ReportizFlow
Filtered by vendor
Subscriptions
Total
8111 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11419 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.1 Medium |
| The Password for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the get3_init_admin_page() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-22688 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimited Page Sidebars allows Stored XSS. This issue affects Unlimited Page Sidebars: from n/a through 0.2.6. | ||||
| CVE-2025-26578 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in mathieuhays Simple Documentation allows Stored XSS. This issue affects Simple Documentation: from n/a through 1.2.8. | ||||
| CVE-2025-43835 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ktsvetkov allows Cross Site Request Forgery.This issue affects wp-cyr-cho: from n/a through 0.1. | ||||
| CVE-2025-26571 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in wibiya Wibiya Toolbar allows Cross Site Request Forgery. This issue affects Wibiya Toolbar: from n/a through 2.0. | ||||
| CVE-2025-30528 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.3 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in wpshopee Awesome Logos allows SQL Injection. This issue affects Awesome Logos: from n/a through 1.2. | ||||
| CVE-2025-46495 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in tomontoast Drop Caps allows Stored XSS. This issue affects Drop Caps: from n/a through 2.1. | ||||
| CVE-2025-23822 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Cornea Alexandru Category Custom Fields allows Cross Site Request Forgery.This issue affects Category Custom Fields: from n/a through 1.0. | ||||
| CVE-2024-48031 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Sumit Surai Featured Posts with Multiple Custom Groups (FPMCG) allows Cross Site Request Forgery.This issue affects Featured Posts with Multiple Custom Groups (FPMCG): from n/a through 4.0. | ||||
| CVE-2024-31205 | 1 Saleor | 1 Saleor | 2025-07-13 | 4.2 Medium |
| Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty string. When a user provides an empty string in `refreshToken` mutation, while the token persists in `JWT_REFRESH_TOKEN_COOKIE_NAME` cookie, application omits validation against CSRF token and returns valid access token. Versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19 contain a patch for the issue. As a workaround, one may replace `saleor.graphql.account.mutations.authentication.refresh_token.py.get_refresh_token`. This will fix the issue, but be aware, that it returns `JWT_MISSING_TOKEN` instead of `JWT_INVALID_TOKEN`. | ||||
| CVE-2025-23844 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in wellwisher Custom Widget Classes allows Cross Site Request Forgery.This issue affects Custom Widget Classes: from n/a through 1.1. | ||||
| CVE-2025-39430 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Alexander Rauscha mLanguage allows Stored XSS. This issue affects mLanguage: from n/a through 1.6.1. | ||||
| CVE-2025-31784 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rudy Susanto Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more allows Cross Site Request Forgery. This issue affects Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more: from n/a through 1.4.0. | ||||
| CVE-2025-23996 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in anyroad.com AnyRoad allows Cross Site Request Forgery. This issue affects AnyRoad: from n/a through 1.3.2. | ||||
| CVE-2025-23708 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Dominic Fallows DF Draggable allows Stored XSS.This issue affects DF Draggable: from n/a through 1.13.2. | ||||
| CVE-2024-34427 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Favorite Posts.This issue affects WP Favorite Posts: from n/a through 1.6.8. | ||||
| CVE-2024-12003 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.1 Medium |
| The WP System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the generate_wp_system_page_content() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-44028 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a before 3.6.5. | ||||
| CVE-2024-37417 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Coachify Coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through 1.0.7. | ||||
| CVE-2025-39418 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in ajayver RSS Manager allows Stored XSS. This issue affects RSS Manager: from n/a through 0.06. | ||||