ReportizFlow
Filtered by vendor
Subscriptions
Total
8050 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9747 | 1 Benjaminjonard | 1 Koillection | 2025-09-01 | 4.3 Medium |
| A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrf_protection_controller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.0 is able to address this issue. The name of the patch is 9ab8562d3f1e953da93fed63f9ee802c7ea26a9a. It is suggested to upgrade the affected component. The vendor explains: "I ended up switching to a newer CSRF handling using stateless token." | ||||
| CVE-2025-9374 | 2 Briancolinger, Wordpress | 2 Ultimate Tag Warrior Importer, Wordpress | 2025-09-01 | 4.3 Medium |
| The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to import tags granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-56474 | 2 Ibm, Linux | 3 Aix, Txseries For Multiplatforms, Linux Kernel | 2025-09-01 | 4.3 Medium |
| IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2025-9618 | 2 Wordpress, Wpdreams | 2 Wordpress, Related Posts Lite | 2025-08-31 | 4.3 Medium |
| The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-43684 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2025-08-30 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0. | ||||
| CVE-2024-13580 | 1 Xavivars | 1 Xv Random Quotes | 2025-08-29 | 4.3 Medium |
| The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack | ||||
| CVE-2025-48362 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Cross Site Request Forgery. This issue affects Hesabfa Accounting: from n/a through 2.2.4. | ||||
| CVE-2025-48363 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Metin Saraç Popup for CF7 with Sweet Alert allows Cross Site Request Forgery. This issue affects Popup for CF7 with Sweet Alert: from n/a through 1.6.5. | ||||
| CVE-2025-54541 | 1 Opensolution | 1 Quick.cms | 2025-08-29 | N/A |
| QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | ||||
| CVE-2025-49040 | 2 Backupbolt, Wordpress | 2 Backup Bolt, Wordpress | 2025-08-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through 1.4.1. | ||||
| CVE-2025-7812 | 2025-08-29 | 8.8 High | ||
| The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.6. This is due to missing or incorrect nonce validation on the adminExport() function. This makes it possible for unauthenticated attackers to update settings and execute remote code when the Server command execution setting is enabled via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-48306 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in developers savyour Savyour Affiliate Partner allows Stored XSS. This issue affects Savyour Affiliate Partner: from n/a through 2.1.4. | ||||
| CVE-2025-48309 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in web-able BetPress allows Stored XSS. This issue affects BetPress: from n/a through 1.0.1 Lite. | ||||
| CVE-2025-48310 | 2 Wordpress, Wptableeditor | 2 Wordpress, Table Editor | 2025-08-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in wptableeditor Table Editor allows Cross Site Request Forgery. This issue affects Table Editor: from n/a through 1.6.4. | ||||
| CVE-2025-48320 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in cuckoohello 百度分享按钮 allows Stored XSS. This issue affects 百度分享按钮: from n/a through 1.0.6. | ||||
| CVE-2025-58217 | 2025-08-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov Instant Breaking News allows Stored XSS. This issue affects Instant Breaking News: from n/a through 1.0. | ||||
| CVE-2025-54598 | 1 Bevy | 1 Event Service | 2025-08-29 | 6.5 Medium |
| The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI. | ||||
| CVE-2025-58202 | 2 Pluginsandsnippets, Wordpress | 2 Simple Page Access Restriction, Wordpress | 2025-08-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Plugins and Snippets Simple Page Access Restriction allows Cross Site Request Forgery. This issue affects Simple Page Access Restriction: from n/a through 1.0.32. | ||||
| CVE-2025-48325 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in shmish111 WP Admin Theme allows Stored XSS. This issue affects WP Admin Theme: from n/a through 1.0. | ||||
| CVE-2025-48321 | 2025-08-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in dyiosah Ultimate twitter profile widget allows Stored XSS. This issue affects Ultimate twitter profile widget: from n/a through 1.0. | ||||