Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-23974

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-01 Mar, 2023 | 12:33
Updated At-13 Jan, 2025 | 15:55
Rejected At-
Credits

WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:01 Mar, 2023 | 12:33
Updated At:13 Jan, 2025 | 15:55
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).

Affected Products
Vendor
Fullworks
Product
Quick Event Manager
Collection URL
https://wordpress.org/plugins
Package Name
quick-event-manager
Default Status
unaffected
Versions
Affected
  • From n/a through 9.7.4 (custom)
    • -> unaffectedfrom9.7.5
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62CAPEC-62 Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: CAPEC-62 Cross Site Request Forgery
Solutions

Update to 9.7.5 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
yuyudhn (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-request-forgery-csrf?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-request-forgery-csrf?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-request-forgery-csrf?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-request-forgery-csrf?_s_id=cve
Resource:
vdb-entry
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:01 Mar, 2023 | 13:15
Updated At:07 Nov, 2023 | 04:08

Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CPE Matches
fullworksplugins
fullworksplugins
>>quick_event_manager>>Versions before 9.7.5(exclusive)
cpe:2.3:a:fullworksplugins:quick_event_manager:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE-352Secondaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-352
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-request-forgery-csrf?_s_id=cveaudit@patchstack.com
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-request-forgery-csrf?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

518Records found
CVE-2025-53262
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 3.33%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Writesonic plugin <= 1.0.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Writesonic Writesonic allows Cross Site Request Forgery. This issue affects Writesonic: from n/a through 1.0.4.

Action-Not Available
Vendor-Writesonic
Product-Writesonic
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53219
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 3.16%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 18:22
Updated-15 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-Database-Optimizer-Tools Plugin <= 0.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in pl4g4 WP-Database-Optimizer-Tools allows Cross Site Request Forgery. This issue affects WP-Database-Optimizer-Tools: from n/a through 0.2.

Action-Not Available
Vendor-pl4g4
Product-WP-Database-Optimizer-Tools
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53451
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 7.71%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:25
Updated-23 Sep, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mihdan: No External Links Plugin <= 5.1.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in mihdan Mihdan: No External Links allows Cross Site Request Forgery. This issue affects Mihdan: No External Links: from n/a through 5.1.4.

Action-Not Available
Vendor-mihdan
Product-Mihdan: No External Links
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53265
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 3.33%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Virusdie plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Elena Yamshikova Virusdie allows Cross Site Request Forgery. This issue affects Virusdie: from n/a through 1.1.3.

Action-Not Available
Vendor-Elena Yamshikova
Product-Virusdie
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53263
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 3.33%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Address Autocomplete via Google for Gravity Forms plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PluginsCafe Address Autocomplete via Google for Gravity Forms allows Cross Site Request Forgery. This issue affects Address Autocomplete via Google for Gravity Forms: from n/a through 1.3.4.

Action-Not Available
Vendor-PluginsCafe
Product-Address Autocomplete via Google for Gravity Forms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49163
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.24%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 22:17
Updated-02 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress teachPress Plugin <= 9.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.5.

Action-Not Available
Vendor-mtrvMichael Winkler
Product-teachpressteachPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48778
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.24%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 22:03
Updated-20 Nov, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Size Chart For WooCommerce Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce.This issue affects Product Size Chart For WooCommerce: from n/a through 1.1.5.

Action-Not Available
Vendor-VillaTheme
Product-product_size_chart_for_woocommerceProduct Size Chart For WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48284
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.61%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:45
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Japanized For WooCommerce <= 2.6.40 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in shohei.tanaka Japanized For WooCommerce allows Cross Site Request Forgery. This issue affects Japanized For WooCommerce: from n/a through 2.6.40.

Action-Not Available
Vendor-shohei.tanaka
Product-Japanized For WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44999
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.62%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 13:27
Updated-10 Mar, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Stripe Gateway plugin <= 7.6.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0.

