Total
8099 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32276 | 2025-04-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Quý Lê 91 Administrator Z allows Cross Site Request Forgery. This issue affects Administrator Z: from n/a through 2025.03.04. | ||||
| CVE-2025-32264 | 2025-04-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam UltraAddons Elementor Lite allows Cross Site Request Forgery. This issue affects UltraAddons Elementor Lite: from n/a through 2.0.0. | ||||
| CVE-2025-32263 | 2025-04-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in BeRocket Sequential Order Numbers for WooCommerce allows Cross Site Request Forgery. This issue affects Sequential Order Numbers for WooCommerce: from n/a through 3.6.2. | ||||
| CVE-2025-32261 | 2025-04-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Kuppuraj Advanced All in One Admin Search by WP Spotlight allows Cross Site Request Forgery. This issue affects Advanced All in One Admin Search by WP Spotlight: from n/a through 1.1.1. | ||||
| CVE-2024-41795 | 2025-04-08 | 6.5 Medium | ||
| A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device administrator to click on a malicious link. | ||||
| CVE-2025-3064 | 2025-04-08 | 8.8 High | ||
| The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelist_options() function. This makes it possible for unauthenticated attackers to update the default role option that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances. | ||||
| CVE-2022-46368 | 1 Maxum | 1 Rumpus | 2025-04-08 | 6.8 Medium |
| Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users. | ||||
| CVE-2022-46367 | 1 Maxum | 1 Rumpus | 2025-04-08 | 6.8 Medium |
| Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation. | ||||
| CVE-2024-27474 | 1 Leantime | 1 Leantime | 2025-04-08 | 8.8 High |
| Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators. | ||||
| CVE-2024-22721 | 1 Formtools | 1 Form Tools | 2025-04-08 | 6.3 Medium |
| Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link. | ||||
| CVE-2024-25572 | 2 Ninjaforms, Saturday Drive | 2 Ninja Forms, Ninja Forms | 2025-04-08 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed. | ||||
| CVE-2023-22852 | 1 Tiki | 1 Tiki | 2025-04-07 | 6.5 Medium |
| Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php. | ||||
| CVE-2022-43719 | 1 Apache | 1 Superset | 2025-04-07 | 8.8 High |
| Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | ||||
| CVE-2024-9311 | 1 Hliu | 1 Large Language And Vision Assistant | 2025-04-07 | 6.1 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava v1.2.0 (LLaVA-1.6) allows an attacker to upload files with malicious content without authentication or user interaction. The uploaded file is stored in a predictable path, enabling the attacker to execute arbitrary JavaScript code in the context of the victim's browser by visiting the crafted file URL. This can lead to theft of sensitive information, session hijacking, or other actions compromising the security and privacy of the victim. | ||||
| CVE-2025-30908 | 2025-04-07 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Shamalli Web Directory Free allows Stored XSS. This issue affects Web Directory Free: from n/a through 1.7.6. | ||||
| CVE-2025-32113 | 2025-04-07 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Renzo Tejada Libro de Reclamaciones y Quejas allows Cross Site Request Forgery. This issue affects Libro de Reclamaciones y Quejas: from n/a through 0.9. | ||||
| CVE-2025-32250 | 2025-04-07 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in rollbar Rollbar allows Cross Site Request Forgery. This issue affects Rollbar: from n/a through 2.7.1. | ||||
| CVE-2025-32241 | 2025-04-07 | 6.5 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in CleverReach® Official CleverReach Plugin for WooCommerce allows Cross Site Request Forgery. This issue affects Official CleverReach Plugin for WooCommerce: from n/a through 3.4.3. | ||||
| CVE-2025-32112 | 2025-04-07 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light allows Cross Site Request Forgery. This issue affects Sidebar Manager Light: from n/a through 1.1.8. | ||||
| CVE-2025-32265 | 2025-04-07 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.3.9. | ||||