Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-23974

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-01 Mar, 2023 | 12:33
Updated At-13 Jan, 2025 | 15:55
Rejected At-
Credits

WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:01 Mar, 2023 | 12:33
Updated At:13 Jan, 2025 | 15:55
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).

Affected Products
Vendor
Fullworks
Product
Quick Event Manager
Collection URL
https://wordpress.org/plugins
Package Name
quick-event-manager
Default Status
unaffected
Versions
Affected
  • From n/a through 9.7.4 (custom)
    • -> unaffectedfrom9.7.5
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62CAPEC-62 Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: CAPEC-62 Cross Site Request Forgery
Solutions

Update to 9.7.5 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
yuyudhn (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-request-forgery-csrf?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-request-forgery-csrf?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-request-forgery-csrf?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-request-forgery-csrf?_s_id=cve
Resource:
vdb-entry
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:01 Mar, 2023 | 13:15
Updated At:07 Nov, 2023 | 04:08

Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CPE Matches
fullworksplugins
fullworksplugins
>>quick_event_manager>>Versions before 9.7.5(exclusive)
cpe:2.3:a:fullworksplugins:quick_event_manager:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE-352Secondaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-352
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-request-forgery-csrf?_s_id=cveaudit@patchstack.com
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-request-forgery-csrf?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

518Records found
CVE-2023-37968
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 14:56
Updated-19 Feb, 2025 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Falang multilanguage Plugin <= 1.3.39 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <= 1.3.39 versions.

Action-Not Available
Vendor-fabobaFaboba
Product-falangFalang multilanguage for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37996
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 30.39%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 09:48
Updated-19 Feb, 2025 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GTmetrix for WordPress Plugin <= 0.4.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.7 versions.

Action-Not Available
Vendor-gtmetrixGTmetrix
Product-gtmetrixGTmetrix for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37974
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 15:00
Updated-30 Sep, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-FB-AutoConnect Plugin <= 4.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Social AutoConnect plugin <= 4.6.1 versions.

Action-Not Available
Vendor-wp_social_autoconnect_projectJustin Klein
Product-wp_social_autoconnectWP Social AutoConnect
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37392
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.24%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 15:50
Updated-07 Oct, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Dummy Content Generator Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Deepak Anand WP Dummy Content Generator plugin <= 2.3.0 versions.

Action-Not Available
Vendor-wp_dummy_content_generator_projectDeepak Anand
Product-wp_dummy_content_generatorWP Dummy Content Generator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37387
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 12:14
Updated-27 Sep, 2024 | 12:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Classified Listing Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions.

Action-Not Available
Vendor-radiusthemeRadiusTheme
Product-classified_listingClassified Listing
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37386
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 12:06
Updated-25 Sep, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Media Library Helper by Codexin Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Media Library Helper plugin <= 1.2.0 versions.

Action-Not Available
Vendor-codexin
Product-media_library_helperMedia Library Helper
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-25448
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 19.63%
||
7 Day CHG+0.01%
Published-22 May, 2023 | 14:20
Updated-08 Jan, 2025 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Archivist – Custom Archive Templates Plugin <= 1.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions.

Action-Not Available
Vendor-archivist_projectEric Teubert
Product-archivistArchivist – Custom Archive Templates
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-36687
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.41%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 10:01
Updated-11 Oct, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Menubar Plugin <= 5.8.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Tarantini Menubar plugin <= 5.8.2 versions.

Action-Not Available
Vendor-dontdreamAndrea Tarantini
Product-menubarMenubar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37391
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.41%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 09:45
Updated-19 Feb, 2025 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress Mobile Pack Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin <= 3.4.1 versions.

Action-Not Available
Vendor-wpmobilepackWPMobilePack.com
Product-wordpress_mobile_packWordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-25697
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.48%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 14:34
Updated-02 Aug, 2024 | 11:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GamiPress plugin <= 2.5.6 - CSRF Leading to Settings Change Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 2.5.6.

Action-Not Available
Vendor-GamiPress
Product-GamiPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-36691
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.18%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 15:43
Updated-07 Oct, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WebwinkelKeur Plugin <= 3.24 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Albert Peschar WebwinkelKeur plugin <= 3.24 versions.

Action-Not Available
Vendor-webwinkelkeur_projectAlbert Peschar
Product-webwinkelkeurWebwinkelKeur
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-2528
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 32.83%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 23:35
Updated-13 Jan, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-supsysticsupsysticcom
Product-contact_formContact Form by Supsystic
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-25481
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 19.63%
||
7 Day CHG+0.01%
Published-23 May, 2023 | 12:26
Updated-02 Aug, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions.

Action-Not Available
Vendor-podlovePodlove
Product-podlove_subscribe_buttonPodlove Subscribe button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-25599
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 47.90%
||
7 Day CHG~0.00%
Published-21 Feb, 2022 | 17:49
Updated-20 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spiffy Calendar plugin <= 4.9.0 - Event deletion via Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0).

