ReportizFlow
Filtered by vendor
Subscriptions
Total
8088 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49382 | 2025-08-20 | 8.8 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in DexignZone JobZilla - Job Board WordPress Theme allows Privilege Escalation. This issue affects JobZilla - Job Board WordPress Theme: from n/a through 2.0. | ||||
| CVE-2022-3898 | 1 Tipsandtricks-hq | 1 Wp Affiliate Platform | 2025-08-20 | 8.8 High |
| The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliates_menu method. This makes it possible for unauthenticated attackers to delete affiliate records, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-9282 | 2 1234n, Bg5sbk | 2 Minicms, Minicms | 2025-08-20 | 4.3 Medium |
| A vulnerability was found in bg5sbk MiniCMS 1.11. It has been classified as problematic. Affected is an unknown function of the file page-edit.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-9281 | 2 1234n, Bg5sbk | 2 Minicms, Minicms | 2025-08-20 | 4.3 Medium |
| A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. This issue affects some unknown processing of the file post-edit.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-49895 | 2 Ithemes, Wordpress | 2 Serverbuddy, Wordpress | 2025-08-18 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a through 1.0.5. | ||||
| CVE-2025-7686 | 1 Wordpress | 1 Wordpress | 2025-08-18 | 6.1 Medium |
| The weichuncai(WP伪春菜) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the sm-options.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-7683 | 2 Janyksteenbeek, Wordpress | 2 Latestcheckins, Wordpress | 2025-08-18 | 6.1 Medium |
| The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation on the 'LatestCheckins' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-7668 | 2025-08-18 | 6.1 Medium | ||
| The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'inux-promotional-plugin.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-7684 | 2025-08-18 | 6.1 Medium | ||
| The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfm_albums_artwork.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-54702 | 2 Motovnet, Wordpress | 2 Ebook Store, Wordpress | 2025-08-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in motov.net Ebook Store allows Cross Site Request Forgery. This issue affects Ebook Store: from n/a through 5.8013. | ||||
| CVE-2025-54674 | 3 Product Configurator For Woocommerce Project, Woocommerce, Wordpress | 3 Product Configurator For Woocommerce, Woocommerce, Wordpress | 2025-08-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce allows Cross Site Request Forgery. This issue affects Product Configurator for WooCommerce: from n/a through 1.4.4. | ||||
| CVE-2025-54675 | 2 Wordpress, Yithemes | 2 Wordpress, Yith Woocommerce Compare | 2025-08-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Popup allows Cross Site Request Forgery. This issue affects YITH WooCommerce Popup: from n/a through 1.48.0. | ||||
| CVE-2025-54703 | 2 Prince, Wordpress | 2 Integrate Google Drive, Wordpress | 2025-08-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Prince Integrate Google Drive allows Cross Site Request Forgery. This issue affects Integrate Google Drive: from n/a through 1.5.2. | ||||
| CVE-2025-54672 | 2 Jordy Meow, Wordpress | 2 Photo Engine, Wordpress | 2025-08-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow Photo Engine allows Cross Site Request Forgery. This issue affects Photo Engine: from n/a through 6.4.3. | ||||
| CVE-2024-53946 | 1 Kuwfi | 1 Ac900 Router | 2025-08-17 | 8.8 High |
| The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection vulnerability in /goform/formMultiApnSetting. Successful exploitation can also lead to unauthorized configuration changes. | ||||
| CVE-2025-54728 | 2 Cminds, Wordpress | 3 Cm On Demand Search And Replace, Cm Search And Replace, Wordpress | 2025-08-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace allows Cross Site Request Forgery. This issue affects CM On Demand Search And Replace: from n/a through 1.5.2. | ||||
| CVE-2025-52769 | 2 Flexostudio, Wordpress | 2 Flexo-social-gallery Plugin, Wordpress | 2025-08-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in flexostudio flexo-social-gallery allows Cross Site Request Forgery. This issue affects flexo-social-gallery: from n/a through 1.0006. | ||||
| CVE-2025-7688 | 1 Wordpress | 1 Wordpress | 2025-08-17 | 6.1 Medium |
| The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'add-user-meta' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-4403 | 2 Lollms, Parisneo | 2 Lollms-webui, Lollms-webui | 2025-08-15 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function. | ||||
| CVE-2024-1522 | 1 Lollms | 1 Lollms Web Ui | 2025-08-15 | N/A |
| A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim's local lollms-webui instance to execute arbitrary OS commands. This issue allows attackers to take full control of the victim's system without requiring direct network access to the vulnerable application. | ||||