Total
8066 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58859 | 2025-09-05 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Add to Feedly allows Stored XSS. This issue affects Add to Feedly: from n/a through 1.2.11. | |||||
| CVE-2025-58856 | 2025-09-05 | N/A | 6.5 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ablancodev Woocommerce Notify Updated Product allows Stored XSS. This issue affects Woocommerce Notify Updated Product: from n/a through 1.6. | |||||
| CVE-2025-58802 | 2025-09-05 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in michalzagdan TrustMate.io – WooCommerce integration allows Cross Site Request Forgery. This issue affects TrustMate.io – WooCommerce integration: from n/a through 1.14.0. | |||||
| CVE-2025-58800 | 2025-09-05 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Steve Truman WP Email Template allows Cross Site Request Forgery. This issue affects WP Email Template: from n/a through 2.8.3. | |||||
| CVE-2025-58849 | 2025-09-05 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Deepak S Hide Real Download Path allows Stored XSS. This issue affects Hide Real Download Path: from n/a through 1.6. | |||||
| CVE-2025-58818 | 2025-09-05 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in SwiftNinjaPro Developer Tools Blocker allows Cross Site Request Forgery. This issue affects Developer Tools Blocker: from n/a through 3.2.1. | |||||
| CVE-2025-58807 | 2025-09-05 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Dsingh Purge Varnish Cache allows Stored XSS. This issue affects Purge Varnish Cache: from n/a through 2.6. | |||||
| CVE-2025-58801 | 2025-09-05 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in KCS Responder allows Cross Site Request Forgery. This issue affects Responder: from n/a through 4.3.8. | |||||
| CVE-2025-27003 | 2025-09-05 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in fullworks Quick Paypal Payments allows Cross Site Request Forgery. This issue affects Quick Paypal Payments: from n/a through 5.7.46. | |||||
| CVE-2025-58865 | 2025-09-05 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in reimund Compact Admin allows Cross Site Request Forgery. This issue affects Compact Admin: from n/a through 1.3.0. | |||||
| CVE-2025-58809 | 2025-09-05 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Nick Ciske To Lead For Salesforce allows Reflected XSS. This issue affects To Lead For Salesforce: from n/a through 2.7.3.9. | |||||
| CVE-2025-48104 | 2025-09-05 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ericzane Floating Window Music Player allows Stored XSS. This issue affects Floating Window Music Player: from n/a through 3.4.2. | |||||
| CVE-2025-58804 | 2025-09-05 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in brijrajs WooCommerce Single Page Checkout allows Cross Site Request Forgery. This issue affects WooCommerce Single Page Checkout: from n/a through 1.2.7. | |||||
| CVE-2025-58878 | 2025-09-05 | N/A | 6.5 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in usamafarooq Woocommerce Gifts Product allows Cross Site Request Forgery. This issue affects Woocommerce Gifts Product: from n/a through 1.0.0. | |||||
| CVE-2025-58806 | 2025-09-05 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in imjoehaines WordPress Error Monitoring by Bugsnag allows Stored XSS. This issue affects WordPress Error Monitoring by Bugsnag: from n/a through 1.6.3. | |||||
| CVE-2025-58799 | 2025-09-05 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in themelocation Custom WooCommerce Checkout Fields Editor allows Cross Site Request Forgery. This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.4. | |||||
| CVE-2025-58847 | 2025-09-05 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Yaidier WN Flipbox Pro allows Reflected XSS. This issue affects WN Flipbox Pro: from n/a through 2.1. | |||||
| CVE-2024-55076 | 1 Grocy Project | 1 Grocy | 2025-09-05 | N/A | 8.1 HIGH |
| Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password. | |||||
| CVE-2025-9747 | 1 Benjaminjonard | 1 Koillection | 2025-09-04 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrf_protection_controller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.0 is able to address this issue. The name of the patch is 9ab8562d3f1e953da93fed63f9ee802c7ea26a9a. It is suggested to upgrade the affected component. The vendor explains: "I ended up switching to a newer CSRF handling using stateless token." | |||||
| CVE-2024-45172 | 1 C-mor | 1 C-mor Video Surveillance | 2025-09-04 | N/A | 6.8 MEDIUM |
| An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery (CSRF) attacks. The C-MOR web interface offers no protection against cross-site request forgery (CSRF) attacks. | |||||