Action-Not Available
Vendor-spiffypluginsSpiffy Plugins
Product-spiffy_calendarSpiffy Calendar (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-36513
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 14:26
Updated-30 Sep, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AutomateWoo Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.

Action-Not Available
Vendor-WooCommerce
Product-automatewooAutomateWoo
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-25991
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.75%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 13:58
Updated-13 Jan, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic plugin <= 5.1.9.2 versions.

Action-Not Available
Vendor-Metagauss Inc.
Product-registrationmagicRegistrationMagic
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-35774
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 08:05
Updated-11 Oct, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LWS Tools Plugin <= 2.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.4.1 versions.

Action-Not Available
Vendor-lwsLWS
Product-lws_toolsLWS Tools
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-35781
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 07:58
Updated-11 Oct, 2024 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LWS Cleaner Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin <= 2.3.0 versions.

Action-Not Available
Vendor-lwsLWS
Product-lws_cleanerLWS Cleaner
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-35096
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 13:35
Updated-17 Oct, 2025 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress myCred Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.

Action-Not Available
Vendor-wpexpertsmyCred
Product-mycredmyCred
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-35880
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.49%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 13:40
Updated-30 Sep, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Brands Plugin <= 1.6.49 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions.

Action-Not Available
Vendor-WooCommerce
Product-brandsWooCommerce Brands
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-34384
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.24%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 00:58
Updated-29 Aug, 2024 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kebo Twitter Feed Plugin <= 1.5.12 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter Feed plugin <= 1.5.12 versions.

Action-Not Available
Vendor-kebo_twitter_feed_projectKebo
Product-kebo_twitter_feedKebo Twitter Feed
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-3409
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.93%
||
7 Day CHG~0.00%
Published-17 Aug, 2024 | 08:37
Updated-13 Sep, 2024 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bricks <= 1.8.1 - Cross-Site Request Forgery via reset_settings

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-bricksbuilderBricks Builder
Product-bricksBricks
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-35038
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 13:26
Updated-07 Oct, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP PDF Generator Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF Generator plugin <= 1.2.2 versions.

Action-Not Available
Vendor-wpexpertswpexperts.io
Product-wp_pdf_generatorWP PDF Generator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-25467
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 14:02
Updated-08 Nov, 2024 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Resize at Upload Plus Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Huizinga Resize at Upload Plus plugin <= 1.3 versions.

Action-Not Available
Vendor-resize_at_upload_plus_projectDaniel Mores, A. Huizinga
Product-resize_at_upload_plusResize at Upload Plus
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-25709
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.75%
||
7 Day CHG~0.00%
Published-15 Mar, 2023 | 10:25
Updated-13 Jan, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Locatoraid Store Locator Plugin <= 3.9.11 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.11 versions.

Action-Not Available
Vendor-plainwarePlainware
Product-locatoraidLocatoraid Store Locator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32514
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.18%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 22:24
Updated-10 Jun, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Google Site Verification plugin using Meta Tag Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2.

Action-Not Available
Vendor-himanshuparasharHimanshu Parashar
Product-google_site_verification_plugin_using_meta_tagGoogle Site Verification plugin using Meta Tag
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-33316
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-28 May, 2023 | 18:01
Updated-01 Nov, 2024 | 12:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions.

Action-Not Available
Vendor-WooCommerce
Product-automatewooWooCommerce Follow-Up Emails (AutomateWoo)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-33315
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-28 May, 2023 | 17:11
Updated-01 Nov, 2024 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Smart App Banner Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.2 versions.

Action-Not Available
Vendor-wandlesoftwareStephen Darlington, Wandle Software Limited
Product-smart_app_bannerSmart App Banner
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-33214
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.49%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 15:48
Updated-28 Aug, 2024 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Taggbox Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1.

Action-Not Available
Vendor-taggboxTagbox
Product-taggboxTagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-33314
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-28 May, 2023 | 17:29
Updated-08 Nov, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BEAR Plugin <= 1.1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1 versions.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-bear_-_woocommerce_bulk_editor_and_products_manager_professionalBEAR
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32245
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.05%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 22:32
Updated-01 Oct, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Server Side Request Forgery (SSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a through 5.4.8.

Action-Not Available
Vendor-WPDeveloper
Product-essential_addons_for_elementorEssential Addons for Elementor Pro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-31075
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.63%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 22:41
Updated-02 Aug, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Hide Login Plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Login.This issue affects Easy Hide Login: from n/a through 1.0.8.

Action-Not Available
Vendor-ciphercoinArshid
Product-easy_hide_loginEasy Hide Login
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28618
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 21:51
Updated-30 Aug, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Enhanced Plugin Admin Plugin <= 1.16 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin <= 1.16 versions.

