Total
7915 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6532 | 1 Wp-blogs-planetarium Project | 1 Wp-blogs-planetarium | 2025-06-18 | 8.8 High |
| The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2023-6529 | 1 Rextheme | 1 Wp Vr | 2025-06-18 | 6.1 Medium |
| The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities. | ||||
| CVE-2024-35138 | 1 Ibm | 1 Security Verify Access | 2025-06-18 | 6.5 Medium |
| IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2025-49856 | 2025-06-18 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in CyberChimps Responsive Plus allows Cross Site Request Forgery. This issue affects Responsive Plus: from n/a through 3.2.2. | ||||
| CVE-2024-24820 | 1 Icinga | 1 Icinga | 2025-06-17 | 8.3 High |
| Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being. | ||||
| CVE-2024-22285 | 1 Elisebosse | 1 Frontpage Manager | 2025-06-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Elise Bosse Frontpage Manager.This issue affects Frontpage Manager: from n/a through 1.3. | ||||
| CVE-2024-22143 | 1 Wpspellcheck | 1 Wpspellcheck | 2025-06-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.This issue affects WP Spell Check: from n/a through 9.17. | ||||
| CVE-2024-0667 | 1 10web | 1 Form Maker | 2025-06-17 | 5.4 Medium |
| The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. This is due to missing or incorrect nonce validation on the 'execute' function. This makes it possible for unauthenticated attackers to execute arbitrary methods in the 'BoosterController' class via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-0623 | 1 Vektor-inc | 1 Vk Block Patterns | 2025-06-17 | 4.3 Medium |
| The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-47718 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2025-06-17 | 4.3 Medium |
| IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843. | ||||
| CVE-2024-22416 | 1 Pyload-ng Project | 1 Pyload-ng | 2025-06-17 | 9.7 Critical |
| pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade. | ||||
| CVE-2024-0555 | 1 Xantech | 2 Wic1200, Wic1200 Firmware | 2025-06-17 | 4.6 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token implementation. | ||||
| CVE-2023-7125 | 1 Peepso | 1 Peepso | 2025-06-17 | 4.3 Medium |
| The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in users perform such action via a CSRF attack | ||||
| CVE-2023-51949 | 1 Verydows | 1 Verydows | 2025-06-17 | 8.8 High |
| Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller | ||||
| CVE-2023-48258 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2025-06-17 | 5.5 Medium |
| The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session. | ||||
| CVE-2024-32085 | 1 Ait-themes | 1 Citadela Listing | 2025-06-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a before 5.20.0. | ||||
| CVE-2025-48111 | 2025-06-17 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0. | ||||
| CVE-2023-6788 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2025-06-17 | 5.4 Medium |
| The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it possible for unauthenticated attackers to update the options "mf_hubsopt_token", "mf_hubsopt_refresh_token", "mf_hubsopt_token_type", and "mf_hubsopt_expires_in" via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This would allow an attacker to connect their own Hubspot account to a victim site's metform to obtain leads and contacts. | ||||
| CVE-2023-52222 | 1 Woocommerce | 1 Woocommerce | 2025-06-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. | ||||
| CVE-2023-52200 | 1 Reputeinfosystems | 1 Armember | 2025-06-17 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a. | ||||