Total
8611 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1036 | 1 Drupal | 2 Drupal, Plus1 | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI. | ||||
| CVE-2024-2110 | 1 Pixelite | 1 Events Manager | 2025-04-08 | 4.3 Medium |
| The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers to modify booking statuses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-44677 | 1 Eladmin | 1 Eladmin | 2025-04-08 | 9.8 Critical |
| eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component. | ||||
| CVE-2023-7203 | 1 Rednao | 1 Smart Forms | 2025-04-08 | 6.1 Medium |
| The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as deleting entries. | ||||
| CVE-2024-1306 | 1 Rednao | 1 Smart Forms | 2025-04-08 | 5.4 Medium |
| The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk. | ||||
| CVE-2025-32278 | 2025-04-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wprio Table Block by RioVizual allows Cross Site Request Forgery. This issue affects Table Block by RioVizual: from n/a through 2.1.7. | ||||
| CVE-2025-32276 | 2025-04-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Quý Lê 91 Administrator Z allows Cross Site Request Forgery. This issue affects Administrator Z: from n/a through 2025.03.04. | ||||
| CVE-2025-32264 | 2025-04-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam UltraAddons Elementor Lite allows Cross Site Request Forgery. This issue affects UltraAddons Elementor Lite: from n/a through 2.0.0. | ||||
| CVE-2025-32263 | 2025-04-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in BeRocket Sequential Order Numbers for WooCommerce allows Cross Site Request Forgery. This issue affects Sequential Order Numbers for WooCommerce: from n/a through 3.6.2. | ||||
| CVE-2025-32261 | 2025-04-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Kuppuraj Advanced All in One Admin Search by WP Spotlight allows Cross Site Request Forgery. This issue affects Advanced All in One Admin Search by WP Spotlight: from n/a through 1.1.1. | ||||
| CVE-2025-3064 | 2025-04-08 | 8.8 High | ||
| The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelist_options() function. This makes it possible for unauthenticated attackers to update the default role option that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances. | ||||
| CVE-2022-46368 | 1 Maxum | 1 Rumpus | 2025-04-08 | 6.8 Medium |
| Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users. | ||||
| CVE-2022-46367 | 1 Maxum | 1 Rumpus | 2025-04-08 | 6.8 Medium |
| Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation. | ||||
| CVE-2024-27474 | 1 Leantime | 1 Leantime | 2025-04-08 | 8.8 High |
| Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators. | ||||
| CVE-2024-22721 | 1 Formtools | 1 Form Tools | 2025-04-08 | 6.3 Medium |
| Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link. | ||||
| CVE-2024-25572 | 2 Ninjaforms, Saturday Drive | 2 Ninja Forms, Ninja Forms | 2025-04-08 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed. | ||||
| CVE-2023-22852 | 1 Tiki | 1 Tiki | 2025-04-07 | 6.5 Medium |
| Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php. | ||||
| CVE-2022-43719 | 1 Apache | 1 Superset | 2025-04-07 | 8.8 High |
| Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | ||||
| CVE-2025-30908 | 2025-04-07 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Shamalli Web Directory Free allows Stored XSS. This issue affects Web Directory Free: from n/a through 1.7.6. | ||||
| CVE-2025-32113 | 2025-04-07 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Renzo Tejada Libro de Reclamaciones y Quejas allows Cross Site Request Forgery. This issue affects Libro de Reclamaciones y Quejas: from n/a through 0.9. | ||||