Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-41129

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-18 Nov, 2023 | 22:16
Updated At-20 Nov, 2024 | 21:11
Rejected At-
Credits

WordPress Patreon WordPress Plugin <= 1.8.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:18 Nov, 2023 | 22:16
Updated At:20 Nov, 2024 | 21:11
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Patreon WordPress Plugin <= 1.8.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6.

Affected Products
Vendor
Patreon
Product
Patreon WordPress
Collection URL
https://wordpress.org/plugins
Package Name
patreon-connect
Default Status
unaffected
Versions
Affected
  • From n/a through 1.8.6 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62CAPEC-62 Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: CAPEC-62 Cross Site Request Forgery
Solutions
Configurations
Workarounds
Exploits
Credits
finder
BuShiYue (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/patreon-connect/wordpress-patreon-wordpress-plugin-1-8-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/patreon-connect/wordpress-patreon-wordpress-plugin-1-8-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/patreon-connect/wordpress-patreon-wordpress-plugin-1-8-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/patreon-connect/wordpress-patreon-wordpress-plugin-1-8-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:18 Nov, 2023 | 23:15
Updated At:27 Nov, 2023 | 20:26

Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
patreon
patreon
>>patreon_wordpress>>Versions up to 1.8.6(inclusive)
cpe:2.3:a:patreon:patreon_wordpress:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/patreon-connect/wordpress-patreon-wordpress-plugin-1-8-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cveaudit@patchstack.com
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/patreon-connect/wordpress-patreon-wordpress-plugin-1-8-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

3915Records found
CVE-2023-47825
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.44%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 19:40
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP EXtra Plugin <= 6.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra plugin <= 6.4 versions.

Action-Not Available
Vendor-wpvnteamTienCOP
Product-wp_extraWP EXtra
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46241
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.2||HIGH
EPSS-0.08% / 24.73%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 09:53
Updated-29 Apr, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Appointment Booking Calendar plugin <= 1.3.92 - CSRF to SQL Injection vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar allows SQL Injection. This issue affects Appointment Booking Calendar: from n/a through 1.3.92.

Action-Not Available
Vendor-CodePeople
Product-appointment_booking_calendarAppointment Booking Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30948
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Layouts for Elementor <= 1.11 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Giraphix Creative Layouts for Elementor allows Cross Site Request Forgery. This issue affects Layouts for Elementor: from n/a through 1.11.

Action-Not Available
Vendor-Giraphix Creative
Product-Layouts for Elementor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30529
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Auto Load Next Post plugin <= 1.5.14 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Sébastien Dumont Auto Load Next Post allows Cross Site Request Forgery. This issue affects Auto Load Next Post: from n/a through 1.5.14.

Action-Not Available
Vendor-Sébastien Dumont
Product-Auto Load Next Post
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30823
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Anthologize Plugin <= 0.8.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize allows Cross Site Request Forgery. This issue affects Anthologize: from n/a through 0.8.2.

Action-Not Available
Vendor-Boone Gorges
Product-Anthologize
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30764
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:54
Updated-27 Mar, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Football Pool plugin <= 2.12.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in AntoineH Football Pool allows Cross Site Request Forgery. This issue affects Football Pool: from n/a through 2.12.2.

Action-Not Available
Vendor-AntoineH
Product-Football Pool
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48283
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.40%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 13:04
Updated-02 Aug, 2024 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Testimonials Showcase Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Testimonials Showcase allows Cross Site Request Forgery.This issue affects Simple Testimonials Showcase: from n/a through 1.1.5.

Action-Not Available
Vendor-presstigersPressTigers
Product-simple_testimonials_showcaseSimple Testimonials Showcase
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31068
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Seven Stars <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4.

Action-Not Available
Vendor-themeton
Product-Seven Stars
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30856
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Field For WP Job Manager plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in theme funda Custom Field For WP Job Manager allows Cross Site Request Forgery. This issue affects Custom Field For WP Job Manager: from n/a through 1.4.

Action-Not Available
Vendor-theme funda
Product-Custom Field For WP Job Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30601
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.79%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-25 Mar, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Flipdish Ordering System plugin <= 1.4.16 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in flipdish Flipdish Ordering System allows Cross Site Request Forgery. This issue affects Flipdish Ordering System: from n/a through 1.4.16.

Action-Not Available
Vendor-flipdish
Product-Flipdish Ordering System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39443
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:15
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Verge3D plugin <= 4.9.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.9.0.

Action-Not Available
Vendor-Soft8Soft LLC
Product-Verge3D
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30946
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Bulk/Quick Edit <= 1.6.10 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Michael Cannon Custom Bulk/Quick Edit allows Cross Site Request Forgery. This issue affects Custom Bulk/Quick Edit: from n/a through 1.6.10.

Action-Not Available
Vendor-Michael Cannon
Product-Custom Bulk/Quick Edit
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39453
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:15
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.9.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in algol.plus Advanced Dynamic Pricing for WooCommerce allows Cross Site Request Forgery. This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.9.3.

