Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-11143

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-13 Nov, 2024 | 02:33
Updated At-08 Apr, 2026 | 17:32
Rejected At-
Credits

Kognetiks Chatbot for WordPress <= 2.1.8 - Cross-Site Request Forgery to Authenticated (Subscriber+) Assistant Modification

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation on the update_assistant, add_new_assistant, and delete_assistant functions. This makes it possible for unauthenticated attackers to modify assistants via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:13 Nov, 2024 | 02:33
Updated At:08 Apr, 2026 | 17:32
Rejected At:
▼CVE Numbering Authority (CNA)
Kognetiks Chatbot for WordPress <= 2.1.8 - Cross-Site Request Forgery to Authenticated (Subscriber+) Assistant Modification

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation on the update_assistant, add_new_assistant, and delete_assistant functions. This makes it possible for unauthenticated attackers to modify assistants via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affected Products
Vendor
kognetiks
Product
Kognetiks Chatbot for WordPress
Default Status
unaffected
Versions
Affected
  • From 0 through 2.1.8 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Tieu Pham Trong Nhan
Timeline
EventDate
Disclosed2024-11-12 00:00:00
Event: Disclosed
Date: 2024-11-12 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/f16b11b0-11df-4fb7-a6af-123f6c09d791?source=cve
N/A
https://plugins.trac.wordpress.org/changeset/3185255/chatbot-chatgpt/trunk/includes/utilities/chatbot-assistants.php
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/f16b11b0-11df-4fb7-a6af-123f6c09d791?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset/3185255/chatbot-chatgpt/trunk/includes/utilities/chatbot-assistants.php
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:13 Nov, 2024 | 03:15
Updated At:18 Nov, 2024 | 15:03

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation on the update_assistant, add_new_assistant, and delete_assistant functions. This makes it possible for unauthenticated attackers to modify assistants via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
kognetiks
kognetiks
>>kognetiks_chatbot>>Versions before 2.1.9(exclusive)
cpe:2.3:a:kognetiks:kognetiks_chatbot:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarysecurity@wordfence.com
CWE ID: CWE-352
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/changeset/3185255/chatbot-chatgpt/trunk/includes/utilities/chatbot-assistants.phpsecurity@wordfence.com
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/f16b11b0-11df-4fb7-a6af-123f6c09d791?source=cvesecurity@wordfence.com
Third Party Advisory
Hyperlink: https://plugins.trac.wordpress.org/changeset/3185255/chatbot-chatgpt/trunk/includes/utilities/chatbot-assistants.php
Source: security@wordfence.com
Resource:
Patch
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/f16b11b0-11df-4fb7-a6af-123f6c09d791?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2418Records found
CVE-2025-31814
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 55.76%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress OwnerRez Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in OwnerRez OwnerRez API ownerrez allows Cross Site Request Forgery.This issue affects OwnerRez API: from n/a through <= 1.2.0.

Action-Not Available
Vendor-OwnerRez
Product-OwnerRez API
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31840
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.97%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Fixed Notice Plugin <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in digireturn Simple Fixed Notice dn-cookie-notice allows Cross Site Request Forgery.This issue affects Simple Fixed Notice: from n/a through <= 1.6.

Action-Not Available
Vendor-digireturn
Product-Simple Fixed Notice
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31413
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Element Pack Elementor Addons plugin <= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13.

Action-Not Available
Vendor-BdThemes
Product-Element Pack Elementor Addons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30865
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 47.99%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 3DPrint Lite plugin <= 2.1.3.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in fuzzoid 3DPrint Lite 3dprint-lite allows Cross Site Request Forgery.This issue affects 3DPrint Lite: from n/a through <= 2.1.3.5.

Action-Not Available
Vendor-fuzzoid
Product-3DPrint Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1845
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.33%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:57
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Post Styling < 1.3.1 - Multiple CSRF

The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks

Action-Not Available
Vendor-wp_post_styling_projectUnknown
Product-wp_post_stylingWP Post Styling
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30863
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 62.52%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms integration-for-contact-form-7-and-google-sheets allows Cross Site Request Forgery.This issue affects Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through <= 1.0.9.

