Total
8113 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27448 | 1 Maildev | 1 Maildev | 2025-03-13 | 9.1 Critical |
| MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file. | ||||
| CVE-2024-21202 | 1 Oracle | 2 Peoplesoft Enterprise People Tools, Peoplesoft Enterprise Peopletools | 2025-03-13 | 6.1 Medium |
| Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2020-36836 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2025-03-13 | 8.8 High |
| The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server. | ||||
| CVE-2024-30462 | 1 Pluginus | 1 Husky - Products Filter Professional For Woocommerce | 2025-03-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.1. | ||||
| CVE-2025-27298 | 2025-03-12 | 8.3 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in cmstactics WP Video Posts allows OS Command Injection. This issue affects WP Video Posts: from n/a through 3.5.1. | ||||
| CVE-2024-31430 | 1 Pluginus | 2 Bear - Woocommerce Bulk Editor And Products Manager Professional, Wolf - Wordpress Posts Bulk Editor And Products Manager Professional | 2025-03-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.1; BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.1. | ||||
| CVE-2022-48320 | 1 Checkmk | 1 Checkmk | 2025-03-12 | 5.4 Medium |
| Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk <= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an attacker to add new visual elements to multiple pages. | ||||
| CVE-2025-28909 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in edwardw WP No-Bot Question allows Cross Site Request Forgery. This issue affects WP No-Bot Question: from n/a through 0.1.7. | ||||
| CVE-2025-28910 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Ravinder Khurana WP Hide Admin Bar allows Cross Site Request Forgery. This issue affects WP Hide Admin Bar: from n/a through 2.0. | ||||
| CVE-2024-13774 | 1 Wpfactory | 1 Wishlist For Woocommerce | 2025-03-12 | 6.1 Medium |
| The Wishlist for WooCommerce: Multi Wishlists Per Customer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.7. This is due to missing or incorrect nonce validation on the 'save_to_multiple_wishlist' function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2022-4386 | 1 Intuitive Custom Post Order Project | 1 Intuitive Custom Post Order | 2025-03-12 | 4.3 Medium |
| The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack | ||||
| CVE-2021-34167 | 1 Taogogo | 1 Taocms | 2025-03-12 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php. | ||||
| CVE-2022-46797 | 1 Conversios | 1 Conversios | 2025-03-12 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin <= 5.2.3 leads to plugin settings change. | ||||
| CVE-2025-28933 | 2025-03-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in maxfoundry MaxA/B allows Stored XSS. This issue affects MaxA/B: from n/a through 2.2.2. | ||||
| CVE-2025-28941 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ohtan Spam Byebye allows Cross Site Request Forgery. This issue affects Spam Byebye: from n/a through 2.2.4. | ||||
| CVE-2025-27792 | 2025-03-12 | N/A | ||
| Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery (CSRF) were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referrer header can be dropped from CSRF requests using `<meta name="referrer" content="never">`, effectively bypassing this protection. Version 5.1.1 contains a patch for the issue. | ||||
| CVE-2025-28881 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in mg12 Mobile Themes allows Cross Site Request Forgery. This issue affects Mobile Themes: from n/a through 1.1.1. | ||||
| CVE-2025-28883 | 2025-03-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables allows Stored XSS. This issue affects WP Compare Tables: from n/a through 1.0.5. | ||||
| CVE-2025-28886 | 2025-03-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in xjb REST API TO MiniProgram allows Cross Site Request Forgery. This issue affects REST API TO MiniProgram: from n/a through 4.7.1. | ||||
| CVE-2025-28892 | 2025-03-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in a2rocklobster FTP Sync allows Stored XSS. This issue affects FTP Sync: from n/a through 1.1.6. | ||||