Total
7929 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5938 | 1 Themebon | 1 Digital Marketing And Agency Templates Addons For Elementor | 2025-07-10 | N/A | 5.3 MEDIUM |
| The Digital Marketing and Agency Templates Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the import_templates() function. This makes it possible for unauthenticated attackers to trigger an import via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-48921 | 1 Getopensocial | 1 Open Social | 2025-07-09 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13. | |||||
| CVE-2025-7133 | 1 Codeastro | 1 Online Movie Ticket Booking System | 2025-07-09 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in CodeAstro Online Movie Ticket Booking System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-41597 | 1 Processwire | 1 Processwire | 2025-07-09 | N/A | 4.2 MEDIUM |
| Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality. | |||||
| CVE-2025-25772 | 1 Ujcms | 1 Jspxcms | 2025-07-09 | N/A | 5.1 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request. | |||||
| CVE-2025-47204 | 1 Davidstutz | 1 Bootstrap Multiselect | 2025-07-09 | N/A | 6.1 MEDIUM |
| An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF). | |||||
| CVE-2024-13337 | 1 Cm-wp | 1 Clearfy | 2025-07-08 | N/A | 4.3 MEDIUM |
| The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the 'setup-wbcr_clearfy' page. This makes it possible for unauthenticated attackers to update the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-13338 | 1 Cm-wp | 1 Clearfy | 2025-07-08 | N/A | 5.3 MEDIUM |
| The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the wclearfy_cache_delete functionality . This makes it possible for unauthenticated attackers to clear the cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-53483 | 2025-07-08 | N/A | 8.8 HIGH | ||
| ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | |||||
| CVE-2025-31828 | 1 Easyappointments | 1 Easy\!appointments | 2025-07-08 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in alextselegidis Easy!Appointments allows Cross Site Request Forgery. This issue affects Easy!Appointments: from n/a through 1.4.2. | |||||
| CVE-2025-0669 | 1 Universityofcalifornia | 1 Boinc Server | 2025-07-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows Cross Site Request Forgery.This issue affects BOINC Server: before 1.4.3. | |||||
| CVE-2025-53568 | 2025-07-08 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli Radio Station allows Cross Site Request Forgery. This issue affects Radio Station: from n/a through 2.5.12. | |||||
| CVE-2025-53569 | 2025-07-08 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Trust Payments Trust Payments Gateway for WooCommerce (JavaScript Library) allows Cross Site Request Forgery. This issue affects Trust Payments Gateway for WooCommerce (JavaScript Library): from n/a through 1.3.6. | |||||
| CVE-2025-23972 | 2025-07-08 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Brian S. Reed Contact Form 7 reCAPTCHA allows Cross Site Request Forgery. This issue affects Contact Form 7 reCAPTCHA: from n/a through 1.2.0. | |||||
| CVE-2025-5933 | 2025-07-08 | N/A | 4.3 MEDIUM | ||
| The RD Contacto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the rdWappUpdateData() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-6041 | 2025-07-08 | N/A | 6.1 MEDIUM | ||
| The yContributors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the 'yContributors' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-53540 | 2025-07-08 | N/A | N/A | ||
| arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery (CSRF). The update endpoints accept POST requests for firmware uploads without CSRF protection. This allows an attacker to upload and execute arbitrary firmware, resulting in remote code execution (RCE). This vulnerability is fixed in 3.2.1. | |||||
| CVE-2025-7078 | 2025-07-08 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5937 | 1 Videowhisper | 1 Micropayments | 2025-07-08 | N/A | 4.3 MEDIUM |
| The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the adminOptions() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-6459 | 1 Scripteo | 1 Ads Pro | 2025-07-08 | N/A | 8.8 HIGH |
| The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.89. This is due to missing or incorrect nonce validation on the bsaCreateAdTemplate function. This makes it possible for unauthenticated attackers to inject and execute arbitrary PHP code via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||