Action-Not Available
Vendor-WooCommerce
Product-stripe_payment_gatewayWooCommerce Stripe Payment Gateway
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48342
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.61%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:55
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dynamic Pricing & Discounts Lite for WooCommerce <= 2.0.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in RedefiningTheWeb Dynamic Pricing &amp; Discounts Lite for WooCommerce allows Cross Site Request Forgery. This issue affects Dynamic Pricing &amp; Discounts Lite for WooCommerce: from n/a through 2.0.3.

Action-Not Available
Vendor-RedefiningTheWeb
Product-Dynamic Pricing &amp; Discounts Lite for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44996
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.86%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 15:50
Updated-18 Sep, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post View Count Plugin <= 1.8.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Naresh Parmar Post View Count plugin <= 1.8.2 versions.

Action-Not Available
Vendor-nareshparmar827Naresh Parmar
Product-post_view_countPost View Count
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45831
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.86%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 10:23
Updated-19 Feb, 2025 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AMP WP Plugin <= 1.5.15 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin Rafique AMP WP – Google AMP For WordPress plugin <= 1.5.15 versions.

Action-Not Available
Vendor-pixelativePixelative, Mohsin Rafique
Product-google_ampAMP WP – Google AMP For WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45647
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.86%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 09:58
Updated-16 Sep, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Constant Contact Forms by MailMunch Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in MailMunch Constant Contact Forms by MailMunch plugin <= 2.0.10 versions.

Action-Not Available
Vendor-mailmunchMailMunch
Product-constant_contact_formsConstant Contact Forms by MailMunch
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49239
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 3.90%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.5.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce allows Cross Site Request Forgery. This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 5.5.0.

Action-Not Available
Vendor-tychesoftwares
Product-Print Invoice & Delivery Notes for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48344
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.61%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:55
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rootspersona <= 3.7.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ed4becky Rootspersona allows Cross Site Request Forgery. This issue affects Rootspersona: from n/a through 3.7.5.

Action-Not Available
Vendor-ed4becky
Product-Rootspersona
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45641
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.86%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 09:35
Updated-16 Sep, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Caret Country Access Limit Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Caret Inc. Caret Country Access Limit plugin <= 1.0.2 versions.

Action-Not Available
Vendor-ca-retCaret Inc.
Product-country_access_limitCaret Country Access Limit
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48362
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 3.16%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-29 Aug, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hesabfa Accounting plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Cross Site Request Forgery. This issue affects Hesabfa Accounting: from n/a through 2.2.4.

Action-Not Available
Vendor-Saeed Sattar Beglou
Product-Hesabfa Accounting
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44997
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 07:57
Updated-17 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Forms Puzzle Captcha Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin <= 4.1 versions.

Action-Not Available
Vendor-nitinrathodNitin Rathod
Product-wp_forms_puzzle_captchaWP Forms Puzzle Captcha
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47667
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.61%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LiveAgent <= 4.4.7 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in qusupport LiveAgent allows Cross Site Request Forgery. This issue affects LiveAgent: from n/a through 4.4.7.

Action-Not Available
Vendor-qusupport
Product-LiveAgent
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47473
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.61%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PW WooCommerce Bulk Edit <= 2.134 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in pimwick PW WooCommerce Bulk Edit allows Cross Site Request Forgery. This issue affects PW WooCommerce Bulk Edit: from n/a through 2.134.

Action-Not Available
Vendor-pimwick
Product-PW WooCommerce Bulk Edit
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47684
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.61%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Smaily for WP <= 3.1.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Smaily Smaily for WP allows Cross Site Request Forgery. This issue affects Smaily for WP: from n/a through 3.1.6.

Action-Not Available
Vendor-Smaily
Product-Smaily for WP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47583
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 8.05%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:07
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Salon booking system plugin <= 10.16 - CSRF to Arbitrary Content Deletion vulnerability

Unauthenticated Cross Site Request Forgery (CSRF) in Salon booking system <= 10.16 versions.

