Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-23984

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-01 Mar, 2023 | 12:27
Updated At-13 Jan, 2025 | 15:55
Rejected At-
Credits

WordPress Bubble Menu – circle floating menu Plugin <= 3.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu plugin <= 3.0.1 leading to form deletion.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:01 Mar, 2023 | 12:27
Updated At:13 Jan, 2025 | 15:55
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Bubble Menu – circle floating menu Plugin <= 3.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu plugin <= 3.0.1 leading to form deletion.

Affected Products
Vendor
Wow-Company
Product
Bubble Menu – circle floating menu
Collection URL
https://wordpress.org/plugins
Package Name
bubble-menu
Default Status
unaffected
Versions
Affected
  • From n/a through 3.0.1 (custom)
    • -> unaffectedfrom3.0.2
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62CAPEC-62 Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: CAPEC-62 Cross Site Request Forgery
Solutions

Update to 3.0.2 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
Rio Darmawan (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/bubble-menu/wordpress-bubble-menu-circle-floating-menu-plugin-3-0-1-cross-site-request-forgery-csrf?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/bubble-menu/wordpress-bubble-menu-circle-floating-menu-plugin-3-0-1-cross-site-request-forgery-csrf?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/bubble-menu/wordpress-bubble-menu-circle-floating-menu-plugin-3-0-1-cross-site-request-forgery-csrf?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/bubble-menu/wordpress-bubble-menu-circle-floating-menu-plugin-3-0-1-cross-site-request-forgery-csrf?_s_id=cve
Resource:
vdb-entry
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:01 Mar, 2023 | 13:15
Updated At:07 Nov, 2023 | 04:08

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu plugin <= 3.0.1 leading to form deletion.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CPE Matches
wow-company
wow-company
>>bubble_menu>>Versions before 3.0.2(exclusive)
cpe:2.3:a:wow-company:bubble_menu:*:*:*:*:free:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE-352Secondaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-352
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/bubble-menu/wordpress-bubble-menu-circle-floating-menu-plugin-3-0-1-cross-site-request-forgery-csrf?_s_id=cveaudit@patchstack.com
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/bubble-menu/wordpress-bubble-menu-circle-floating-menu-plugin-3-0-1-cross-site-request-forgery-csrf?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

537Records found
CVE-2023-52149
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.69%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 08:10
Updated-17 Jun, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Floating Button Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0.

Action-Not Available
Vendor-wow-companyWow-Company
Product-floating_buttonFloating Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30912
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.38%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Float menu plugin <= 6.1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Float menu allows Cross Site Request Forgery. This issue affects Float menu: from n/a through 6.1.2.

Action-Not Available
Vendor-Wow-Company
Product-Float menu
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24713
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.79%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-24 Jan, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Button Generator – easily Button Builder Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder allows Cross Site Request Forgery. This issue affects Button Generator – easily Button Builder: from n/a through 3.1.1.

Action-Not Available
Vendor-Wow-Company
Product-Button Generator – easily Button Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24711
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.79%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-12 Feb, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popup Box Plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Popup Box allows Cross Site Request Forgery. This issue affects Popup Box: from n/a through 3.2.4.

Action-Not Available
Vendor-Wow-Company
Product-Popup Box
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24717
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 17.83%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-03 Jul, 2025 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Modal Window Plugin <= 6.1.4 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery. This issue affects Modal Window: from n/a through 6.1.4.

Action-Not Available
Vendor-wow-companyWow-Company
Product-modal_windowModal Window
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24716
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.79%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-24 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Herd Effects Plugin <= 6.2.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Herd Effects allows Cross Site Request Forgery. This issue affects Herd Effects: from n/a through 6.2.1.

Action-Not Available
Vendor-Wow-Company
Product-Herd Effects
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24724
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.79%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-24 Jan, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Side Menu Lite Plugin <= 5.3.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite allows Cross Site Request Forgery. This issue affects Side Menu Lite: from n/a through 5.3.1.