Action-Not Available
Vendor-algol.plus
Product-Advanced Dynamic Pricing for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48766
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.94%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 16:30
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SVGator – Add Animated SVG Easily Plugin <= 1.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator – Add Animated SVG Easily.This issue affects SVGator – Add Animated SVG Easily: from n/a through 1.2.4.

Action-Not Available
Vendor-svgatorSVGator
Product-svgatorSVGator – Add Animated SVG Easily
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-25286
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 12.00%
||
7 Day CHG~0.00%
Published-09 Oct, 2024 | 00:00
Updated-22 Oct, 2024 | 21:15
Rejected-22 Oct, 2024 | 00:00
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Action-Not Available
Vendor-3dsecure
Product-3dsecure
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48769
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.26%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 21:57
Updated-07 May, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chat Bubble Plugin <= 2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Blue Coral Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back.This issue affects Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back: from n/a through 2.3.

Action-Not Available
Vendor-bluecoralBlue Coral
Product-chat_bubbleChat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47666
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.15%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 21:01
Updated-28 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Code Snippets Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0.

Action-Not Available
Vendor-code_snippetsCode Snippets Pro
Product-code_snippetsCode Snippets
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48020
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.31%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 00:00
Updated-03 Sep, 2024 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus.

Action-Not Available
Vendor-iteachyoun/a
Product-dreamer_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48017
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.06% / 18.31%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 00:00
Updated-04 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management.

Action-Not Available
Vendor-iteachyoun/a
Product-dreamer_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47819
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 18:46
Updated-05 Jun, 2025 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Call Now by ThikShare Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Dang Ngoc Binh Easy Call Now by ThikShare plugin <= 1.1.0 versions.

Action-Not Available
Vendor-dangngocbinhDang Ngoc Binh
Product-easy_call_now_by_thikshareEasy Call Now by ThikShare
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30557
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.26%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy 301 Redirects plugin <= 1.33 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in odihost Easy 301 Redirects allows Cross Site Request Forgery. This issue affects Easy 301 Redirects: from n/a through 1.33.

Action-Not Available
Vendor-odihost
Product-Easy 301 Redirects
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30980
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Keyword to Link <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link allows Cross Site Request Forgery. This issue affects Simple Keyword to Link: from n/a through 1.5.

Action-Not Available
Vendor-Alessandro Piconi
Product-Simple Keyword to Link
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31079
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 09:39
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Usermaven plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in usermaven Usermaven allows Cross Site Request Forgery. This issue affects Usermaven: from n/a through 1.2.1.

Action-Not Available
Vendor-usermaven
Product-Usermaven
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30535
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress External image replace plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in muro External image replace allows Cross Site Request Forgery. This issue affects External image replace: from n/a through 1.0.8.

Action-Not Available
Vendor-muro
Product-External image replace
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-4824
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 18:55
Updated-29 Aug, 2024 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WooHoo Newspaper Magazine Theme <= 2.5.3 - Settings Update via CSRF

The WooHoo Newspaper Magazine theme does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-bdaiaUnknownbdaia
Product-woohoo_newspaper_magazine_themeWoohoowoohoo_newspaper_magazine_theme
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48913
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.79%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 00:00
Updated-02 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete.

Action-Not Available
Vendor-iteachyoun/a
Product-dreamer_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-3808
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.28%
||
7 Day CHG~0.00%
Published-19 Apr, 2025 | 17:31
Updated-15 Oct, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
zhenfeng13 My-BBS cross-site request forgery

A vulnerability has been found in zhenfeng13 My-BBS 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected.

Action-Not Available
Vendor-zhenfeng13zhenfeng13
Product-my-bbsMy-BBS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2025-30541
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Info Boxes Shortcode And Widgets plugin <= 1.15 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Info Boxes Shortcode and Widget allows Cross Site Request Forgery. This issue affects Info Boxes Shortcode and Widget: from n/a through 1.15.

Action-Not Available
Vendor-OTWthemes
Product-Info Boxes Shortcode and Widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30956
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Booqable Rental <= 2.4.20 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Booqable Rental Software Booqable Rental allows Cross Site Request Forgery. This issue affects Booqable Rental: from n/a through 2.4.20.

Action-Not Available
Vendor-Booqable Rental Software
Product-Booqable Rental
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-4869
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.76%
||
7 Day CHG~0.00%
Published-10 Sep, 2023 | 01:00
Updated-26 Sep, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Contact Manager App update.php cross-site request forgery

A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file update.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-239354 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-contact_manager_app_projectcontact_manager_app_projectSourceCodester
Product-contact_manager_appContact Manager Appcontact_manager_app
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47671
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.87%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 20:48
Updated-28 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Vertical scroll recent post Plugin <= 14.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Vertical scroll recent.This issue affects Vertical scroll recent post: from n/a through 14.0.

Action-Not Available
Vendor-gopiplusGopi Ramasamy
Product-vertical_scroll_recent_registered_userVertical scroll recent post
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48778
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.28%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 22:03
Updated-20 Nov, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Size Chart For WooCommerce Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce.This issue affects Product Size Chart For WooCommerce: from n/a through 1.1.5.