Action-Not Available
Vendor-CRM Perks
Product-Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1885
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.07%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cimy Header Image Rotator <= 6.1.1 - Arbitrary Settings Update via CSRF

The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-cimy_header_image_rotator_projectUnknown
Product-cimy_header_image_rotatorCimy Header Image Rotator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1844
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.33%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:57
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Sentry <= 1.0 - Arbitrary Settings Update to Stored XSS via CSRF

The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well

Action-Not Available
Vendor-wp-sentry_projectUnknown
Product-wp-sentryWP Sentry
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1846
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.66%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF

The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-tiny_contact_form_projectUnknown
Product-tiny_contact_formTiny Contact Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1594
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.66%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 12:42
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HC Custom WP-Admin URL <= 1.4 - Arbitrary Settings Update via CSRF

The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL

Action-Not Available
Vendor-hc_custom_wp-admin_url_projectUnknown
Product-hc_custom_wp-admin_urlHC Custom WP-Admin URL
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1913
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.66%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF

The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping

Action-Not Available
Vendor-add_post_url_projectUnknown
Product-add_post_urlAdd Post URL
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30872
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 47.99%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Author for WooCommerce plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Nitin Prakash Product Author for WooCommerce wc-product-author allows Cross Site Request Forgery.This issue affects Product Author for WooCommerce: from n/a through <= 1.0.7.

Action-Not Available
Vendor-Nitin Prakash
Product-Product Author for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31808
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.97%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SCSS WP Editor plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in IT Path Solutions SCSS WP Editor scss-wp-editor allows Cross Site Request Forgery.This issue affects SCSS WP Editor: from n/a through <= 1.2.1.

Action-Not Available
Vendor-IT Path Solutions
Product-SCSS WP Editor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31068
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.48%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Seven Stars <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4.

Action-Not Available
Vendor-themeton
Product-Seven Stars
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-8419
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 5.71%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 01:25
Updated-20 May, 2026 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Amazon Scraper <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update

The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-submone
Product-Amazon Scraper
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31639
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.48%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spare <= 1.7 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery. This issue affects Spare: from n/a through 1.7.

Action-Not Available
Vendor-themeton
Product-Spare
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1203
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-4.47% / 89.31%
||
7 Day CHG~0.00%
Published-30 May, 2022 | 00:00
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update

The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options

Action-Not Available
Vendor-content_mask_projectUnknown
Product-content_maskContent Mask
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31776
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 55.76%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uptime Robot Plugin <= 2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Aphotrax Uptime Robot Plugin for WordPress uptime-robot-monitor allows Cross Site Request Forgery.This issue affects Uptime Robot Plugin for WordPress: from n/a through <= 2.3.

Action-Not Available
Vendor-Aphotrax
Product-Uptime Robot Plugin for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31079
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 60.39%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 09:39
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Usermaven plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in usermaven Usermaven usermaven allows Cross Site Request Forgery.This issue affects Usermaven: from n/a through <= 1.2.1.

Action-Not Available
Vendor-usermaven
Product-Usermaven
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1895
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.33%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 10:26
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
underConstruction < 1.20 - Construction Mode Deactivation via CSRF

The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack

Action-Not Available
Vendor-underconstruction_projectUnknown
Product-underconstructionunderConstruction
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1760
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 31.90%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 15:52
Updated-02 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Core Control <= 1.2.1 - Arbitrary Settings Update via CSRF

The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-dd32Unknown
Product-core_controlCore Control
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30994
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.48%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CubeWP plugin <= 1.1.29 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Cross Site Request Forgery.This issue affects CubeWP: from n/a through <= 1.1.29.

Action-Not Available
Vendor-Imran Tauqeer
Product-CubeWP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31474
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 60.39%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 11:54
Updated-11 May, 2026 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Database Optimizer plugin <= 1.2.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in matthewprice1178 WP Database Optimizer wp-database-optimizer allows Cross Site Request Forgery.This issue affects WP Database Optimizer: from n/a through <= 1.2.1.3.