Action-Not Available
Vendor-Wow-Company
Product-Side Menu Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24720
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.79%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-24 Jan, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sticky Buttons Plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons allows Cross Site Request Forgery. This issue affects Sticky Buttons: from n/a through 4.1.1.

Action-Not Available
Vendor-Wow-Company
Product-Sticky Buttons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24715
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.79%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-09 Jun, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Counter Box Plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Counter Box allows Cross Site Request Forgery. This issue affects Counter Box: from n/a through 2.0.5.

Action-Not Available
Vendor-wow-companyWow-Company
Product-counter_boxCounter Box
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24714
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.79%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-12 Feb, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bubble Menu Plugin <= 4.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu allows Cross Site Request Forgery. This issue affects Bubble Menu – circle floating menu: from n/a through 4.0.2.

Action-Not Available
Vendor-Wow-Company
Product-Bubble Menu – circle floating menu
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3478
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.07% / 22.10%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 06:00
Updated-08 May, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Herd Effects < 5.2.7 - Effect Deletion via CSRF

The Herd Effects WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks

Action-Not Available
Vendor-wow-companyUnknown
Product-herd_effectsHerd Effects
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3474
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.96%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 06:00
Updated-25 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wow Skype Buttons < 4.0.4 - Button Deletion via CSRF

The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks

Action-Not Available
Vendor-wow-companyUnknown
Product-wow_skype_buttonsWow Skype Buttons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3476
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.98%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 06:00
Updated-08 May, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Side Menu Lite < 4.2.1 - Menu Deletion via CSRF

The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks

Action-Not Available
Vendor-wow-companyUnknownwow-company
Product-side_menu_liteSide Menu Lite side_menu_lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3472
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 19.88%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 06:00
Updated-08 May, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Modal Window < 5.3.10 - Modal Deletion via CSRF

The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack

Action-Not Available
Vendor-wow-companyUnknownwordpress_scan
Product-modal_windowModal Window Modal_window
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2405
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-4.5||MEDIUM
EPSS-0.18% / 39.98%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 06:00
Updated-08 May, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Float menu < 6.0.1 - Menu Deletion via CSRF

The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack.

Action-Not Available
Vendor-wow-companyUnknownwow-company
Product-float_menuFloat menu float_menu
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3475
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.04%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 06:00
Updated-08 May, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sticky Buttons < 3.2.4 - Button Deletion via CSRF

The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks

Action-Not Available
Vendor-wow-companyUnknown
Product-sticky_buttonsSticky Buttons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3477
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.76%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 06:00
Updated-08 May, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Popup Box < 2.2.7 - Popup Deletion via CSRF

The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks

Action-Not Available
Vendor-wow-companyUnknown
Product-popup_boxPopup Box
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3481
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-5.2||MEDIUM
EPSS-0.14% / 33.65%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 06:00
Updated-08 May, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Counter Box < 1.2.4 - Counter Deletion via CSRF

The Counter Box WordPress plugin before 1.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks

Action-Not Available
Vendor-wow-companyUnknownWordPress.org
Product-counter_boxCounter Box counter_box
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3471
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-3.4||LOW
EPSS-0.11% / 28.88%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 06:00
Updated-08 May, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Button Generator < 3.0 - Button Deletion via CSRF

The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack

Action-Not Available
Vendor-wow-companyUnknown
Product-button_generatorButton Generator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49155
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.91%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 22:13
Updated-20 Nov, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8.

Action-Not Available
Vendor-wow-companyWow-Company
Product-button_generatorButton Generator – easily Button Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-2388
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.83%
||
7 Day CHG~0.00%
Published-22 Aug, 2022 | 15:02
Updated-03 Aug, 2024 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Coder < 2.5.3 - Code Deletion via CSRF

The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack

Action-Not Available
Vendor-wow-companyUnknown
Product-wp_coderWP Coder – add custom html, css and js code
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-2245
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.47%
||
7 Day CHG~0.00%
Published-01 Aug, 2022 | 12:50
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF

The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks

Action-Not Available
Vendor-wow-companyUnknown
Product-counter_boxCounter Box – WordPress plugin for countdown, timer, counter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-4318
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.52%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 19:46
Updated-23 Apr, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Herd Effects < 5.2.4 - Effect Deletion via CSRF

The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack

Action-Not Available
Vendor-wow-companyUnknown
Product-herd_effectsHerd Effects
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-25443
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.48%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 12:29
Updated-07 Oct, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Button Generator – easily Button Builder Plugin <= 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.5 versions.