Action-Not Available
Vendor-Dimitri Grassi
Product-Salon booking system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44473
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 10:08
Updated-19 Sep, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Table of Contents Plus Plugin <= 2302 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus plugin <= 2302 versions.

Action-Not Available
Vendor-dublueMichael Tran
Product-table_of_contents_plusTable of Contents Plus
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47655
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.17%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 21:13
Updated-10 Jun, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ANAC XML Bandi di Gara Plugin <= 7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi ANAC XML Bandi di Gara.This issue affects ANAC XML Bandi di Gara: from n/a through 7.5.

Action-Not Available
Vendor-wpgovMarco Milesi
Product-anac_xml_bandi_di_garaANAC XML Bandi di Gara
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47661
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.61%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 워드프레스 결제 심플페이 <= 5.2.11 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in codemstory 워드프레스 결제 심플페이 allows Cross Site Request Forgery. This issue affects 워드프레스 결제 심플페이: from n/a through 5.2.11.

Action-Not Available
Vendor-codemstory
Product-워드프레스 결제 심플페이
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47466
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.61%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate WP Mail <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate WP Mail allows Cross Site Request Forgery. This issue affects Ultimate WP Mail: from n/a through 1.3.4.

Action-Not Available
Vendor-Rustaurius
Product-Ultimate WP Mail
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44470
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.86%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 13:59
Updated-18 Sep, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kv TinyMCE Editor Add Fonts Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin <= 1.1 versions.

Action-Not Available
Vendor-kvvaradhaKvvaradha
Product-kv_tinymce_editor_add_fontsKv TinyMCE Editor Add Fonts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47806
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.25%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 15:45
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Disable User Login Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Saint Systems Disable User Login.This issue affects Disable User Login: from n/a through 1.3.7.

Action-Not Available
Vendor-saintsystemsSaint Systems
Product-disable_user_loginDisable User Login
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47644
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.87%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 21:31
Updated-28 Aug, 2024 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ProfileGrid Plugin <= 5.6.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.6.6.

Action-Not Available
Vendor-Metagauss Inc.
Product-profilegridProfileGrid – User Profiles, Memberships, Groups and Communities
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47669
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 00:55
Updated-29 Aug, 2024 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Profile Builder Plugin <= 3.10.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.10.3 versions.

Action-Not Available
Vendor-cozmoslabsCozmoslabs
Product-profile_builderUser Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44475
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.87%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 14:25
Updated-30 Dec, 2025 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Add Shortcodes Actions And Filters Plugin <= 2.0.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9 versions.

Action-Not Available
Vendor-add_shortcodes_actions_and_filters_projectMichael Simpson
Product-add_shortcodes_actions_and_filtersAdd Shortcodes Actions And Filters
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47758
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.49%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 18:09
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi Step Form Plugin <= 1.7.11 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form plugin <= 1.7.11 versions.

Action-Not Available
Vendor-mondulaMondula GmbH
Product-multi_step_formMulti Step Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45656
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.86%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:54
Updated-16 Sep, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Lazy Load for Videos Plugin <= 2.18.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Kevin Weber Lazy Load for Videos plugin <= 2.18.2 versions.

Action-Not Available
Vendor-kevinweberKevin Weber
Product-lazy_load_for_videosLazy Load for Videos
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45642
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.87%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 09:48
Updated-16 Sep, 2024 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Snap Pixel Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Hassan Ali Snap Pixel plugin <= 1.5.7 versions.

Action-Not Available
Vendor-coresolHassan Ali
Product-snap_pixelSnap Pixel
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45645
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.86%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 09:53
Updated-16 Sep, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Open Street Map Plugin <= 1.25 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in InfoD74 WP Open Street Map plugin <= 1.25 versions.

Action-Not Available
Vendor-info-d-74InfoD74
Product-open_street_mapWP Open Street Map
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46231
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.17%
||
7 Day CHG+0.06%
Published-22 Apr, 2025 | 09:53
Updated-30 Apr, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress affiliate-toolkit <= 3.7.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit allows Cross Site Request Forgery. This issue affects affiliate-toolkit: from n/a through 3.7.3.

