Total
8611 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62117 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Jayce53 EasyIndex easyindex allows Cross Site Request Forgery.This issue affects EasyIndex: from n/a through 1.1.1704. | ||||
| CVE-2025-65203 | 1 Keepassxc | 1 Keepassxc-browser | 2026-01-05 | 7.1 High |
| KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directive and iframe attribute sandbox, allowing attacker-controlled script in the sandboxed document to access populated form fields and exfiltrate credentials. | ||||
| CVE-2025-62133 | 2 Manidoraisamy, Wordpress | 2 Formfacade, Wordpress | 2026-01-05 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Manidoraisamy FormFacade allows Cross Site Request Forgery.This issue affects FormFacade: from n/a through 1.4.1. | ||||
| CVE-2018-25152 | 1 Ecessa | 1 Edge Ev150 | 2026-01-05 | 5.3 Medium |
| Ecessa Edge EV150 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a form that submits requests to the /cgi-bin/pl_web.cgi/util_configlogin_act endpoint to add superuser accounts with arbitrary credentials. | ||||
| CVE-2018-25149 | 1 Microhardcorp | 1 Ipn4g | 2026-01-05 | 4.3 Medium |
| Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page. | ||||
| CVE-2018-25151 | 1 Ecessa | 1 Wanworx Wvr-30 | 2026-01-05 | 4.3 Medium |
| Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an authenticated administrator into loading the page. | ||||
| CVE-2018-25156 | 1 Teradek | 1 Cube | 2026-01-05 | 5.3 Medium |
| Teradek Cube 7.3.6 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page with a hidden form to submit password change requests to the device's system configuration interface. | ||||
| CVE-2024-30855 | 1 Dedecms | 1 Dedecms | 2026-01-05 | 8.8 High |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php. | ||||
| CVE-2025-68998 | 2 Heateor, Wordpress | 2 Social Login, Wordpress | 2026-01-05 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Heateor Support Heateor Social Login heateor-social-login allows Cross Site Request Forgery.This issue affects Heateor Social Login: from n/a through <= 1.1.39. | ||||
| CVE-2025-69021 | 2 Ays-pro, Wordpress | 2 Popup Box, Wordpress | 2026-01-05 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 6.0.7. | ||||
| CVE-2025-62112 | 2 Merv Barrett, Wordpress | 2 Import Into Easy Property Listings, Wordpress | 2026-01-05 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Merv Barrett Import into Easy Property Listings allows Cross Site Request Forgery.This issue affects Import into Easy Property Listings: from n/a through 2.2.1. | ||||
| CVE-2025-52835 | 2 Conoha By Gmo, Wordpress | 2 Wing Wordpress Migrator, Wordpress | 2026-01-05 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in ConoHa by GMO WING WordPress Migrator allows Upload a Web Shell to a Web Server.This issue affects WING WordPress Migrator: from n/a through 1.1.9. | ||||
| CVE-2025-59131 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Hoernerfranz WP-CalDav2ICS allows Stored XSS.This issue affects WP-CalDav2ICS: from n/a through 1.3.4. | ||||
| CVE-2025-68885 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Page Carbajal Custom Post Status allows Stored XSS.This issue affects Custom Post Status: from n/a through 1.1.0. | ||||
| CVE-2025-49354 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Mindstien Technologies Recent Posts From Each Category allows Stored XSS.This issue affects Recent Posts From Each Category: from n/a through 1.4. | ||||
| CVE-2025-49353 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Marcin Kijak Noindex by Path allows Stored XSS.This issue affects Noindex by Path: from n/a through 1.0. | ||||
| CVE-2025-49345 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in mg12 WP-EasyArchives allows Stored XSS.This issue affects WP-EasyArchives: from n/a through 3.1.2. | ||||
| CVE-2025-49344 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Rene Ade SensitiveTagCloud allows Stored XSS.This issue affects SensitiveTagCloud: from n/a through 1.4.1. | ||||
| CVE-2025-59137 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in eLEOPARD Behance Portfolio Manager allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through 1.7.5. | ||||
| CVE-2025-49346 | 2 Peter Sterling, Wordpress | 2 Simple Archive Generator, Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Simple Archive Generator allows Stored XSS.This issue affects Simple Archive Generator: from n/a through 5.2. | ||||