Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-23974

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-01 Mar, 2023 | 12:33
Updated At-13 Jan, 2025 | 15:55
Rejected At-
Credits

WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:01 Mar, 2023 | 12:33
Updated At:13 Jan, 2025 | 15:55
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).

Affected Products
Vendor
Fullworks
Product
Quick Event Manager
Collection URL
https://wordpress.org/plugins
Package Name
quick-event-manager
Default Status
unaffected
Versions
Affected
  • From n/a through 9.7.4 (custom)
    • -> unaffectedfrom9.7.5
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62CAPEC-62 Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: CAPEC-62 Cross Site Request Forgery
Solutions

Update to 9.7.5 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
yuyudhn (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-request-forgery-csrf?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-request-forgery-csrf?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-request-forgery-csrf?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-request-forgery-csrf?_s_id=cve
Resource:
vdb-entry
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:01 Mar, 2023 | 13:15
Updated At:07 Nov, 2023 | 04:08

Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CPE Matches
fullworksplugins
fullworksplugins
>>quick_event_manager>>Versions before 9.7.5(exclusive)
cpe:2.3:a:fullworksplugins:quick_event_manager:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE-352Secondaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-352
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-request-forgery-csrf?_s_id=cveaudit@patchstack.com
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-request-forgery-csrf?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

518Records found
CVE-2023-49821
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.24%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 22:31
Updated-30 Sep, 2024 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress.This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15.

Action-Not Available
Vendor-livechatLiveChat
Product-livechatLiveChat – WP live chat plugin for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-34373
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 12:33
Updated-18 Oct, 2024 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Zephyr Project Manager Plugin <= 3.3.93 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions.

Action-Not Available
Vendor-zephyr_project_manager_projectDylan James
Product-zephyr_project_managerZephyr Project Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48744
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.63%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 12:33
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Availability Calendar Plugin <= 1.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery.This issue affects Availability Calendar: from n/a through 1.2.6.

Action-Not Available
Vendor-offshorewebmasterOffshore Web Master
Product-availability_calendarAvailability Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49760
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.25%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 22:21
Updated-02 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPsoonOnlinePage Plugin <= 1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas WPsoonOnlinePage.This issue affects WPsoonOnlinePage: from n/a through 1.9.

Action-Not Available
Vendor-giannopouloskostasGiannopoulos Kostas
Product-wpsoononlinepageWPsoonOnlinePage
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49834
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-17 Dec, 2023 | 10:38
Updated-02 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-fox_-_currency_switcher_professional_for_woocommerceFOX – Currency Switcher Professional for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49164
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.24%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 21:41
Updated-03 Sep, 2024 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ocean Extra Plugin <= 2.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2.

Action-Not Available
Vendor-oceanwpOceanWP
Product-ocean_extraOcean Extra
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49853
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 14:33
Updated-02 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PayTR Taksit Tablosu Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. PayTR Taksit Tablosu – WooCommerce.This issue affects PayTR Taksit Tablosu – WooCommerce: from n/a through 1.3.1.

Action-Not Available
Vendor-paytrPayTR Ödeme ve Elektronik Para Kuruluşu A.Ş.
Product-paytr_taksit_tablosu_-_woocommercePayTR Taksit Tablosu – WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48773
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.25%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 22:01
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Login Redirect Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect.This issue affects WooCommerce Login Redirect: from n/a through 2.2.4.

Action-Not Available
Vendor-wpdoctorWP Doctor
Product-woocommerce_login_redirectWooCommerce Login Redirect
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47875
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.63%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 16:12
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery.This issue affects Perfmatters: from n/a through 2.1.6.

Action-Not Available
Vendor-perfmattersPerfmatters
Product-perfmattersPerfmatters
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48330
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.62%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 12:56
Updated-03 Jun, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bulk Comment Remove Plugin <= 2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Mike Strand Bulk Comment Remove allows Cross Site Request Forgery.This issue affects Bulk Comment Remove: from n/a through 2.