Action-Not Available
Vendor-wow-companyWow-Company
Product-button_generatorButton Generator – easily Button Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-25052
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-42.41% / 97.36%
||
7 Day CHG~0.00%
Published-10 Jan, 2022 | 15:30
Updated-03 Aug, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Button Generator < 2.3.3 - RFI leading to RCE via CSRF

The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.

Action-Not Available
Vendor-wow-companyUnknown
Product-button_generatorButton Generator – easily Button Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27418
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.44%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 22:53
Updated-30 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Side Menu Lite Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite – add sticky fixed buttons plugin <= 4.0 versions.

Action-Not Available
Vendor-wow-companyWow-Company
Product-side_menu_liteSide Menu Lite – add sticky fixed buttons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24699
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 13.96%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 12:44
Updated-14 Feb, 2025 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Coder Plugin <= 3.6 - CSRF to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder allows Cross-Site Scripting (XSS). This issue affects WP Coder: from n/a through 3.6.

Action-Not Available
Vendor-Wow-Company
Product-WP Coder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-25053
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.47%
||
7 Day CHG~0.00%
Published-10 Jan, 2022 | 15:30
Updated-03 Aug, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Coder < 2.5.2 - RFI leading to RCE via CSRF

The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.

Action-Not Available
Vendor-wow-companyUnknown
Product-wp_coderWP Coder – add custom html, css and js code
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-25051
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.94%
||
7 Day CHG~0.00%
Published-10 Jan, 2022 | 15:30
Updated-03 Aug, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Modal Window < 5.2.2 - RFI leading to RCE via CSRF

The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.

Action-Not Available
Vendor-wow-companyUnknown
Product-modal_windowModal Window – create popup modal window
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-51488
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.70%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 19:42
Updated-14 Nov, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient Validation in Delete Message in Ampache

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to delete messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-ampacheampache
Product-ampacheampache
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-40219
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.03%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 19:00
Updated-20 Feb, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FavIcon Switcher plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change.

Action-Not Available
Vendor-sedlexSedLex
Product-favicon-switcherFavIcon Switcher (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-49685
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 34.82%
||
7 Day CHG~0.00%
Published-31 Oct, 2024 | 09:59
Updated-05 Feb, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Twitter Feeds plugin <= 2.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds (Tweets Widget): from n/a through 2.2.3.

Action-Not Available
Vendor-Smash Balloon, LLC (Smash Balloon)
Product-custom_twitter_feedsCustom Twitter Feeds (Tweets Widget)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-49274
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 34.82%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 10:22
Updated-22 Oct, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VOD Infomaniak plugin <= 1.5.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Infomaniak Staff VOD Infomaniak allows Cross Site Request Forgery.This issue affects VOD Infomaniak: from n/a through 1.5.7.

Action-Not Available
Vendor-infomaniakInfomaniak Staff
Product-vod_infomaniakVOD Infomaniak
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-40132
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.95%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:34
Updated-20 Feb, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Seriously Simple Podcasting plugin <= 2.16.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change.

Action-Not Available
Vendor-castosCastos
Product-seriously_simple_podcastingSeriously Simple Podcasting (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-47315
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.27%
||
7 Day CHG~0.00%
Published-25 Sep, 2024 | 17:32
Updated-26 Sep, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 3.15.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1.

Action-Not Available
Vendor-GiveWP
Product-GiveWP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-40131
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.03%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 19:26
Updated-20 Feb, 2025 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Page View Count plugin <= 2.5.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings.

