Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9633 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26545 | 2025-02-18 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in shisuh Related Posts Line-up-Exactly by Milliard allows Stored XSS. This issue affects Related Posts Line-up-Exactly by Milliard: from n/a through 0.0.22. | ||||
| CVE-2025-26572 | 2025-02-18 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in jesseheap WP PHPList allows Cross Site Request Forgery. This issue affects WP PHPList: from n/a through 1.7. | ||||
| CVE-2025-26577 | 2025-02-18 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in daxiawp DX-auto-publish allows Stored XSS. This issue affects DX-auto-publish: from n/a through 1.2. | ||||
| CVE-2025-26580 | 2025-02-18 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in CompleteWebResources Page/Post Specific Social Share Buttons allows Stored XSS. This issue affects Page/Post Specific Social Share Buttons: from n/a through 2.1. | ||||
| CVE-2025-26582 | 2025-02-18 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Blackbam TinyMCE Advanced qTranslate fix editor problems allows Stored XSS. This issue affects TinyMCE Advanced qTranslate fix editor problems: from n/a through 1.0.0. | ||||
| CVE-2025-26759 | 2025-02-18 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager allows Stored XSS. This issue affects Content Snippet Manager: from n/a through 1.1.5. | ||||
| CVE-2025-26768 | 2025-02-18 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field allows Stored XSS. This issue affects what3words Address Field: from n/a through 4.0.15. | ||||
| CVE-2024-47935 | 2025-02-18 | 6.7 Medium | ||
| Improper Validation of Integrity Check Value vulnerability in TXOne Networks StellarProtect (Legacy Mode), StellarEnforce, and Safe Lock allows an attacker to escalate their privileges in the victim’s device. The attacker needs to hijack the DLL file in advance. This issue affects StellarProtect (Legacy Mode): before 3.2; StellarEnforce: before 3.2; Safe Lock: from 3.0.0 before 3.1.1076. *Note: StellarProtect (Legacy Mode) is the new name for StellarEnforce, they are the same product. | ||||
| CVE-2024-9661 | 2025-02-18 | 4.3 Medium | ||
| The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated attackers to delete imported content (posts, comments, users, etc.) via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-26543 | 2025-02-18 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Pukhraj Suthar Simple Responsive Menu allows Stored XSS. This issue affects Simple Responsive Menu: from n/a through 2.1. | ||||
| CVE-2025-24875 | 2025-02-18 | 6.8 Medium | ||
| SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None (SameSite=None). This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues. | ||||
| CVE-2025-1358 | 2025-02-18 | 4.3 Medium | ||
| A vulnerability classified as problematic was found in Pix Software Vivaz 6.0.10. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-40883 | 1 Elecom | 12 Wrc-2533gs2-b, Wrc-2533gs2-b Firmware, Wrc-2533gs2-w and 9 more | 2025-02-17 | 6.5 Medium |
| Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc. | ||||
| CVE-2020-19278 | 1 Mm-wiki Project | 1 Mm-wiki | 2025-02-14 | 8.8 High |
| Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter. | ||||
| CVE-2024-3089 | 1 Phpgurukul | 1 Emergency Ambulance Hiring Portal | 2025-02-14 | 4.3 Medium |
| A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/manage-ambulance.php of the component Manage Ambulance Page. The manipulation of the argument del leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258682 is the identifier assigned to this vulnerability. | ||||
| CVE-2021-39353 | 1 Easyregistrationforms | 1 Easy Registration Forms | 2025-02-14 | 8.8 High |
| The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1. | ||||
| CVE-2023-1330 | 1 Inisev | 1 Redirection | 2025-02-14 | 6.5 Medium |
| The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack. | ||||
| CVE-2023-0820 | 1 Bestwebsoft | 1 User Role | 2025-02-14 | 8.8 High |
| The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role. | ||||
| CVE-2021-43353 | 1 Crisp | 1 Crisp | 2025-02-14 | 8.8 High |
| The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisp_plugin_settings_page function found in the ~/crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31. | ||||
| CVE-2024-27948 | 1 Bytesforall | 1 Atahualpa | 2025-02-14 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahualpa.This issue affects Atahualpa: from n/a through 3.7.24. | ||||