Total
8611 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49343 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Socialprofilr Social Profilr allows Stored XSS.This issue affects Social Profilr: from n/a through 1.0. | ||||
| CVE-2025-49028 | 2 Wordpress, Zoho Mail | 2 Wordpress, Zoho Zeptomail | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Zoho Mail Zoho ZeptoMail allows Stored XSS.This issue affects Zoho ZeptoMail: from n/a through 3.3.1. | ||||
| CVE-2025-49342 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Wolfgang Häfelinger Custom Style allows Stored XSS.This issue affects Custom Style: from n/a through 1.0. | ||||
| CVE-2025-62992 | 2 Everestthemes, Wordpress | 2 Everest Backup, Wordpress | 2026-01-05 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Everest themes Everest Backup allows Path Traversal.This issue affects Everest Backup: from n/a through 2.3.9. | ||||
| CVE-2025-62080 | 3 Channelize.io, Woocommerce, Wordpress | 3 Live Shopping & Shoppable Videos For Woocommerce, Woocommerce, Wordpress | 2026-01-05 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Channelize.Io Team Live Shopping & Shoppable Videos For WooCommerce allows Cross Site Request Forgery.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through 2.2.0. | ||||
| CVE-2025-62148 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Eugen Bobrowski Robots.Txt rewrite allows Cross Site Request Forgery.This issue affects Robots.Txt rewrite: from n/a through 1.6.1. | ||||
| CVE-2025-62084 | 2 Imdad Next Web, Wordpress | 2 Inext Woo Pincode Checker, Wordpress | 2026-01-05 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Imdad Next Web iNext Woo Pincode Checker allows Cross Site Request Forgery.This issue affects iNext Woo Pincode Checker: from n/a through 2.3.1. | ||||
| CVE-2025-59130 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Appointify allows Cross Site Request Forgery.This issue affects Appointify: from n/a through 1.0.8. | ||||
| CVE-2025-63014 | 2 Serhii Pasiuk, Wordpress | 2 Gmedia Photo Gallery, Wordpress | 2026-01-05 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Serhii Pasyuk Gmedia Photo Gallery allows Cross Site Request Forgery.This issue affects Gmedia Photo Gallery: from n/a through 1.24.1. | ||||
| CVE-2025-62113 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in emendo_seb Co-marquage service-public.Fr allows Cross Site Request Forgery.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.77. | ||||
| CVE-2025-62089 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack allows Cross Site Request Forgery.This issue affects Mergado Pack: from n/a through 4.2.0. | ||||
| CVE-2025-63040 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11. | ||||
| CVE-2025-62101 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Omid Shamloo Pardakht Delkhah allows Cross Site Request Forgery.This issue affects Pardakht Delkhah: from n/a through 3.0.0. | ||||
| CVE-2025-62123 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ink themes WP Gmail SMTP allows Cross Site Request Forgery.This issue affects WP Gmail SMTP: from n/a through 1.0.7. | ||||
| CVE-2025-31054 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8. | ||||
| CVE-2025-35030 | 2 Medical Informatics Engineering, Mieweb | 2 Enterprise Health, Enterprise Health | 2026-01-02 | 8.1 High |
| Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that administrative user. This issue is fixed as of 2025-04-08. | ||||
| CVE-2024-6230 | 2 Wordpress, Wp-master | 2 Wordpress, Pardakht-delkhah | 2026-01-02 | 6.5 Medium |
| The پلاگین پرداخت دلخواه WordPress plugin through 2.9.8 does not have CSRF check in place when resetting its form fields, which could allow attackers to make a logged in admin perform such action via a CSRF attack | ||||
| CVE-2024-2232 | 1 2code | 1 Himer | 2026-01-02 | 8.1 High |
| The lacks CSRF checks allowing a user to invite any user to any group (including private groups) | ||||
| CVE-2025-66906 | 2 Turms, Turms-im | 2 Admin Api, Turms | 2026-01-02 | 6.1 Medium |
| Cross Site Request Forgery (CSRF) vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges. | ||||
| CVE-2025-66953 | 1 Nardamiteq | 2 Upc2, Upc2 Firmware | 2026-01-02 | 8.8 High |
| CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.17 allows a remote attacker to execute arbitrary code via the Web-based management interface and specifically the /system_setup.htm, /set_clock.htm, /receiver_setup.htm, /cal.htm?..., and /channel_setup.htm endpoints | ||||