2026-0493 | Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (Intercompany Balance Reconciliation) |
| CVE-2026-0658 | Five Star Restaurant Reservations < 2.7.9 - Arbitrary Bookings Deletion via CSRF |
| CVE-2026-1051 | Newsletter – Send awesome emails from WordPress <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription |
| CVE-2026-1070 | Alex User Counter <= 6.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2026-1072 | Keybase.io Verification <= 1.4.5 - Cross-Site Request Forgery to Settings Update |
| CVE-2026-1073 | Purchase Button For Affiliate Link <= 1.0.2 - Cross-Site Request Forgery to Settings Update |
| CVE-2026-1075 | ZT Captcha <= 1.0.4 - Cross-Site Request Forgery to Settings Update |
| CVE-2026-1380 | Bitcoin Donate Button <= 1.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2026-1394 | WP Quick Contact Us <= 1.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2026-1398 | Change WP URL <= 1.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2026-1447 | Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2026-1455 | Whatsiplus Scheduled Notification for Woocommerce <= 1.0.1 - Cross-Site Request Forgery to 'wsnfw_save_users_settings' AJAX A... |
| CVE-2026-1468 | Cross-Site Request Forgery in QuickCMS |
| CVE-2026-22800 | PILOS affected by a CSRF via GET request allows unintentional termination of all active video conferences |
| CVE-2026-24365 | WordPress Stock Manager for WooCommerce plugin < 3.6.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-9897 | AP Background <= 3.8.2 - Cross-Site Request Forgery |
| CVE-2025-9898 | cForms – Light speed fast Form Builder <= 3.0.0 - Cross-Site Request Forgery |
| CVE-2025-9899 | Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms <= 1.0 - Cross-Site Request Forgery |
| CVE-2026-1208 | Friendly Functions for Welcart <= 1.2.5 - Cross-Site Request Forgery to Settings Update |
| CVE-2026-1215 | MMA Call Tracking <= 2.3.15 - Cross-Site Request Forgery to Plugin Settings Update |
| CVE-2026-1508 | Court Reservation < 1.10.9 - Event Deletion via CSRF |
| CVE-2026-1835 | lcg0124 BootDo cross-site request forgery |
| CVE-2026-1983 | SEATT: Simple Event Attendance <= 1.5.0 - Cross-Site Request Forgery to Arbitrary Event Deletion |
| CVE-2026-20704 | Cross-site request forgery vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. If a user accesses a malicious page whil... |
| CVE-2026-22355 | WordPress Simple XML Sitemap plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2026-22359 | WordPress Wordpress Movies Bulk Importer plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-22360 | WordPress SearchAzon plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-22382 | WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-23622 | CSRF Protection Bypass: Sensitive endpoints accept GET requests, enabling admin account takeover |
| CVE-2026-23694 | Aruba HiSpeed Cache < 3.0.5 CSRF in Multiple Administrative AJAX Actions |
| CVE-2026-1076 | Star Review Manager <= 1.2.2 - Cross-Site Request Forgery to Settings Update |
| CVE-2026-1081 | Set Bulk Post Categories <= 1.1 - Cross-Site Request Forgery to Bulk Post Category Update |
| CVE-2026-1082 | TITLE ANIMATOR <= 1.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2026-1085 | True Ranker <= 2.2.9 - Cross-Site Request Forgery to Unauthorized True Ranker Disconnection |
| CVE-2026-1086 | Font Pairing Preview For Landing Pages <= 1.3 - Cross-Site Request Forgery to Settings Update |
| CVE-2026-1087 | The Guardian News Feed <= 1.2 - Cross-Site Request Forgery to Settings Update |
| CVE-2026-1088 | Login Page Editor <= 1.2 - Cross-Site Request Forgery to Settings Update |
| CVE-2026-2023 | WP Plugin Info Card <= 6.2.0 - Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation |
| CVE-2026-2112 | Dam Spam <= 1.0.8 - Cross-Site Request Forgery to Arbitrary Pending Comment Deletion |
| CVE-2026-22030 | React Router has CSRF issue in Action/Server Action Request Processing |
| CVE-2026-22462 | WordPress Add Polylang support for Customizer plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-22483 | WordPress teachPress plugin <= 9.0.12 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-23950 | node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS |
| CVE-2026-24007 | Tuleap is missing CSRF protection in the Overview inconsistent items |
| CVE-2026-2410 | Disable Admin Notices – Hide Dashboard Notifications <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update |
| CVE-2026-1148 | SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System cross-site request forgery |
| CVE-2026-1153 | technical-laohu mpay cross-site request forgery |
| CVE-2026-1165 | Popup Box <= 6.1.1 - Cross-Site Request Forgery to Popup Status Change |
| CVE-2026-1169 | birkir prime cross-site request forgery |
| CVE-2026-1644 | WP Frontend Profile <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection |
| CVE-2026-1745 | SourceCodester Medical Certificate Generator App cross-site request forgery |
| CVE-2026-1785 | Code Snippets <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions |
| CVE-2026-21430 | Emlog: CSRF chained with stored XSS leads to ATO |
| CVE-2026-22194 | GestSup <= 3.2.56 CSRF Allows Privileged Actions |
| CVE-2026-22202 | wpDiscuz before 7.6.47 - Destructive GET Action Deletes All Comments by Email |
| CVE-2026-22215 | wpDiscuz before 7.6.47 - Missing CSRF Protection on wpdGetFollowsPage |
| CVE-2026-2324 | LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.7 - Cross-Site Request Forgery in Booking Form Setting... |
| CVE-2026-24521 | WordPress Kama Thumbnail plugin <= 3.5.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-24542 | WordPress WP Term Order plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-24666 | Open eClass is Vulnerable to CSRF in Teacher-Restricted Endpoints Allows Unauthorized Actions |
| CVE-2026-24885 | Kanboard Affected by Cross-Site Request Forgery (CSRF) via Content-Type Misconfiguration in Project Role Assignment |
| CVE-2026-2494 | ProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial |
| CVE-2026-24942 | WordPress WpEvently plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-24962 | WordPress Sigmize plugin <= 0.0.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-24966 | WordPress Copyscape Premium plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-24986 | WordPress Simple Membership WP user Import plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-25014 | WordPress Enter Addons plugin <= 2.3.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-25015 | WordPress UsersWP plugin <= 1.2.53 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-25024 | WordPress ThirstyAffiliates plugin <= 3.11.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-25151 | Qwik City has a CSRF Protection Bypass via Content-Type Header Validation |
| CVE-2026-25155 | [qwik-city] CSRF protection middleware does not work properly for content type header with parameters (eg. multipart/form-dat... |
| CVE-2026-25221 | PolarLearn has Multiple Login CSRFs via Missing OAuth state Parameter (GitHub & Google) |
| CVE-2026-25319 | WordPress Zita Elementor Site Library plugin <= 1.6.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-24374 | WordPress RegistrationMagic plugin <= 6.0.6.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-24384 | WordPress Merge + Minify + Refresh plugin <= 2.14 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-24408 | sigstore has CSRF possibility in OIDC authentication during signing |
| CVE-2026-24432 | Tenda W30E V2 Missing CSRF Protections for Administrative Actions |
| CVE-2026-24434 | Tenda AC7 Web Interface Lacks CSRF Protections for Admin Actions |
| CVE-2026-28281 | InstantCMS has Multiple CSRF Vulnerabilities |
| CVE-2026-29084 | Gokapi: CSRF in Login Endpoint |
| CVE-2026-29113 | Craft has a potential information disclosure vulnerability in preview tokens |
| CVE-2026-25322 | WordPress PublishPress Revisions plugin <= 3.7.22 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-25337 | WordPress Coachify theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-25649 | Traccar Vulnerable to Authorization Code Theft via Open Redirect in OIDC Provider Endpoints |
