Export limit exceeded: 34736 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9633 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-25160 | 1 Markbarnes | 1 Style Tweaker | 2025-02-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker allows Stored XSS. This issue affects Style Tweaker: from n/a through 0.11. | ||||
| CVE-2025-25166 | 1 Gabrieldarezzo | 1 Inlocation | 2025-02-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation allows Stored XSS. This issue affects InLocation: from n/a through 1.8. | ||||
| CVE-2025-25168 | 1 Blackandwhitedigital | 1 Bookpress | 2025-02-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigital BookPress – For Book Authors allows Cross-Site Scripting (XSS). This issue affects BookPress – For Book Authors: from n/a through 1.2.7. | ||||
| CVE-2025-0683 | 2025-02-12 | 5.9 Medium | ||
| In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a machine-in-the-middle scenario. | ||||
| CVE-2025-24742 | 1 Codecabin | 1 Wp Go Maps | 2025-02-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Go Maps (formerly WP Google Maps) WP Go Maps. This issue affects WP Go Maps: from n/a through 9.0.40. | ||||
| CVE-2024-13683 | 1 Sperse | 1 Automate Hub | 2025-02-12 | 4.3 Medium |
| The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.0. This is due to missing or incorrect nonce validation on the 'automate_hub' page. This makes it possible for unauthenticated attackers to update an activation status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-22768 | 2025-02-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Media Library Mime Type allows Stored XSS. This issue affects Rocket Media Library Mime Type: from n/a through 2.1.0. | ||||
| CVE-2025-23745 | 2025-02-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Tussendoor internet & marketing Call me Now allows Stored XSS.This issue affects Call me Now: from n/a through 1.0.5. | ||||
| CVE-2025-23749 | 2025-02-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Mahdi Khaksar mybb Last Topics allows Stored XSS.This issue affects mybb Last Topics: from n/a through 1.0. | ||||
| CVE-2025-24355 | 2025-02-12 | N/A | ||
| Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a `maven` source configured with basic auth credentials, the credentials are being leaked in the application execution logs in case of failure. Credentials are properly sanitized when the operation is successful but not when for whatever reason there is a failure in the maven repository, e.g. wrong coordinates provided, not existing artifact or version. Version 0.93.0 contains a patch for the issue. | ||||
| CVE-2025-24714 | 2025-02-12 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu allows Cross Site Request Forgery. This issue affects Bubble Menu – circle floating menu: from n/a through 4.0.2. | ||||
| CVE-2025-24738 | 2025-02-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in NowButtons.com Call Now Button allows Cross Site Request Forgery. This issue affects Call Now Button: from n/a through 1.4.13. | ||||
| CVE-2025-24756 | 2025-02-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in mgplugin Roi Calculator allows Stored XSS. This issue affects Roi Calculator: from n/a through 1.0. | ||||
| CVE-2025-24538 | 2025-02-12 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in slaFFik BuddyPress Groups Extras allows Cross Site Request Forgery. This issue affects BuddyPress Groups Extras: from n/a through 3.6.10. | ||||
| CVE-2025-24540 | 2025-02-12 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Cross Site Request Forgery. This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.18.9. | ||||
| CVE-2024-27968 | 1 Optimole | 1 Super Page Cache | 2025-02-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Optimole Super Page Cache for Cloudflare allows Stored XSS.This issue affects Super Page Cache for Cloudflare: from n/a through 4.7.5. | ||||
| CVE-2023-2552 | 1 Bumsys Project | 1 Bumsys | 2025-02-12 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1. | ||||
| CVE-2024-4426 | 1 Comparisonslider | 1 Comparison Slider | 2025-02-12 | 4.3 Medium |
| The Comparison Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on several functions hooked to AJAX actions. This makes it possible for unauthenticated attackers to change slider titles, delete sliders and modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-3943 | 1 Delower | 1 Wp To Do | 2025-02-12 | 4.3 Medium |
| The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_addcomment function. This makes it possible for unauthenticated attackers to add comments to to do items via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-3945 | 1 Delower | 1 Wp To Do | 2025-02-12 | 4.3 Medium |
| The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_manage() function. This makes it possible for unauthenticated attackers to add new todo items via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||