Action-Not Available
Vendor-infolificMarios Alexandrou
Product-enhanced_plugin_adminEnhanced Plugin Admin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-29425
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.63%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 21:16
Updated-03 Sep, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.23 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions.

Action-Not Available
Vendor-plainwareplainware.com
Product-shiftcontrollerShiftController Employee Shift Scheduling
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28995
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 15:31
Updated-17 Oct, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Configurable Tag Cloud Plugin <= 5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Configurable Tag Cloud (CTC) plugin <= 5.2 versions.

Action-Not Available
Vendor-configurable_tag_cloud_projectKeith Solomon
Product-configurable_tag_cloudConfigurable Tag Cloud (CTC)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28694
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 21:47
Updated-03 Sep, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wbcom Designs – BuddyPress Activity Social Share Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin <= 3.5.0 versions.

Action-Not Available
Vendor-wbcomdesignsWbcom Designs
Product-buddypress_activity_social_shareWbcom Designs – BuddyPress Activity Social Share
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-29235
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 13:05
Updated-19 Sep, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Maintenance Switch Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions.

Action-Not Available
Vendor-fuguFugu
Product-maintenance_switchMaintenance Switch
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28747
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.49%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 13:06
Updated-29 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CBX Currency Converter Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Currency Converter plugin <= 3.0.3 versions.

Action-Not Available
Vendor-codeboxrcodeboxr
Product-cbx_currency_converterCBX Currency Converter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27623
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 22:43
Updated-30 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Page Numbers Plugin <= 0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Jens Törnell WP Page Numbers plugin <= 0.5 versions.

Action-Not Available
Vendor-jenstJens Törnell
Product-wp_page_numbersWP Page Numbers
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28419
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.07%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 22:15
Updated-30 Aug, 2024 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Force First and Last Name as Display Name Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Stranger Studios Force First and Last Name as Display Name plugin <= 1.2 versions.

Action-Not Available
Vendor-strangerstudiosStranger Studios
Product-force_display_nameForce First and Last Name as Display Name
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27606
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.93%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 10:28
Updated-07 Oct, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Reroute Email Plugin <= 1.4.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP Reroute Email plugin <= 1.4.6 versions.

Action-Not Available
Vendor-wp_reroute_email_projectSajjad Hossain
Product-wp_reroute_emailWP Reroute Email
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24533
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 13:59
Updated-27 Jan, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MetaSlider plugin <= 3.92.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider Responsive Slider by MetaSlider allows Cross Site Request Forgery. This issue affects Responsive Slider by MetaSlider: from n/a through 3.92.0.

Action-Not Available
Vendor-MetaSlider LLC
Product-Responsive Slider by MetaSlider
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24720
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-24 Jan, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sticky Buttons Plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons allows Cross Site Request Forgery. This issue affects Sticky Buttons: from n/a through 4.1.1.

Action-Not Available
Vendor-Wow-Company
Product-Sticky Buttons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-2830
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.86%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 11:22
Updated-23 Sep, 2024 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Testimonials Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions.

Action-Not Available
Vendor-trustindexTrustindex.io
Product-wp_testimonialsWP Testimonials
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27615
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 12:57
Updated-19 Sep, 2024 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Super Minify Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP Super Minify plugin <= 1.5.1 versions.

Action-Not Available
Vendor-dipakgajjarDipak C. Gajjar
Product-wp_super_minifyWP Super Minify
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28497
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.63%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 22:01
Updated-02 Aug, 2024 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions.

Action-Not Available
Vendor-tribulantTribulant
Product-slideshow_gallerySlideshow Gallery LITE
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28420
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 22:11
Updated-30 Aug, 2024 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Options Plus Plugin <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Leo Caseiro Custom Options Plus plugin <= 1.8.1 versions.

Action-Not Available
Vendor-leocaseiroLeo Caseiro
Product-custom_options_plusCustom Options Plus
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28172
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 22:24
Updated-07 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Google Map Plugin Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions.

Action-Not Available
Vendor-wepluginsflippercode
Product-wp_mapsWordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24715
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-09 Jun, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Counter Box Plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Counter Box allows Cross Site Request Forgery. This issue affects Counter Box: from n/a through 2.0.5.

Action-Not Available
Vendor-wow-companyWow-Company
Product-counter_boxCounter Box
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28167
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 22:31
Updated-30 Aug, 2024 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CF7 Invisible reCAPTCHA Plugin <= 1.3.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital CF7 Invisible reCAPTCHA plugin <= 1.3.3 versions.

Action-Not Available
Vendor-vsourzVsourz Digital
Product-cf7_invisible_recaptchaCF7 Invisible reCAPTCHA
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 9
  • 10
  • 11
  • Next
Details not found