Action-Not Available
Vendor-supremoMike Strand
Product-bulk_comment_removeBulk Comment Remove
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48334
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.62%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 12:52
Updated-20 Nov, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress League Table Plugin <= 1.13 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table allows Cross Site Request Forgery.This issue affects League Table: from n/a through 1.13.

Action-Not Available
Vendor-daextDAEXT
Product-league_tableLeague Table
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47243
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.86%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 22:06
Updated-28 Aug, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MSHOP MY SITE Plugin <= 1.1.6 is vulnerable to Broken Access Control

Cross-Site Request Forgery (CSRF) vulnerability in CodeMShop 코드엠샵 마이사이트 – MSHOP MY SITE.This issue affects 코드엠샵 마이사이트 – MSHOP MY SITE: from n/a through 1.1.6.

Action-Not Available
Vendor-codemshopCodeMShop
Product-mshop_my_site코드엠샵 마이사이트 – MSHOP MY SITE
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47685
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.86%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 20:40
Updated-14 Aug, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Preloader Matrix Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through 2.0.1.

Action-Not Available
Vendor-nkb-bdLukman Nakib
Product-preloader_matrixPreloader Matrix
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47553
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.86%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 21:41
Updated-28 Aug, 2024 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UserHeat Plugin Plugin <= 1.1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in User Local Inc UserHeat Plugin.This issue affects UserHeat Plugin: from n/a through 1.1.6.

Action-Not Available
Vendor-userlocalUser Local Inc
Product-userheat_pluginUserHeat Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47671
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.87%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 20:48
Updated-28 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Vertical scroll recent post Plugin <= 14.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Vertical scroll recent.This issue affects Vertical scroll recent post: from n/a through 14.0.

Action-Not Available
Vendor-gopiplusGopi Ramasamy
Product-vertical_scroll_recent_registered_userVertical scroll recent post
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48282
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.63%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 13:07
Updated-02 Aug, 2024 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Taxonomy filter Plugin <= 2.2.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio Taxonomy filter allows Cross Site Request Forgery.This issue affects Taxonomy filter: from n/a through 2.2.9.

Action-Not Available
Vendor-andrealandonioAndrea Landonio
Product-taxonomy_filterTaxonomy filter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47552
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.87%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 21:45
Updated-02 Aug, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Hover Effects Plugin <= 5.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Image Hover Effects – WordPress Plugin.This issue affects Image Hover Effects – WordPress Plugin: from n/a through 5.5.

Action-Not Available
Vendor-webdevoceanLabib Ahmed
Product-image_hover_effectsImage Hover Effects – WordPress Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47230
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.49%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 00:07
Updated-08 Jan, 2025 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Forms by Cimatti Plugin <= 1.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.6.0 versions.

Action-Not Available
Vendor-cimattiCimatti Consulting
Product-wordpress_contact_formsWordPress Contact Forms by Cimatti
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47824
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.62%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 19:36
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Legal Pages Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator plugin <= 1.3.8 versions.

Action-Not Available
Vendor-wpwaxwpWax
Product-legal_pagesLegal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32247
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.32%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Content Creator plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ABCdatos AI Content Creator allows Cross Site Request Forgery. This issue affects AI Content Creator: from n/a through 1.2.6.

Action-Not Available
Vendor-ABCdatos
Product-AI Content Creator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32679
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.32%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Registration Using Contact Form 7 plugin <= 2.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ZealousWeb User Registration Using Contact Form 7 allows Cross Site Request Forgery. This issue affects User Registration Using Contact Form 7: from n/a through 2.2.

Action-Not Available
Vendor-ZealousWeb
Product-User Registration Using Contact Form 7
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32250
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.32%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rollbar plugin <= 2.7.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in rollbar Rollbar allows Cross Site Request Forgery. This issue affects Rollbar: from n/a through 2.7.1.

Action-Not Available
Vendor-rollbar
Product-Rollbar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32248
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.32%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SwiftXR (3D/AR/VR) Viewer plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SwiftXR SwiftXR (3D/AR/VR) Viewer allows Cross Site Request Forgery. This issue affects SwiftXR (3D/AR/VR) Viewer: from n/a through 1.0.7.

