ReportizFlow
Filtered by vendor
Subscriptions
Total
8090 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53268 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ryanpcmcquen Import external attachments allows Cross Site Request Forgery. This issue affects Import external attachments: from n/a through 1.5.12. | ||||
| CVE-2025-53327 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in rui_mashita Aioseo Multibyte Descriptions allows Cross Site Request Forgery. This issue affects Aioseo Multibyte Descriptions: from n/a through 0.0.6. | ||||
| CVE-2025-53274 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Hossin Asaadi WP Permalink Translator allows Stored XSS. This issue affects WP Permalink Translator: from n/a through 1.7.6. | ||||
| CVE-2025-53273 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Slickstream Slickstream allows Cross Site Request Forgery. This issue affects Slickstream: from n/a through 2.0.3. | ||||
| CVE-2025-53568 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli Radio Station allows Cross Site Request Forgery. This issue affects Radio Station: from n/a through 2.5.12. | ||||
| CVE-2025-5933 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 4.3 Medium |
| The RD Contacto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the rdWappUpdateData() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-5924 | 2 Skywavesolutions, Wordpress | 2 Wp Firebase Push Notification, Wordpress | 2025-07-14 | 4.3 Medium |
| The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the wfpn_brodcast_notification_message() function. This makes it possible for unauthenticated attackers to send broadcast notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-6041 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 6.1 Medium |
| The yContributors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the 'yContributors' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-53540 | 1 Espressif | 1 Arduino-esp32 | 2025-07-14 | N/A |
| arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery (CSRF). The update endpoints accept POST requests for firmware uploads without CSRF protection. This allows an attacker to upload and execute arbitrary firmware, resulting in remote code execution (RCE). This vulnerability is fixed in 3.2.1. | ||||
| CVE-2025-39433 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in beke_ro Bknewsticker allows Stored XSS. This issue affects Bknewsticker: from n/a through 1.0.5. | ||||
| CVE-2025-46508 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao Advanced lazy load allows Stored XSS. This issue affects Advanced lazy load: from n/a through 1.6.0. | ||||
| CVE-2025-30561 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Henrique Mouta CAS Maestro allows Stored XSS. This issue affects CAS Maestro: from n/a through 1.1.3. | ||||
| CVE-2024-53711 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Jean-Marc BIANCA Hotlink2Watermark allows Stored XSS.This issue affects Hotlink2Watermark: from n/a through 0.3.2. | ||||
| CVE-2024-53776 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Raphael Heide Donate Me allows Stored XSS.This issue affects Donate Me: from n/a through 1.2.5. | ||||
| CVE-2025-23713 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Artem Anikeev Hack me if you can allows Stored XSS.This issue affects Hack me if you can: from n/a through 1.2. | ||||
| CVE-2024-54332 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in WPFactory WP Currency Exchange Rates allows Stored XSS.This issue affects WP Currency Exchange Rates: from n/a through 1.2.0. | ||||
| CVE-2025-30531 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in GBS Developer WP Ride Booking allows Cross Site Request Forgery. This issue affects WP Ride Booking: from n/a through 2.4. | ||||
| CVE-2024-51634 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Webriti WordPress Themes & Plugins Shop Webriti Custom Login allows Reflected XSS.This issue affects Webriti Custom Login: from n/a through 0.3. | ||||
| CVE-2025-30617 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in takien Rewrite allows Cross Site Request Forgery. This issue affects Rewrite: from n/a through 0.2.1. | ||||
| CVE-2024-37467 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeIsle Hestia allows Cross Site Request Forgery.This issue affects Hestia: from n/a through 3.1.2. | ||||