ReportizFlow
Filtered by vendor
Subscriptions
Total
8337 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24546 | 1 Rstheme | 1 Ultimate Coming Soon \& Maintenance | 2025-06-09 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9. | ||||
| CVE-2025-24543 | 1 Rstheme | 1 Ultimate Coming Soon \& Maintenance | 2025-06-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9. | ||||
| CVE-2024-12750 | 1 Raiserweb | 1 Competition Form | 2025-06-09 | 4.3 Medium |
| The Competition Form WordPress plugin through 2.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2025-24715 | 1 Wow-company | 1 Counter Box | 2025-06-09 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Counter Box allows Cross Site Request Forgery. This issue affects Counter Box: from n/a through 2.0.5. | ||||
| CVE-2025-24698 | 1 G5plus | 1 Essential Real Estate | 2025-06-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in G5Theme Essential Real Estate allows Cross Site Request Forgery. This issue affects Essential Real Estate: from n/a through 5.1.8. | ||||
| CVE-2024-11373 | 1 Floriansimunek | 1 Connexion Logs | 2025-06-09 | 4.3 Medium |
| The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-11719 | 1 Couleurcitron | 1 Tarteaucitron-wp | 2025-06-09 | 6.1 Medium |
| The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-12301 | 1 Joomlaserviceprovider | 1 Jsp Store Locator | 2025-06-09 | 6.5 Medium |
| The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. | ||||
| CVE-2024-12282 | 1 Smyx | 1 Wp-connect | 2025-06-09 | 6.1 Medium |
| The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2023-6520 | 1 Melapress | 1 Wp 2fa | 2025-06-09 | 4.3 Medium |
| The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the send_backup_codes_email function. This makes it possible for unauthenticated attackers to send emails with arbitrary content to registered users via a forged request granted they can trick a site administrator or other registered user into performing an action such as clicking on a link. While a nonce check is present, it is only executed if a nonce is set. By omitting a nonce from the request, the check can be bypassed. | ||||
| CVE-2023-7297 | 1 Reneade | 1 Twitterposts | 2025-06-09 | 6.5 Medium |
| The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-10634 | 1 Nokautpl | 1 Nokaut Offers Box | 2025-06-09 | 4.3 Medium |
| The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack | ||||
| CVE-2023-52122 | 1 Presstigers | 1 Simple Job Board | 2025-06-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6. | ||||
| CVE-2025-47543 | 1 Themetechmount | 1 Truebooker | 2025-06-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker allows Cross Site Request Forgery. This issue affects TrueBooker: from n/a through 1.0.7. | ||||
| CVE-2025-47542 | 1 Migaweb | 1 Simple Calendar For Elementor | 2025-06-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.5. | ||||
| CVE-2025-47517 | 1 Wpplugin | 1 Accept Donations With Paypal | 2025-06-09 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Accept Donations with PayPal allows Stored XSS. This issue affects Accept Donations with PayPal: from n/a through 1.4.5. | ||||
| CVE-2025-5521 | 1 5kcrm | 1 Wukongcrm | 2025-06-09 | 4.3 Medium |
| A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-48146 | 1 Lupsonline | 1 Seo Flow | 2025-06-07 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Lups SEO Flow by LupsOnline allows Stored XSS. This issue affects SEO Flow by LupsOnline: from n/a through 2.2.0. | ||||
| CVE-2025-49273 | 2025-06-06 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi WP Tools allows Cross Site Request Forgery. This issue affects WP Tools: from n/a through 5.24. | ||||
| CVE-2025-49283 | 2025-06-06 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Matthias Nordwig Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant allows Cross Site Request Forgery. This issue affects Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant: from n/a through 4.1.1. | ||||