Action-Not Available
Vendor-matthewprice1178
Product-WP Database Optimizer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1625
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.66%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:57
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF

The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites.

Action-Not Available
Vendor-wpexpertsUnknown
Product-new_user_approveNew User Approve
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1573
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.66%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:56
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTML2WP <= 1.0.0 - Arbitrary Settings Update via CSRF

The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them

Action-Not Available
Vendor-html2wp_projectUnknown
Product-html2wpHTML2WP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31723
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.06%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 14:59
Updated-17 Apr, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order.

Action-Not Available
Vendor-Jenkins
Product-simple_queueJenkins Simple Queue Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31756
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.97%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TZ PlusGallery Plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in tuyennv TZ PlusGallery tz-plus-gallery allows Cross Site Request Forgery.This issue affects TZ PlusGallery: from n/a through <= 1.5.5.

Action-Not Available
Vendor-tuyennv
Product-TZ PlusGallery
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1847
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.66%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rotating Posts <= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF

The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-rotating_posts_projectUnknown
Product-rotating_postsRotating Posts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1421
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-7.61% / 92.03%
||
7 Day CHG~0.00%
Published-06 Jun, 2022 | 08:50
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discy < 5.2 - Settings Update via CSRF

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack

Action-Not Available
Vendor-2codeUnknown
Product-discyDiscy
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31602
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 52.43%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 12:55
Updated-11 May, 2026 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Apimo Connector plugin <= 2.6.5.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Proptech Plugin Apimo Connector apimo allows Cross Site Request Forgery.This issue affects Apimo Connector: from n/a through <= 2.6.5.1.

Action-Not Available
Vendor-Proptech Plugin
Product-Apimo Connector
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30804
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 55.76%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:54
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wpShopGermany IT-RECHT KANZLEI plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in maennchen1.de wpShopGermany IT-RECHT KANZLEI wpshopgermany-it-recht-kanzlei allows Cross Site Request Forgery.This issue affects wpShopGermany IT-RECHT KANZLEI: from n/a through <= 2.0.

Action-Not Available
Vendor-maennchen1.de
Product-wpShopGermany IT-RECHT KANZLEI
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30576
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 31.85%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hacklog Remote Image Autosave plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Image Autosave hacklog-remote-image-autosave allows Cross Site Request Forgery.This issue affects Hacklog Remote Image Autosave: from n/a through <= 2.1.0.

Action-Not Available
Vendor-HuangYe WuDeng
Product-Hacklog Remote Image Autosave
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30833
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 55.76%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Verge3D Publishing and E-Commerce Plugin <= 4.8.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D verge3d allows Cross Site Request Forgery.This issue affects Verge3D: from n/a through <= 4.8.2.

Action-Not Available
Vendor-Soft8Soft LLC
Product-Verge3D
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30585
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 55.76%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Generate Post Thumbnails plugin <= 0.8 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in marynixie Generate Post Thumbnails generate-post-thumbnails allows Cross Site Request Forgery.This issue affects Generate Post Thumbnails: from n/a through <= 0.8.

Action-Not Available
Vendor-marynixie
Product-Generate Post Thumbnails
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-29929
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.26% / 49.44%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 15:40
Updated-21 Aug, 2025 | 22:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tuleap is missing CSRF protection on tracker hierarchy administration

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742306712 and Tuleap Enterprise Edition 16.5-5 and 16.4-8.

Action-Not Available
Vendor-Enalean SAS
Product-tuleaptuleap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-39917
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 34.92%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 11:14
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Gallery by Ays Plugin <= 5.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions.

Action-Not Available
Vendor-AYS Pro Extensions
Product-photo_galleryPhoto Gallery by Ays – Responsive Image Gallery
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30546
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 55.76%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-11 May, 2026 | 23:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cackle plugin <= 4.33 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in boroV Cackle cackle allows Cross Site Request Forgery.This issue affects Cackle: from n/a through <= 4.33.