Action-Not Available
Vendor-a3reva3rev Software
Product-page_view_countPage View Count (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38093
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 40.06%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:39
Updated-20 Feb, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress All in One SEO plugin <= 4.2.3.1 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in One SEO plugin <= 4.2.3.1 at WordPress.

Action-Not Available
Vendor-Semper Plugins, LLC (AIOSEO)
Product-all_in_one_seoAll in One SEO (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-37411
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.53%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:39
Updated-20 Feb, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Captcha Code plugin <= 2.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Captcha Code plugin <= 2.7 at WordPress.

Action-Not Available
Vendor-captcha_code_projectVinoj Cardoza
Product-captcha_codeCaptcha Code (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38095
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.95%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 13:41
Updated-20 Feb, 2025 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress.

Action-Not Available
Vendor-AlgolPlus
Product-advanced_dynamic_pricing_for_woocommerceAdvanced Dynamic Pricing for WooCommerce (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38079
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.53%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:35
Updated-20 Feb, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Backup Scheduler plugin <= 1.5.13 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress.

Action-Not Available
Vendor-backup_scheduler_projectSedLex
Product-backup_schedulerBackup Scheduler (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38716
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.97%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 10:28
Updated-08 Jan, 2025 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.4 versions.

Action-Not Available
Vendor-stylemixthemesStylemixThemes
Product-motors_-_car_dealer\,_classifieds_\&_listingMotors – Car Dealer, Classifieds & Listing
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38086
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.69%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 19:35
Updated-20 Feb, 2025 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Shortcodes Ultimate plugin <= 5.12.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change.

Action-Not Available
Vendor-getshortcodesVladimir Anokhin
Product-shortcodes_ultimateShortcodes Ultimate (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38063
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 17.76%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 08:39
Updated-13 Jan, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Login WP Plugin <= 5.0.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plugin <= 5.0.0.0 versions.

Action-Not Available
Vendor-social_login_wp_projectSocial Login WP
Product-social_login_wpSocial Login WP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38454
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.53%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:36
Updated-20 Feb, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kraken.io Image Optimizer plugin <= 2.6.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress.

Action-Not Available
Vendor-krakenKarim Salman
Product-kraken.io_image_optimizerKraken.io Image Optimizer (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38139
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 30.12%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 13:59
Updated-20 Feb, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RD Station plugin <= 5.2.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.2.0 at WordPress.

Action-Not Available
Vendor-rdstationRD Station
Product-rd_stationRD Station (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-43339
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.20%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 20:24
Updated-27 Aug, 2024 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress Webinar Plugin – WebinarPress plugin <= 1.33.20 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress allows Cross-Site Scripting (XSS).This issue affects WebinarPress: from n/a through 1.33.20.

Action-Not Available
Vendor-webinarpressWebinarPress
Product-webinarpressWebinarPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38356
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.97%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 10:25
Updated-08 Jan, 2025 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pearl Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin <= 1.3.4 versions.

Action-Not Available
Vendor-stylemixthemesStylemixThemes
Product-pearl_header_builderWordPress Header Builder Plugin – Pearl
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-43299
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 25.27%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 20:41
Updated-12 Sep, 2024 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SpeedyCache plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Team SpeedyCache.This issue affects SpeedyCache: from n/a through 1.1.8.

Action-Not Available
Vendor-softaculousSoftaculous Team
Product-speedycacheSpeedyCache
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-36292
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 30.12%
||
7 Day CHG~0.00%
Published-23 Aug, 2022 | 15:48
Updated-20 Feb, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Cross-Site Request Forgery (CSRF) vulnerabilities

Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.

Action-Not Available
Vendor-wpchillWPChill
Product-gallery_photoblocksGallery PhotoBlocks (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-49304
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 32.84%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 17:48
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pinpoint Booking System plugin <= 2.9.9.5.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.1.

Action-Not Available
Vendor-PINPOINT.WORLD
Product-Pinpoint Booking System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found