Total
7516 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1436 | 1 Rivercitygraphix | 1 Limit Bio | 2025-04-29 | 7.1 High |
| The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2025-3907 | 2025-04-29 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9. | ||||
| CVE-2025-46495 | 2025-04-29 | 6.5 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in tomontoast Drop Caps allows Stored XSS. This issue affects Drop Caps: from n/a through 2.1. | ||||
| CVE-2025-46504 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Olar Marius Vasaio QR Code allows Stored XSS. This issue affects Vasaio QR Code: from n/a through 1.2.5. | ||||
| CVE-2025-46508 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao Advanced lazy load allows Stored XSS. This issue affects Advanced lazy load: from n/a through 1.6.0. | ||||
| CVE-2025-46514 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery Automatic Popup allows Stored XSS. This issue affects Milat jQuery Automatic Popup: from n/a through 1.3.1. | ||||
| CVE-2025-46530 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Attachment allows Stored XSS. This issue affects Hacklog Remote Attachment: from n/a through 1.3.2. | ||||
| CVE-2025-46547 | 2025-04-29 | 5.4 Medium | ||
| In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue. | ||||
| CVE-2025-46510 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in harrysudana Contact Form 7 Calendar allows Stored XSS. This issue affects Contact Form 7 Calendar: from n/a through 3.0.1. | ||||
| CVE-2025-46450 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan allows Stored XSS. This issue affects occupancyplan: from n/a through 1.0.3.0. | ||||
| CVE-2025-46457 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in digontoahsan Wp Custom CMS Block allows Stored XSS. This issue affects Wp Custom CMS Block: from n/a through 2.1. | ||||
| CVE-2025-46512 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Shamim Hasan Custom Functions Plugin allows Stored XSS. This issue affects Custom Functions Plugin: from n/a through 1.1. | ||||
| CVE-2025-46497 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics allows Stored XSS. This issue affects Navegg Analytics: from n/a through 3.3.3. | ||||
| CVE-2025-39381 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This issue affects KiotViet Sync: from n/a through 1.8.4. | ||||
| CVE-2025-46442 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Casey Johnson Loan Calculator allows Stored XSS. This issue affects Loan Calculator: from n/a through 1.3. | ||||
| CVE-2025-46452 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News allows Stored XSS. This issue affects Google News: from n/a through 2.5.1. | ||||
| CVE-2025-46462 | 2025-04-29 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Trân Minh-Quân WPVN allows Cross Site Request Forgery. This issue affects WPVN: from n/a through 0.7.8. | ||||
| CVE-2025-46466 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in felixtz Modern Polls allows Stored XSS. This issue affects Modern Polls: from n/a through 1.0.10. | ||||
| CVE-2025-46492 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog allows Stored XSS. This issue affects Call Now PHT Blog: from n/a through 2.4.1. | ||||
| CVE-2025-46522 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Billy Bryant Tabs allows Stored XSS. This issue affects Tabs: from n/a through 4.0.3. | ||||