Total
7916 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-7196 | 1 Jonkemp | 1 Ultimate Noindex Nofollow Tool | 2025-06-11 | 4.3 Medium |
| The Ultimate Noindex Nofollow Tool WordPress plugin through 1.1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2023-7197 | 1 Corbyboy | 1 Marketing Twitter Bot | 2025-06-11 | 7.1 High |
| The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2023-2334 | 2 Gsheetconnector, Westerndeal | 2 Edd Gsheetconnector, Easy Digital Downloads Google Sheet Connector | 2025-06-11 | 5.4 Medium |
| The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack | ||||
| CVE-2022-1617 | 1 Usabilitydynamics | 1 Wp-invoice | 2025-06-11 | 6.1 Medium |
| The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them | ||||
| CVE-2025-32501 | 2025-06-11 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in dimafreund RentSyst allows Stored XSS.This issue affects RentSyst: from n/a through 2.0.92. | ||||
| CVE-2023-6946 | 1 Unalignedcode | 1 Autotitle | 2025-06-11 | 8.8 High |
| The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | ||||
| CVE-2023-5006 | 1 Sarveshmrao | 1 Wp Discord Invite | 2025-06-11 | 6.5 Medium |
| The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request. | ||||
| CVE-2024-7984 | 1 Ultimatewpsms | 1 Joy Of Text | 2025-06-11 | 4.3 Medium |
| The Joy Of Text Lite WordPress plugin through 2.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2023-4246 | 1 Givewp | 1 Givewp | 2025-06-11 | 4.3 Medium |
| The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_remote_install_handler function. This makes it possible for unauthenticated attackers to install and activate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-32123 | 1 Dream-theme | 1 The7 | 2025-06-11 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.This issue affects The7: from n/a through 11.7.3. | ||||
| CVE-2024-3932 | 1 Totara | 1 Enterprise Lms | 2025-06-11 | 3.1 Low |
| A vulnerability classified as problematic has been found in Totara LMS up to 18.7. This affects an unknown part of the component User Selector. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 13.46, 14.38, 15.33, 16.27, 17.21 and 18.8 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-5766 | 1 Code-projects | 1 Simple Laundry System | 2025-06-10 | 4.3 Medium |
| A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-31613 | 1 Bosscms | 1 Bosscms | 2025-06-10 | 5.4 Medium |
| BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code." | ||||
| CVE-2023-47020 | 1 Ncratleos | 1 Terminal Handler | 2025-06-10 | 8.8 High |
| Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types. | ||||
| CVE-2024-6412 | 2 Htmlforms, Ibericode | 2 Html Forms, Html Forms | 2025-06-10 | 6.5 Medium |
| The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2025-47708 | 1 Miniorange | 1 Miniorange 2fa | 2025-06-10 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | ||||
| CVE-2024-3076 | 1 Mmilan81 | 1 Mm-email2image | 2025-06-10 | 3.8 Low |
| The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2025-5732 | 1 Carmelogarcia | 1 Traffic Offense Reporting System | 2025-06-10 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-47655 | 1 Wpgov | 1 Anac Xml Bandi Di Gara | 2025-06-10 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi ANAC XML Bandi di Gara.This issue affects ANAC XML Bandi di Gara: from n/a through 7.5. | ||||
| CVE-2023-32514 | 1 Himanshuparashar | 1 Google Site Verification Plugin Using Meta Tag | 2025-06-10 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2. | ||||