Action-Not Available
Vendor-SwiftXR
Product-SwiftXR (3D/AR/VR) Viewer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32249
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.32%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DirectoryPress – Business Directory And Classified Ad Listing Plugin <=3.6.19 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in designinvento DirectoryPress allows Cross Site Request Forgery. This issue affects DirectoryPress: from n/a through 3.6.19.

Action-Not Available
Vendor-designinvento
Product-DirectoryPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31457
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.32%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 11:54
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LWS SMS <= 2.4.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Aurélien LWS LWS SMS allows Cross Site Request Forgery. This issue affects LWS SMS: from n/a through 2.4.1.

Action-Not Available
Vendor-Aurélien LWS
Product-LWS SMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31915
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.61%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pixel WordPress Form BuilderPlugin & Autoresponder <= 1.0.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder allows Cross Site Request Forgery. This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through 1.0.2.

Action-Not Available
Vendor-kamleshyadav
Product-Pixel WordPress Form BuilderPlugin & Autoresponder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31779
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.32%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-02 Apr, 2025 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Query Wrangler plugin <= 1.5.53 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Daggerhart Query Wrangler allows Cross Site Request Forgery. This issue affects Query Wrangler: from n/a through 1.5.53.

Action-Not Available
Vendor-Jonathan Daggerhart
Product-Query Wrangler
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31448
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.32%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 11:54
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Trackback Disabler <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in misteraon Simple Trackback Disabler allows Cross Site Request Forgery. This issue affects Simple Trackback Disabler: from n/a through 1.4.

Action-Not Available
Vendor-misteraon
Product-Simple Trackback Disabler
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31439
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.32%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 11:54
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Browser Caching with .htaccess 1.2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in tobias_.MerZ Browser Caching with .htaccess allows Cross Site Request Forgery. This issue affects Browser Caching with .htaccess: from 1.2.1 through n/a.

Action-Not Available
Vendor-tobias_.MerZ
Product-Browser Caching with .htaccess
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31447
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.32%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 11:54
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NertWorks All in One Social Share Tools <=1.26 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in nertworks NertWorks All in One Social Share Tools allows Cross Site Request Forgery. This issue affects NertWorks All in One Social Share Tools: from n/a through 1.26.

Action-Not Available
Vendor-nertworks
Product-NertWorks All in One Social Share Tools
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31859
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.32%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:52
Updated-14 Apr, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Feedbucket – Website Feedback Tool Plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Feedbucket Feedbucket – Website Feedback Tool allows Cross Site Request Forgery. This issue affects Feedbucket – Website Feedback Tool: from n/a through 1.0.6.

Action-Not Available
Vendor-Feedbucket
Product-Feedbucket – Website Feedback Tool
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31785
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.32%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Clearbit Reveal plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Clearbit Clearbit Reveal allows Cross Site Request Forgery. This issue affects Clearbit Reveal: from n/a through 1.0.6.

Action-Not Available
Vendor-Clearbit
Product-Clearbit Reveal
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31588
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.32%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Elfsight Testimonials Slider plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in elfsight Elfsight Testimonials Slider allows Cross Site Request Forgery. This issue affects Elfsight Testimonials Slider: from n/a through 1.0.1.

Action-Not Available
Vendor-elfsight
Product-Elfsight Testimonials Slider
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30986
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 3.90%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Elite Video Player <= 10.0.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in _CreativeMedia_ Elite Video Player allows Cross Site Request Forgery. This issue affects Elite Video Player: from n/a through 10.0.5.

Action-Not Available
Vendor-_CreativeMedia_
Product-Elite Video Player
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30619
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 7.60%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-24 Mar, 2025 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SpeakPipe - <= <= 0.2 Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SpeakPipe SpeakPipe allows Cross Site Request Forgery. This issue affects SpeakPipe: from n/a through 0.2.

