Total
8022 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32547 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.2 High |
| Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP allows Blind SQL Injection. This issue affects All push notification for WP: from n/a through 1.5.3. | ||||
| CVE-2024-54389 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Eduardo Chiaro addWeather allows Cross Site Request Forgery.This issue affects addWeather: from n/a through 2.5.1. | ||||
| CVE-2024-13682 | 2 Wordpress, Wpswings | 2 Wordpress, Wallet System For Woocommerce | 2025-07-12 | 4.3 Medium |
| The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation in class-wallet-user-table.php. This makes it possible for unauthenticated attackers to modify wallet balances via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-12322 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the 'update_option' function. This makes it possible for unauthenticated attackers to update the 'tpwKey' option with stored cross-site scripting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-54388 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Phuc Pham Multiple Admin Emails allows Cross Site Request Forgery.This issue affects Multiple Admin Emails: from n/a through 1.0. | ||||
| CVE-2024-53755 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Andrea Pernici Third Party Cookie Eraser allows Stored XSS.This issue affects Third Party Cookie Eraser: from n/a through 1.0.2. | ||||
| CVE-2025-30769 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in alexvtn WIP WooCarousel Lite allows Stored XSS. This issue affects WIP WooCarousel Lite: from n/a through 1.1.7. | ||||
| CVE-2024-11417 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.1 Medium |
| The dejure.org Vernetzungsfunktion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.97.5. This is due to missing or incorrect nonce validation on the djo_einstellungen_menue() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-43840 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Ref CheckBot allows Stored XSS.This issue affects CheckBot: from n/a through 1.05. | ||||
| CVE-2024-53793 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.2 High |
| Cross-Site Request Forgery (CSRF) vulnerability in eDoc Intelligence LLC eDoc Easy Tables allows Blind SQL Injection.This issue affects eDoc Easy Tables: from n/a through 1.29. | ||||
| CVE-2025-47583 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| Unauthenticated Cross Site Request Forgery (CSRF) in Salon booking system <= 10.16 versions. | ||||
| CVE-2024-37491 | 2 Apollo13themes, Wordpress | 2 Rife Free, Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Rife Free allows Cross Site Request Forgery.This issue affects Rife Free: from n/a through 2.4.18. | ||||
| CVE-2025-27357 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Musa AVCI Önceki Yazı Link allows Cross Site Request Forgery. This issue affects Önceki Yazı Link: from n/a through 1.3. | ||||
| CVE-2024-11975 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.1 Medium |
| The Reactflow Visitor Recording and Heatmaps plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.10. This is due to missing or incorrect nonce validation affecting the _wpnonce parameter. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-23537 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Oren hahiashvili add custom google tag manager allows Stored XSS.This issue affects add custom google tag manager: from n/a through 1.0.3. | ||||
| CVE-2025-23660 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Walter Cerrudo MFPlugin allows Stored XSS.This issue affects MFPlugin: from n/a through 1.3. | ||||
| CVE-2025-26748 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Arkhe allows PHP Local File Inclusion. This issue affects Arkhe: from n/a through 3.11.0. | ||||
| CVE-2024-54372 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify allows Code Injection.This issue affects Insertify: from n/a through 1.1.4. | ||||
| CVE-2024-37236 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Tim Whitlock Loco Translate allows Cross Site Request Forgery.This issue affects Loco Translate: from n/a through 2.6.9. | ||||
| CVE-2024-27197 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows Stored XSS.This issue affects BeePress: from n/a through 6.9.8. | ||||