Total
7480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39423 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Jenst Add to Header allows Stored XSS. This issue affects Add to Header: from n/a through 1.0. | |||||
| CVE-2025-39440 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover allows Stored XSS. This issue affects Broken Links Remover: from n/a through 1.2.2. | |||||
| CVE-2025-39422 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in PResponsive WP Social Bookmarking allows Stored XSS. This issue affects WP Social Bookmarking: from n/a through 3.6. | |||||
| CVE-2025-39426 | 2025-04-17 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in illow illow – Cookies Consent allows Cross Site Request Forgery. This issue affects illow – Cookies Consent: from n/a through 0.2.0. | |||||
| CVE-2025-39424 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in simplemaps Simple Maps allows Stored XSS. This issue affects Simple Maps: from n/a through 0.98. | |||||
| CVE-2025-39455 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ip2location IP2Location Variables allows Reflected XSS. This issue affects IP2Location Variables: from n/a through 2.9.5. | |||||
| CVE-2025-39416 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Ichi translit it! allows Stored XSS. This issue affects translit it!: from n/a through 1.6. | |||||
| CVE-2023-52072 | 1 Flycms Project | 1 Flycms | 2025-04-17 | N/A | 8.8 HIGH |
| FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte. | |||||
| CVE-2023-50931 | 1 Savignano | 1 S\/notify | 2025-04-17 | N/A | 8.3 HIGH |
| An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Bitbucket, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be. | |||||
| CVE-2023-42234 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | N/A | 5.4 MEDIUM |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function. | |||||
| CVE-2022-4024 | 1 Genetechsolutions | 1 Pie Register | 2025-04-17 | N/A | 6.5 MEDIUM |
| The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts) | |||||
| CVE-2025-31723 | 1 Jenkins | 1 Simple Queue | 2025-04-17 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order. | |||||
| CVE-2025-1762 | 1 Vollstart | 1 Event Tickets With Ticket Scanner | 2025-04-17 | N/A | 4.3 MEDIUM |
| The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2024-55088 | 1 Getsimple-ce | 1 Getsimple Cms | 2025-04-17 | N/A | 8.8 HIGH |
| GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module. | |||||
| CVE-2024-27694 | 1 Flycms Project | 1 Flycms | 2025-04-16 | N/A | 7.4 HIGH |
| FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit. | |||||
| CVE-2025-24358 | 2025-04-16 | N/A | N/A | ||
| gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes the request is being served over TLS. It determines this by inspecting the r.URL.Scheme value. However, this value is never populated for "server" requests per the Go spec, and so this check does not run in practice. This vulnerability allows an attacker who has gained XSS on a subdomain or top level domain to perform authenticated form submissions against gorilla/csrf protected targets that share the same top level domain. This vulnerability is fixed in 1.7.2. | |||||
| CVE-2025-39593 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in EverAccounting Ever Accounting allows Cross Site Request Forgery. This issue affects Ever Accounting: from n/a through 2.1.5. | |||||
| CVE-2025-39512 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Yuya Hoshino Bulk Term Editor allows Cross Site Request Forgery. This issue affects Bulk Term Editor: from n/a through 1.1.4. | |||||
| CVE-2025-39548 | 2025-04-16 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Right Click Disable OR Ban allows Stored XSS. This issue affects Right Click Disable OR Ban: from n/a through 1.1.17. | |||||
| CVE-2025-39601 | 2025-04-16 | N/A | 9.6 CRITICAL | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote Code Inclusion. This issue affects Custom CSS, JS & PHP: from n/a through 2.4.1. | |||||