Action-Not Available
Vendor-boroV
Product-Cackle
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30815
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.97%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hesabfa Accounting plugin <= 2.1.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Cross Site Request Forgery.This issue affects Hesabfa Accounting: from n/a through <= 2.1.8.

Action-Not Available
Vendor-Saeed Sattar Beglou
Product-Hesabfa Accounting
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1914
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.66%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clean-Contact <= 1.6 - Arbitrary Settings Update to Stored XSS via CSRF

The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well

Action-Not Available
Vendor-clean-contact_projectUnknown
Product-clean-contactClean-Contact
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30568
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 30.64%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Super Static Cache plugin <= 3.3.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in hitoy Super Static Cache super-static-cache allows Cross Site Request Forgery.This issue affects Super Static Cache: from n/a through <= 3.3.5.

Action-Not Available
Vendor-hitoy
Product-Super Static Cache
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30535
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.97%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress External image replace plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in muro External image replace external-image-replace allows Cross Site Request Forgery.This issue affects External image replace: from n/a through <= 1.0.8.

Action-Not Available
Vendor-muro
Product-External image replace
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1603
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.66%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 10:25
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mail Subscribe List < 2.1.4 - Arbitrary Subscribed User Deletion via CSRF

The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list

Action-Not Available
Vendor-webfwdUnknown
Product-mail_subscribe_listMail Subscribe List
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30538
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 55.76%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Optimizer plugin <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ChrisHurst Simple Optimizer simple-optimizer allows Cross Site Request Forgery.This issue affects Simple Optimizer: from n/a through <= 1.2.7.

Action-Not Available
Vendor-ChrisHurst
Product-Simple Optimizer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30816
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 55.76%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress publish post email notification plugin <= 1.0.2.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Nks publish post email notification publish-post-email-notification allows Cross Site Request Forgery.This issue affects publish post email notification: from n/a through <= 1.0.2.3.

Action-Not Available
Vendor-Nks
Product-publish post email notification
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30549
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 55.76%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Yummly Rich Recipes plugin <= 4.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Yummly Yummly Rich Recipes yummly-rich-recipes allows Cross Site Request Forgery.This issue affects Yummly Rich Recipes: from n/a through <= 4.2.

Action-Not Available
Vendor-Yummly
Product-Yummly Rich Recipes
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30521
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 55.76%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GP Back To Top plugin <= 3.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in giangmd93 GP Back To Top gp-back-to-top allows Cross Site Request Forgery.This issue affects GP Back To Top: from n/a through <= 3.0.

Action-Not Available
Vendor-giangmd93
Product-GP Back To Top
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30534
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 55.76%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Captcha plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in captcha.soft Image Captcha image-captcha allows Cross Site Request Forgery.This issue affects Image Captcha: from n/a through <= 1.2.

Action-Not Available
Vendor-captcha.soft
Product-Image Captcha
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28913
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.59%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Add Active Class To Menu Item plugin <=1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Aftab Ali Muni WP Add Active Class To Menu Item wp-add-active-class-to-menu-item allows Cross Site Request Forgery.This issue affects WP Add Active Class To Menu Item: from n/a through <= 1.0.

Action-Not Available
Vendor-Aftab Ali Muni
Product-WP Add Active Class To Menu Item
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28910
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.21%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Hide Admin Bar plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ravinder Khurana WP Hide Admin Bar wp-hide-admin-bar allows Cross Site Request Forgery.This issue affects WP Hide Admin Bar: from n/a through <= 2.0.

Action-Not Available
Vendor-Ravinder Khurana
Product-WP Hide Admin Bar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28859
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.02%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Maintenance Notice plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CodeVibrant Maintenance Notice maintenance-notice allows Cross Site Request Forgery.This issue affects Maintenance Notice: from n/a through <= 1.0.6.

Action-Not Available
Vendor-codevibrantCodeVibrant
Product-maintenance_noticeMaintenance Notice
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 48
  • 49
  • Next
Details not found