| CVE-2026-26075 | Cross-Site Request Forgery (CSRF) in FastGPT |
| CVE-2026-27050 | WordPress RealPress plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-27090 | WordPress Kenta Companion plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-27146 | GetSimple CMS: Cross-Site Request Forgery (CSRF) in File Upload Allows Arbitrary Uploads |
| CVE-2026-27741 | Bludit <= 3.16.1 CSRF in Plugin and Theme Management Endpoints |
| CVE-2026-27758 | SODOLA SL902-SWTGW124AS <= 200.1.20 Missing CSRF Protections |
| CVE-2026-28477 | OpenClaw < 2026.2.14 - OAuth State Validation Bypass in Manual Chutes Login Flow |
| CVE-2026-28495 | GetSimple CMS has CSRF to Remote Code Execution via Arbitrary PHP Write in gsconfig.php |
| CVE-2026-29784 | Ghost: Incomplete CSRF protections around OTC use |
| CVE-2026-2994 | Concrete CMS below 9.4.8 is vulnerable to CSRF by a Rogue Admin using the Anti-Spam Allowlist Group |
| CVE-2026-24549 | WordPress GeoDirectory plugin < 2.8.150 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-24596 | WordPress Related Posts Thumbnails Plugin for WordPress plugin <= 4.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-25411 | WordPress Revision Manager TMC plugin <= 2.8.22 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-25422 | WordPress Popularis Extra plugin <= 1.2.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-25812 | PlaciPy is Missing CSRF Protection on State-Changing Endpoints |
| CVE-2026-2626 | Divi Booster < 5.0.2 - Unauthenticated PHP Object Injection |
| CVE-2026-26317 | OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints |
| CVE-2026-2658 | newbee-ltd newbee-mall Multiple Endpoints cross-site request forgery |
| CVE-2026-27513 | Tenda F3 CSRF in Web Management Interface |
| CVE-2026-27518 | Binardat 10G08-0800GSM Network Switch CSRF |
| CVE-2026-27589 | Caddy vulnerable to cross-origin config application via local admin API /load (caddy) |
| CVE-2026-27609 | Parse Dashboard Missing CSRF Protection on Agent Endpoint |
| CVE-2026-27632 | Talishar Vulnerable to Cross-Site Request Forgery (CSRF) |
| CVE-2026-30793 | RustDesk Flutter URI Handler Sets Permanent Password Without Privilege Check or User Confirmation |
| CVE-2026-30868 | Cross-Site Request Forgery (CSRF) in opnsense/core |
| CVE-2026-3193 | Chia Blockchain send_transaction cross-site request forgery |
| CVE-2026-31954 | Emlog asynchronous media file deletion missing CSRF protection |
| CVE-2026-32456 | WordPress Admin Menu Editor plugin <= 1.14.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-3589 | WooCommerce < 10.5.3 - Arbitrary Admin User Creation via CSRF |
| CVE-2026-3770 | SourceCodester Computer Laboratory Management System cross-site request forgery |
| CVE-2026-32328 | WordPress Lemmony theme < 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-32330 | WordPress Photo Gallery by 10Web plugin <= 1.8.37 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-32342 | WordPress Quiz Maker plugin <= 6.7.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-32343 | WordPress Easy Table of Contents plugin <= 2.0.80 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-32344 | WordPress Corpiva theme <= 1.0.96 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-32420 | WordPress GamiPress plugin <= 7.6.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-32443 | WordPress Product Feed PRO for WooCommerce plugin <= 13.5.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2026-3903 | Modular Connector <= 2.5.1 - Cross-Site Request Forgery via postConfirmOauth |
НКЦКИ уязвимости
Бюллетени НКЦКИ - уязвимости ПО
| Идентификатор | Дата бюллетеня | Описание |
|---|---|---|
| VULN:20240209-7 | 09.02.2024 | Подделка запросов на стороне сервера в Expressway Series |
| VULN:20240209-8 | 09.02.2024 | Подделка запросов на стороне сервера в Expressway Series |
| VULN:20240209-9 | 09.02.2024 | Подделка запросов на стороне сервера в Expressway Series |
| VULN:20240503-16 | 03.05.2024 | Межсайтовый скриптинг в Nexus Dashboard |
| VULN:20241111-4 | 11.11.2024 | Межсайтовый скриптинг в File Manager Pro plugin for WordPress |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.