Total
8113 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36886 | 1 Ciphercoin | 1 Contact Form 7 Database Addon | 2025-03-28 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9). | ||||
| CVE-2024-27623 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-03-28 | 5.9 Medium |
| CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs. | ||||
| CVE-2022-38329 | 1 Shopxian | 1 Shopxian Cms | 2025-03-28 | 4.3 Medium |
| A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to modify or delete specific content through crafted requests, potentially leading to data loss and system integrity issues. | ||||
| CVE-2024-27559 | 1 Codelyfe | 1 Stupid Simple Cms | 2025-03-28 | 6.3 Medium |
| Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /save_settings.php | ||||
| CVE-2024-27689 | 1 Codelyfe | 1 Stupid Simple Cms | 2025-03-28 | 8.8 High |
| Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-article.php. | ||||
| CVE-2022-43980 | 1 Pandorafms | 1 Pandora Fms | 2025-03-27 | 5.2 Medium |
| There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. The exploitation of this vulnerability could allow an atacker to steal the value of the admin user´s cookie. | ||||
| CVE-2022-4872 | 1 Chained Products Project | 1 Chained Products | 2025-03-27 | 4.3 Medium |
| The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no' | ||||
| CVE-2025-30923 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in powerfulwp Gift Message for WooCommerce allows Cross Site Request Forgery. This issue affects Gift Message for WooCommerce: from n/a through 1.7.8. | ||||
| CVE-2025-30912 | 2025-03-27 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Float menu allows Cross Site Request Forgery. This issue affects Float menu: from n/a through 6.1.2. | ||||
| CVE-2025-30888 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce allows Cross Site Request Forgery. This issue affects Custom Fields Account Registration For Woocommerce: from n/a through 1.1. | ||||
| CVE-2025-30872 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Nitin Prakash Product Author for WooCommerce allows Cross Site Request Forgery. This issue affects Product Author for WooCommerce: from n/a through 1.0.7. | ||||
| CVE-2025-30863 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms allows Cross Site Request Forgery. This issue affects Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.0.9. | ||||
| CVE-2025-30862 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi reCAPTCHA for all allows Cross Site Request Forgery. This issue affects reCAPTCHA for all: from n/a through 2.22. | ||||
| CVE-2025-30857 | 2025-03-27 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in PressMaximum Currency Switcher for WooCommerce allows Stored XSS. This issue affects Currency Switcher for WooCommerce: from n/a through 0.0.7. | ||||
| CVE-2025-30856 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in theme funda Custom Field For WP Job Manager allows Cross Site Request Forgery. This issue affects Custom Field For WP Job Manager: from n/a through 1.4. | ||||
| CVE-2025-30854 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Saso Serial Codes Generator and Validator with WooCommerce Support allows Cross Site Request Forgery. This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through 2.7.7. | ||||
| CVE-2025-30833 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.8.2. | ||||
| CVE-2025-30822 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Hakik Zaman Custom Login Logo allows Cross Site Request Forgery. This issue affects Custom Login Logo: from n/a through 1.1.7. | ||||
| CVE-2025-30816 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Nks publish post email notification allows Cross Site Request Forgery. This issue affects publish post email notification: from n/a through 1.0.2.3. | ||||
| CVE-2025-30805 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible Cookies allows Cross Site Request Forgery. This issue affects Flexible Cookies: from n/a through 1.1.8. | ||||