Action-Not Available
Vendor-VillaTheme
Product-product_size_chart_for_woocommerceProduct Size Chart For WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30833
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Verge3D Publishing and E-Commerce Plugin <= 4.8.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.8.2.

Action-Not Available
Vendor-Soft8Soft LLC
Product-Verge3D
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30531
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Ride Booking plugin <= 2.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in GBS Developer WP Ride Booking allows Cross Site Request Forgery. This issue affects WP Ride Booking: from n/a through 2.4.

Action-Not Available
Vendor-GBS Developer
Product-WP Ride Booking
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47806
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.29%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 15:45
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Disable User Login Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Saint Systems Disable User Login.This issue affects Disable User Login: from n/a through 1.3.7.

Action-Not Available
Vendor-saintsystemsSaint Systems
Product-disable_user_loginDisable User Login
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47686
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.39%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 22:44
Updated-12 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.2.2 versions.

Action-Not Available
Vendor-kibokolabsKiboko Labs
Product-arigato_autoresponder_and_newsletterArigato Autoresponder and Newsletter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47669
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.65%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 00:55
Updated-29 Aug, 2024 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Profile Builder Plugin <= 3.10.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.10.3 versions.

Action-Not Available
Vendor-cozmoslabsCozmoslabs
Product-profile_builderUser Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47792
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.44%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 18:41
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Big File Uploads Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Infinite Uploads Big File Uploads – Increase Maximum File Upload Size plugin <= 2.1.1 versions.

Action-Not Available
Vendor-infiniteuploadsInfinite Uploads
Product-big_file_uploadsBig File Uploads – Increase Maximum File Upload Size
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48744
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.60%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 12:33
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Availability Calendar Plugin <= 1.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery.This issue affects Availability Calendar: from n/a through 1.2.6.

Action-Not Available
Vendor-offshorewebmasterOffshore Web Master
Product-availability_calendarAvailability Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30546
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cackle plugin <= 4.33 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in boroV Cackle allows Cross Site Request Forgery. This issue affects Cackle: from n/a through 4.33.

Action-Not Available
Vendor-boroV
Product-Cackle
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30816
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress publish post email notification plugin <= 1.0.2.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Nks publish post email notification allows Cross Site Request Forgery. This issue affects publish post email notification: from n/a through 1.0.2.3.

Action-Not Available
Vendor-Nks
Product-publish post email notification
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48651
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 47.55%
||
7 Day CHG-0.40%
Published-25 Dec, 2023 | 00:00
Updated-16 Dec, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialogs/file/delete/1/submit.

Action-Not Available
Vendor-concretecmsn/a
Product-concrete_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31023
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.09% / 26.22%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Seo Meta Tags plugin <= 1.4 - CSRF to Privilege Escalation vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Purab Seo Meta Tags allows Cross Site Request Forgery. This issue affects Seo Meta Tags: from n/a through 1.4.

Action-Not Available
Vendor-Purab
Product-Seo Meta Tags
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-3064
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.08% / 22.59%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 08:22
Updated-08 Apr, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function

The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelist_options() function. This makes it possible for unauthenticated attackers to update the default role option that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances.

Action-Not Available
Vendor-syammohanm
Product-WPFront User Role Editor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30585
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-25 Mar, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Generate Post Thumbnails - <= <= 0.8 Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in marynixie Generate Post Thumbnails allows Cross Site Request Forgery. This issue affects Generate Post Thumbnails: from n/a through 0.8.

Action-Not Available
Vendor-marynixie
Product-Generate Post Thumbnails
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30815
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hesabfa Accounting plugin <= 2.1.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Cross Site Request Forgery. This issue affects Hesabfa Accounting: from n/a through 2.1.8.

Action-Not Available
Vendor-Saeed Sattar Beglou
Product-Hesabfa Accounting
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-0827
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.07%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 15:27
Updated-11 Mar, 2025 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-hammadhhammadh
Product-play.htPlay.ht – Make Your Blog Posts Accessible With Text to Speech Audio
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48330
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.60%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 12:56
Updated-03 Jun, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bulk Comment Remove Plugin <= 2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Mike Strand Bulk Comment Remove allows Cross Site Request Forgery.This issue affects Bulk Comment Remove: from n/a through 2.

Action-Not Available
Vendor-supremoMike Strand
Product-bulk_comment_removeBulk Comment Remove
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-36570
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.26%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.

Action-Not Available
Vendor-thedaylightstudion/a
Product-fuel_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30923
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gift Message for WooCommerce plugin <= 1.7.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in powerfulwp Gift Message for WooCommerce allows Cross Site Request Forgery. This issue affects Gift Message for WooCommerce: from n/a through 1.7.8.

Action-Not Available
Vendor-powerfulwp
Product-Gift Message for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 49
  • 50
  • 51
  • ...
  • 78
  • 79
  • Next
Details not found