Filtered by CWE-352
Total 8021 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-54435 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Onlywire Multi Autosubmitter allows Stored XSS.This issue affects Onlywire Multi Autosubmitter: from n/a through 1.2.4.
CVE-2025-39421 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Mustafa KUCUK WP Sticky Side Buttons allows Stored XSS. This issue affects WP Sticky Side Buttons: from n/a through 2.1.
CVE-2025-31753 1 Wordpress 1 Wordpress 2025-07-13 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Animesh Kumar Advanced Speed Increaser. This issue affects Advanced Speed Increaser: from n/a through 2.2.1.
CVE-2024-54393 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Sheikh Heera WP Fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through 1.0.
CVE-2025-30586 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in bbodine1 cTabs allows Stored XSS. This issue affects cTabs: from n/a through 1.3.
CVE-2024-6662 1 Jan Syski 1 Megabip 2025-07-13 N/A
Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery (CSRF) as the form available under "/edytor/index.php?id=7,7,0" lacks protection mechanisms. A user could be tricked into visiting a malicious website, which would send POST request to this endpoint. If the victim is a logged in administrator, this could lead to creation of new accounts and granting of administrative permissions.
CVE-2025-23693 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Stanisław Skonieczny Secure CAPTCHA allows Stored XSS.This issue affects Secure CAPTCHA: from n/a through 1.2.
CVE-2024-37540 2 Leaky Paywall, Wordpress 2 Leaky Paywall, Wordpress 2025-07-13 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Leaky Paywall Leaky Paywall allows Cross Site Request Forgery.This issue affects Leaky Paywall: from n/a through 4.21.2.
CVE-2025-31880 1 Wordpress 1 Wordpress 2025-07-13 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Stylemix Pearl allows Cross Site Request Forgery. This issue affects Pearl: from n/a through 1.3.9.
CVE-2025-22557 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in WPMagic News Publisher Autopilot allows Cross Site Request Forgery.This issue affects News Publisher Autopilot: from n/a through 2.1.4.
CVE-2024-51633 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in IvyCat Web Services Simple Page Specific Sidebars allows Stored XSS.This issue affects Simple Page Specific Sidebars: from n/a through 2.14.1.
CVE-2025-30578 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in hotvanrod AdSense Privacy Policy allows Stored XSS. This issue affects AdSense Privacy Policy: from n/a through 1.1.1.
CVE-2024-55945 1 Typo3 1 Typo3 2025-07-13 4.3 Medium
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to `lax` or `none`. The vulnerability in the affected downstream component “DB Check Module” allows attackers to manipulate data through unauthorized actions. Users are advised to update to TYPO3 versions 11.5.42 ELTS which fixes the problem described. There are no known workarounds for this issue.
CVE-2024-48038 1 Wordpress 1 Wordpress 2025-07-13 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Hans Matzen wp-Monalisa allows Cross Site Request Forgery.This issue affects wp-Monalisa: from n/a through 6.4.
CVE-2024-37272 1 Wordpress 1 Wordpress 2025-07-13 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WP Travel Engine Travel Monster allows Cross Site Request Forgery.This issue affects Travel Monster: from n/a through 1.1.2.
CVE-2024-11342 1 Wordpress 1 Wordpress 2025-07-13 6.1 Medium
The Skt NURCaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing or incorrect nonce validation in the skt-nurc-admin.php file. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2025-30919 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Store Locator Widgets Store Locator Widget allows Stored XSS. This issue affects Store Locator Widget: from n/a through 20200131.
CVE-2024-51631 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Eftakhairul Islam Sticky Social Bar allows Cross Site Request Forgery.This issue affects Sticky Social Bar: from n/a through 2.0.
CVE-2024-54420 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Aleksander Novikov Metrika allows Cross Site Request Forgery.This issue affects Metrika: from n/a through 1.2.
CVE-2025-27316 1 Wordpress 1 Wordpress 2025-07-13 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in hosting.io JPG, PNG Compression and Optimization allows Cross Site Request Forgery. This issue affects JPG, PNG Compression and Optimization: from n/a through 1.7.35.