Action-Not Available
Vendor-servitSERVIT Software Solutions
Product-affiliate-toolkitaffiliate-toolkit
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46498
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 7.37%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Zalo Official Live Chat <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in nghialuu Zalo Official Live Chat allows Cross Site Request Forgery. This issue affects Zalo Official Live Chat: from n/a through 1.0.0.

Action-Not Available
Vendor-nghialuu
Product-Zalo Official Live Chat
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45763
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.23%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 10:15
Updated-13 Sep, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Taggbox Plugin <= 2.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Taggbox plugin <= 2.9 versions.

Action-Not Available
Vendor-taggboxTaggbox
Product-taggboxTaggbox
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-23515
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.77%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 13:41
Updated-01 Aug, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cincopa video and media plugin <= 1.159 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video Players.This issue affects Post Video Players: from n/a through 1.159.

Action-Not Available
Vendor-Cincopa
Product-Post Video Players
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47649
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.86%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 21:27
Updated-14 Aug, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Best Restaurant Menu by PriceListo Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PriceListo Best Restaurant Menu by PriceListo.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.3.1.

Action-Not Available
Vendor-pricelistoPriceListo
Product-best_restaurant_menuBest Restaurant Menu by PriceListo
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44995
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.86%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 15:46
Updated-18 Sep, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Login Redirect Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect plugin <= 2.2.4 versions.

Action-Not Available
Vendor-wpdoctorWP Doctor
Product-woocommerce_login_redirectWooCommerce Login Redirect
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46150
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.62%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 10:07
Updated-11 Sep, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Radio plugin <= 3.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radio plugin <= 3.1.9 versions.

Action-Not Available
Vendor-wpmilitaryWP Military
Product-wp_radioWP Radio
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-22953
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.35%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 12:42
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"

Action-Not Available
Vendor-concretecmsn/a
Product-concrete_cmshttps://github.com/concrete5/concrete5
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45269
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.70%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 15:00
Updated-02 Aug, 2024 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple SEO Plugin <= 2.0.25 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 2.0.25 versions.

Action-Not Available
Vendor-coledsDavid Cole
Product-simple_seoSimple SEO
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-4247
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.50%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 08:33
Updated-06 Nov, 2024 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_disconnect function. This makes it possible for unauthenticated attackers to deactivate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-GiveWP
Product-givewpGiveWP – Donation Plugin and Fundraising Platform
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-41854
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.86%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 08:46
Updated-17 Sep, 2024 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wpCentral Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. WpCentral plugin <= 1.5.7 versions.

Action-Not Available
Vendor-wpcentralSoftaculous Ltd.
Product-wpcentralwpCentral
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22143
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 12:56
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Spell Check Plugin <= 9.17 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.This issue affects WP Spell Check: from n/a through 9.17.

Action-Not Available
Vendor-wpspellcheckWP Spell Check
Product-wpspellcheckWP Spell Check
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-21749
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.33%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 16:31
Updated-08 Jan, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 1 click disable all Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au 1 click disable all.This issue affects 1 click disable all: from n/a through 1.0.1.

Action-Not Available
Vendor-atakanauAtakan Au
Product-click_disable_all1 click disable all
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-41950
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 14:57
Updated-19 Sep, 2024 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Laposta Signup Basic Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin <= 1.4.1 versions.

Action-Not Available
Vendor-lapostaLaposta - Roel Bousardt
Product-laposta_signup_basicLaposta Signup Basic
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-1407
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 42.03%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 06:55
Updated-17 Jan, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to subscribe to, modify, or cancel membership for a user via a forged request granted they can trick a user into performing an action such as clicking on a link.

Action-Not Available
Vendor-strangerstudiosstrangerstudios
Product-paid_memberships_proPaid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 10
  • 11
  • Next
Details not found