ReportizFlow
Filtered by vendor
Subscriptions
Total
8353 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34029 | 1 Disable Wordpress Update Notifications And Auto-update Email Notifications Project | 1 Disable Wordpress Update Notifications And Auto-update Email Notifications | 2025-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin <= 2.3.3 versions. | ||||
| CVE-2023-37968 | 1 Faboba | 1 Falang | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <= 1.3.39 versions. | ||||
| CVE-2023-37992 | 1 Presspage | 1 Smarty For Wordpress | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions. | ||||
| CVE-2023-37996 | 1 Gtmetrix | 1 Gtmetrix | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.7 versions. | ||||
| CVE-2023-44233 | 1 Fooplugins | 1 Foogallery | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin <= 2.2.44 versions. | ||||
| CVE-2023-41694 | 1 Realbig | 1 Realbig | 2025-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbig For WordPress plugin <= 1.0.3 versions. | ||||
| CVE-2023-45052 | 1 Dan009 | 1 Wp Bing Map Pro | 2025-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map Pro plugin < 5.0 versions. | ||||
| CVE-2023-41131 | 1 Followingmedarling | 1 Spotify Play Button | 2025-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.10 versions. | ||||
| CVE-2023-45831 | 1 Pixelative | 1 Google Amp | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin Rafique AMP WP – Google AMP For WordPress plugin <= 1.5.15 versions. | ||||
| CVE-2023-46152 | 1 Pluginus | 1 Wolf - Wordpress Posts Bulk Editor And Products Manager Professional | 2025-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions. | ||||
| CVE-2023-5802 | 1 Wpknowledgebase | 1 Wp Knowledgebase | 2025-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin <= 1.3.4 versions. | ||||
| CVE-2025-0865 | 2025-02-20 | 6.5 Medium | ||
| The WP Media Category Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.0 to 2.3.3. This is due to missing or incorrect nonce validation on the wp_mcm_handle_action_settings() function. This makes it possible for unauthenticated attackers to alter plugin settings, such as the taxonomy used for media, the base slug for media categories, and the default media category via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-0498 | 1 Hasthemes | 1 Wp Education | 2025-02-20 | 4.3 Medium |
| The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | ||||
| CVE-2023-0335 | 1 Wpvar | 1 Wp Shamsi | 2025-02-20 | 6.5 Medium |
| The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment. | ||||
| CVE-2023-0336 | 1 Ooohboi Steroids For Elementor Project | 1 Ooohboi Steroids For Elementor | 2025-02-19 | 6.5 Medium |
| The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment. | ||||
| CVE-2023-1089 | 1 Hasthemes | 1 Coupon Zen | 2025-02-19 | 4.3 Medium |
| The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | ||||
| CVE-2022-42447 | 1 Hcltech | 1 Hcl Compass | 2025-02-19 | 9.6 Critical |
| HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request. | ||||
| CVE-2025-26545 | 2025-02-18 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in shisuh Related Posts Line-up-Exactly by Milliard allows Stored XSS. This issue affects Related Posts Line-up-Exactly by Milliard: from n/a through 0.0.22. | ||||
| CVE-2025-26572 | 2025-02-18 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in jesseheap WP PHPList allows Cross Site Request Forgery. This issue affects WP PHPList: from n/a through 1.7. | ||||
| CVE-2025-26577 | 2025-02-18 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in daxiawp DX-auto-publish allows Stored XSS. This issue affects DX-auto-publish: from n/a through 1.2. | ||||