Total
7537 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0669 | 2025-05-07 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows Cross Site Request Forgery.This issue affects BOINC Server: before 1.4.3. | ||||
| CVE-2023-6499 | 1 Calenfretts | 1 Lastunes | 2025-05-06 | 5.4 Medium |
| The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2022-3419 | 1 Addify | 1 Automatic User Roles Switcher | 2025-05-06 | 6.5 Medium |
| The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator | ||||
| CVE-2022-40291 | 1 Phppointofsale | 1 Php Point Of Sale | 2025-05-06 | 8.8 High |
| The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts. | ||||
| CVE-2024-13118 | 1 Brijeshk89 | 1 Ip Based Login | 2025-05-06 | 4.3 Medium |
| The IP Based Login WordPress plugin before 2.4.1 does not have CSRF checks in some places, which could allow attackers to make logged in users delete all logs via a CSRF attack | ||||
| CVE-2022-40488 | 1 Processwire | 1 Processwire | 2025-05-06 | 6.5 Medium |
| ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF). | ||||
| CVE-2024-24843 | 1 Powerpackelements | 1 Powerpack Addons For Elementor | 2025-05-06 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in PowerPack Addons for Elementor PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a before 2.10.8. | ||||
| CVE-2024-24849 | 1 Developingtheweb | 1 Quicksand Post Filter Jquery | 2025-05-06 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. | ||||
| CVE-2024-24876 | 1 W-shadow | 1 Admin Menu Editor | 2025-05-06 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12. | ||||
| CVE-2024-25904 | 1 Blackbam | 1 Tinymce And Tinymce Advanced Professsional Formats And Styles | 2025-05-06 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in David Stockl TinyMCE and TinyMCE Advanced Professsional Formats and Styles.This issue affects TinyMCE and TinyMCE Advanced Professsional Formats and Styles: from n/a through 1.1.2. | ||||
| CVE-2024-24798 | 1 Soninow | 1 Debug | 2025-05-06 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in SoniNow Team Debug.This issue affects Debug: from n/a through 1.10. | ||||
| CVE-2024-24802 | 1 Jtrt Responsive Tables Project | 1 Jtrt Responsive Tables | 2025-05-06 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in John Tendik JTRT Responsive Tables.This issue affects JTRT Responsive Tables: from n/a through 4.1.9. | ||||
| CVE-2024-5076 | 1 Tipsandtricks-hq | 1 Wp Emember | 2025-05-06 | 8.8 High |
| The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2024-5077 | 1 Tipsandtricks-hq | 1 Wp Emember | 2025-05-06 | 6.8 Medium |
| The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-12414 | 1 Themify | 1 Store Locator | 2025-05-06 | 4.3 Medium |
| The Themify Store Locator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the setting_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-13826 | 1 Intricateweb | 1 Email Keep | 2025-05-06 | 5.4 Medium |
| The Email Keep WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2025-32354 | 2025-05-06 | 8.8 High | ||
| In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF token validation. This allows attackers to perform unauthorized GraphQL operations, such as modifying contacts, changing account settings, and accessing sensitive user data when an authenticated user visits a malicious website. | ||||
| CVE-2024-13580 | 1 Xavi.ivars | 1 Xv Random Quotes | 2025-05-06 | 4.3 Medium |
| The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack | ||||
| CVE-2025-1305 | 1 Spicethemes | 1 Newsblogger | 2025-05-06 | 8.8 High |
| The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-4327 | 2025-05-06 | 4.3 Medium | ||
| A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected. | ||||