ReportizFlow
Filtered by vendor
Subscriptions
Total
8332 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31404 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Wladyslaw Madejczyk AF Tell a Friend allows Stored XSS. This issue affects AF Tell a Friend: from n/a through 1.4. | ||||
| CVE-2025-30576 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Image Autosave allows Cross Site Request Forgery. This issue affects Hacklog Remote Image Autosave: from n/a through 2.1.0. | ||||
| CVE-2025-32498 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in oleglark VKontakte Cross-Post allows Stored XSS. This issue affects VKontakte Cross-Post: from n/a through 0.3.2. | ||||
| CVE-2025-28887 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Fastmover Plugins Last Updated Column allows Cross Site Request Forgery. This issue affects Plugins Last Updated Column: from n/a through 0.1.3. | ||||
| CVE-2024-53727 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in LinkLaunder.com LinkLaunder SEO allows Stored XSS.This issue affects LinkLaunder SEO: from n/a through 0.92.1. | ||||
| CVE-2024-53777 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Alberto Reineri Simple Header and Footer allows Stored XSS.This issue affects Simple Header and Footer: from n/a through 1.0.0. | ||||
| CVE-2025-31474 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in matthewprice1178 WP Database Optimizer allows Cross Site Request Forgery. This issue affects WP Database Optimizer: from n/a through 1.2.1.3. | ||||
| CVE-2025-39442 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in MessageMetric Review Wave – Google Places Reviews allows Stored XSS. This issue affects Review Wave – Google Places Reviews: from n/a through 1.4.7. | ||||
| CVE-2025-23765 | 2 W3speedster, Wordpress | 2 W3speedster, Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER allows Cross Site Request Forgery.This issue affects W3SPEEDSTER: from n/a through 7.33. | ||||
| CVE-2025-24699 | 2 Wordpress, Wow-company | 2 Wordpress, Wp Coder | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder allows Cross-Site Scripting (XSS). This issue affects WP Coder: from n/a through 3.6. | ||||
| CVE-2025-24711 | 1 Wow-company | 1 Popup Box | 2025-07-12 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Popup Box allows Cross Site Request Forgery. This issue affects Popup Box: from n/a through 3.2.4. | ||||
| CVE-2025-24716 | 2 Wordpress, Wow-company | 2 Wordpress, Herd Effects | 2025-07-12 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Herd Effects allows Cross Site Request Forgery. This issue affects Herd Effects: from n/a through 6.2.1. | ||||
| CVE-2025-24720 | 2 Wordpress, Wow-company | 2 Wordpress, Sticky Buttons | 2025-07-12 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons allows Cross Site Request Forgery. This issue affects Sticky Buttons: from n/a through 4.1.1. | ||||
| CVE-2025-30584 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in alphaomegaplugins AlphaOmega Captcha & Anti-Spam Filter allows Stored XSS. This issue affects AlphaOmega Captcha & Anti-Spam Filter: from n/a through 3.3. | ||||
| CVE-2025-31613 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. AB Google Map Travel allows Cross Site Request Forgery. This issue affects AB Google Map Travel : from n/a through 4.6. | ||||
| CVE-2024-4751 | 1 Goprayer | 1 Prayer | 2025-07-11 | 4.3 Medium |
| The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2025-36576 | 1 Dell | 1 Wyse Management Suite | 2025-07-11 | 2.7 Low |
| Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery. | ||||
| CVE-2023-6980 | 1 Veronalabs | 1 Wp Sms | 2025-07-11 | 4.3 Medium |
| The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the 'delete' action of the wp-sms-subscribers page. This makes it possible for unauthenticated attackers to delete subscribers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-20195 | 1 Cisco | 1 Ios Xe | 2025-07-11 | 4.3 Medium |
| A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to clear the syslog, parser, and licensing logs on the affected device if the targeted user has privileges to clear those logs. | ||||
| CVE-2024-7386 | 1 Wpdownloadmanager | 1 Premium Packages - Sell Digital Products Securely | 2025-07-11 | 4.3 Medium |
| The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the addRefund() function. This makes it possible for unauthenticated attackers to perform actions such as initiating refunds via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link. | ||||