Action-Not Available
Vendor-SpeakPipe
Product-SpeakPipe
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30968
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 3.90%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Post List <= 0.5.6.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in jokerbr313 Advanced Post List allows Cross Site Request Forgery. This issue affects Advanced Post List: from n/a through 0.5.6.2.

Action-Not Available
Vendor-jokerbr313
Product-Advanced Post List
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30632
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 3.90%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Global Translator <= 2.0.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in pozzad Global Translator allows Cross Site Request Forgery. This issue affects Global Translator: from n/a through 2.0.2.

Action-Not Available
Vendor-pozzad
Product-Global Translator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30912
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.32%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Float menu plugin <= 6.1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Float menu allows Cross Site Request Forgery. This issue affects Float menu: from n/a through 6.1.2.

Action-Not Available
Vendor-Wow-Company
Product-Float menu
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26963
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 17.77%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 14:17
Updated-21 May, 2025 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ClickWhale plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in flowdee ClickWhale allows Cross Site Request Forgery. This issue affects ClickWhale: from n/a through 2.4.3.

Action-Not Available
Vendor-flowdeeflowdee
Product-clickwhaleClickWhale
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27624
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.91%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 22:33
Updated-24 Jun, 2025 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets (e.g., Build Queue and Build Executor Status widgets).

Action-Not Available
Vendor-Jenkins
Product-jenkinsJenkins
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27340
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 14:49
Updated-24 Feb, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress F12-Profiler Plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Marc F12-Profiler allows Cross Site Request Forgery. This issue affects F12-Profiler: from n/a through 1.3.9.

Action-Not Available
Vendor-Marc
Product-F12-Profiler
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24716
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-24 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Herd Effects Plugin <= 6.2.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Herd Effects allows Cross Site Request Forgery. This issue affects Herd Effects: from n/a through 6.2.1.

Action-Not Available
Vendor-Wow-Company
Product-Herd Effects
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24622
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Job Board Manager plugin <= 2.1.59 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Job Board Manager allows Cross Site Request Forgery. This issue affects Job Board Manager: from n/a through 2.1.59.

Action-Not Available
Vendor-PickPlugins
Product-Job Board Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24717
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 17.77%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-03 Jul, 2025 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Modal Window Plugin <= 6.1.4 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery. This issue affects Modal Window: from n/a through 6.1.4.

Action-Not Available
Vendor-wow-companyWow-Company
Product-modal_windowModal Window
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24772
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 3.90%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pay with Contact Form 7 <= 1.0.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in cmsMinds Pay with Contact Form 7 allows Cross Site Request Forgery. This issue affects Pay with Contact Form 7: from n/a through 1.0.4.

Action-Not Available
Vendor-cmsMinds
Product-Pay with Contact Form 7
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24724
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-24 Jan, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Side Menu Lite Plugin <= 5.3.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite allows Cross Site Request Forgery. This issue affects Side Menu Lite: from n/a through 5.3.1.

Action-Not Available
Vendor-Wow-Company
Product-Side Menu Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24713
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-24 Jan, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Button Generator – easily Button Builder Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder allows Cross Site Request Forgery. This issue affects Button Generator – easily Button Builder: from n/a through 3.1.1.

Action-Not Available
Vendor-Wow-Company
Product-Button Generator – easily Button Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25111
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.73%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-07 Feb, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Spell Check Plugin <= 9.21 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP Spell Check allows Cross Site Request Forgery. This issue affects WP Spell Check: from n/a through 9.21.

Action-Not Available
Vendor-WP Spell Check
Product-WP Spell Check
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24711
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-12 Feb, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popup Box Plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Popup Box allows Cross Site Request Forgery. This issue affects Popup Box: from n/a through 3.2.4.

Action-Not Available
Vendor-Wow-Company
Product-Popup Box
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25145
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Infusionsoft Analytics Plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics allows Cross Site Request Forgery. This issue affects Infusionsoft Analytics: from n/a through 2.0.

Action-Not Available
Vendor-jordan.hatch
Product-Infusionsoft Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 7
  • 8
  • 9
  • 10
  • 11
  • Next
Details not found