Total
8498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60134 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 5.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Media Categories wp-media-categories allows Cross Site Request Forgery.This issue affects WP Media Categories: from n/a through <= 2.1.0. | ||||
| CVE-2025-60132 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Stored XSS.This issue affects Video Blogster Lite: from n/a through <= 1.2. | ||||
| CVE-2025-58939 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in highwarden Super Store Finder superstorefinder-wp allows Cross Site Request Forgery.This issue affects Super Store Finder: from n/a through <= 7.5. | ||||
| CVE-2025-53316 | 2 Shahjahan Jewel, Wordpress | 2 Wp Gdpr Cookie Consent, Wordpress | 2025-11-13 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through <= 1.0.0. | ||||
| CVE-2025-49373 | 2 Evergreencontentposter, Wordpress | 2 Evergreen Content Poster, Wordpress | 2025-11-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster allows Cross Site Request Forgery.This issue affects Evergreen Content Poster: from n/a through <= 1.4.5. | ||||
| CVE-2025-48099 | 2 Codeamp, Wordpress | 2 Search & Filter, Wordpress | 2025-11-13 | 4.7 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Code Amp Search & Filter search-filter allows Cross Site Request Forgery.This issue affects Search & Filter: from n/a through <= 1.2.17. | ||||
| CVE-2025-48085 | 2 Wordpress, Zipang | 2 Wordpress, Simple Stripe | 2025-11-13 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in ZIPANG Simple Stripe simple-stripe allows Stored XSS.This issue affects Simple Stripe: from n/a through <= 0.9.17. | ||||
| CVE-2025-48083 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through <= 0.5. | ||||
| CVE-2025-48078 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through <= 0.3. | ||||
| CVE-2025-48077 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through <= 1.0. | ||||
| CVE-2025-11886 | 1 Wordpress | 1 Wordpress | 2025-11-12 | 4.3 Medium |
| The CTL Arcade Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'ctl_arcade_lite_page_manage_games' page. This makes it possible for unauthenticated attackers to deactivate and activate arbitrary plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-12589 | 1 Wordpress | 1 Wordpress | 2025-11-12 | 6.1 Medium |
| The WP-Walla plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 0.5.3.5. This is due to missing nonce verification on the settings page and insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages via a forged request granted they can trick an administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-12132 | 1 Wordpress | 1 Wordpress | 2025-11-12 | 4.3 Medium |
| The WP Custom Admin Login Page Logo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.8.4. This is due to missing or incorrect nonce validation on the wpclpl_save functionality. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-12588 | 3 Behzadrohizadeh, Woocommerce, Wordpress | 3 Usb Qr Code Scanner For Woocommerce, Woocommerce, Wordpress | 2025-11-12 | 4.3 Medium |
| The USB Qr Code Scanner For Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick an administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-35475 | 1 Openkm | 1 Openkm | 2025-11-12 | 6.4 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands. | ||||
| CVE-2025-62258 | 1 Liferay | 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more | 2025-11-10 | 6.5 Medium |
| CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to execute any Headless API via the `endpoint` parameter. | ||||
| CVE-2025-5988 | 1 Redhat | 2 Ansible Automation Platform, Ansible Automation Platform Developer | 2025-11-07 | 5.3 Medium |
| A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda. | ||||
| CVE-2020-10181 | 1 Sumavision | 2 Enhanced Multimedia Router, Enhanced Multimedia Router Firmware | 2025-11-07 | 9.8 Critical |
| goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request. | ||||
| CVE-2025-12479 | 2 Azure-access, Azure Access Technology | 6 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 3 more | 2025-11-07 | 8.8 High |
| Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | ||||
| CVE-2025-12221 | 3 Azure-access, Azure Access Technology, Busybox | 7 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 4 more | 2025-11-07 | 8.8 High |
| Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | ||||