ReportizFlow
Filtered by vendor
Subscriptions
Total
8871 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-25140 | 2025-02-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile allows Stored XSS. This issue affects Simple User Profile: from n/a through 1.9. | ||||
| CVE-2025-25135 | 2025-02-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar allows Stored XSS. This issue affects Custom Links On Admin Dashboard Toolbar: from n/a through 3.3. | ||||
| CVE-2025-25138 | 2025-02-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rishi On Page SEO + Whatsapp Chat Button allows Stored XSS. This issue affects On Page SEO + Whatsapp Chat Button: from n/a through 2.0.0. | ||||
| CVE-2025-25156 | 2025-02-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Stanko Metodiev Quote Comments allows Stored XSS. This issue affects Quote Comments: from n/a through 2.2.1. | ||||
| CVE-2025-25160 | 1 Markbarnes | 1 Style Tweaker | 2025-02-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker allows Stored XSS. This issue affects Style Tweaker: from n/a through 0.11. | ||||
| CVE-2025-25166 | 1 Gabrieldarezzo | 1 Inlocation | 2025-02-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation allows Stored XSS. This issue affects InLocation: from n/a through 1.8. | ||||
| CVE-2025-25168 | 1 Blackandwhitedigital | 1 Bookpress | 2025-02-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigital BookPress – For Book Authors allows Cross-Site Scripting (XSS). This issue affects BookPress – For Book Authors: from n/a through 1.2.7. | ||||
| CVE-2025-24742 | 1 Codecabin | 1 Wp Go Maps | 2025-02-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Go Maps (formerly WP Google Maps) WP Go Maps. This issue affects WP Go Maps: from n/a through 9.0.40. | ||||
| CVE-2024-13683 | 1 Sperse | 1 Automate Hub | 2025-02-12 | 4.3 Medium |
| The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.0. This is due to missing or incorrect nonce validation on the 'automate_hub' page. This makes it possible for unauthenticated attackers to update an activation status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-22768 | 2025-02-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Media Library Mime Type allows Stored XSS. This issue affects Rocket Media Library Mime Type: from n/a through 2.1.0. | ||||
| CVE-2025-23745 | 2025-02-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Tussendoor internet & marketing Call me Now allows Stored XSS.This issue affects Call me Now: from n/a through 1.0.5. | ||||
| CVE-2025-23749 | 2025-02-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Mahdi Khaksar mybb Last Topics allows Stored XSS.This issue affects mybb Last Topics: from n/a through 1.0. | ||||
| CVE-2025-24714 | 2025-02-12 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu allows Cross Site Request Forgery. This issue affects Bubble Menu – circle floating menu: from n/a through 4.0.2. | ||||
| CVE-2025-24738 | 2025-02-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in NowButtons.com Call Now Button allows Cross Site Request Forgery. This issue affects Call Now Button: from n/a through 1.4.13. | ||||
| CVE-2025-24756 | 2025-02-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in mgplugin Roi Calculator allows Stored XSS. This issue affects Roi Calculator: from n/a through 1.0. | ||||
| CVE-2025-24538 | 2025-02-12 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in slaFFik BuddyPress Groups Extras allows Cross Site Request Forgery. This issue affects BuddyPress Groups Extras: from n/a through 3.6.10. | ||||
| CVE-2025-24540 | 2025-02-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Cross Site Request Forgery. This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.18.9. | ||||
| CVE-2024-27968 | 1 Optimole | 1 Super Page Cache | 2025-02-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Optimole Super Page Cache for Cloudflare allows Stored XSS.This issue affects Super Page Cache for Cloudflare: from n/a through 4.7.5. | ||||
| CVE-2023-2552 | 1 Bumsys Project | 1 Bumsys | 2025-02-12 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1. | ||||
| CVE-2024-4426 | 1 Comparisonslider | 1 Comparison Slider | 2025-02-12 | 4.3 Medium |
| The Comparison Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on several functions hooked to AJAX actions. This makes it possible for unauthenticated attackers to change slider titles, delete sliders and modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||