Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-21752

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-29 Feb, 2024 | 05:17
Updated At-22 Apr, 2025 | 15:53
Rejected At-
Credits

WordPress Ajax Search Lite Plugin <= 4.11.4 is vulnerable to Cross Site Scripting (XSS)

Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:29 Feb, 2024 | 05:17
Updated At:22 Apr, 2025 | 15:53
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Ajax Search Lite Plugin <= 4.11.4 is vulnerable to Cross Site Scripting (XSS)

Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4.

Affected Products
Vendor
Ernest Marcinko
Product
Ajax Search Lite
Collection URL
https://wordpress.org/plugins
Package Name
ajax-search-lite
Default Status
unaffected
Versions
Affected
  • From n/a through 4.11.4 (custom)
    • -> unaffectedfrom4.11.5
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-591CAPEC-591 Reflected XSS
CAPEC ID: CAPEC-591
Description: CAPEC-591 Reflected XSS
Solutions

Update to 4.11.5 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
Le Ngoc Anh (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/ajax-search-lite/wordpress-ajax-search-lite-plugin-4-11-4-reflected-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/ajax-search-lite/wordpress-ajax-search-lite-plugin-4-11-4-reflected-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/ajax-search-lite/wordpress-ajax-search-lite-plugin-4-11-4-reflected-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/ajax-search-lite/wordpress-ajax-search-lite-plugin-4-11-4-reflected-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:29 Feb, 2024 | 06:15
Updated At:18 Mar, 2025 | 11:53

Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CPE Matches
wp-dreams
wp-dreams
>>ajax_search>>Versions before 4.11.5(exclusive)
cpe:2.3:a:wp-dreams:ajax_search:*:*:*:*:lite:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-352Secondaryaudit@patchstack.com
CWE ID: CWE-352
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/ajax-search-lite/wordpress-ajax-search-lite-plugin-4-11-4-reflected-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cveaudit@patchstack.com
Third Party Advisory
https://patchstack.com/database/vulnerability/ajax-search-lite/wordpress-ajax-search-lite-plugin-4-11-4-reflected-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cveaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/ajax-search-lite/wordpress-ajax-search-lite-plugin-4-11-4-reflected-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/ajax-search-lite/wordpress-ajax-search-lite-plugin-4-11-4-reflected-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

837Records found
CVE-2025-31392
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Smart Product Gallery Slider plugin <= 1.0.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shameem Reza Smart Product Gallery Slider allows Cross Site Request Forgery. This issue affects Smart Product Gallery Slider: from n/a through 1.0.4.

Action-Not Available
Vendor-Shameem Reza
Product-Smart Product Gallery Slider
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31444
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 11:54
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShowTime Slideshow plugin <= 1.6 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in youtag ShowTime Slideshow allows Stored XSS. This issue affects ShowTime Slideshow: from n/a through 1.6.

Action-Not Available
Vendor-youtag
Product-ShowTime Slideshow
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31922
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CSS3 Accordions for WordPress plugin <= 3.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows Stored XSS. This issue affects CSS3 Accordions for WordPress: from n/a through 3.0.

Action-Not Available
Vendor-QuanticaLabs
Product-CSS3 Accordions for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31583
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Copy Media URL plugin <= 2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Copy Media URL allows Stored XSS. This issue affects WP Copy Media URL: from n/a through 2.1.

Action-Not Available
Vendor-Ashish Ajani
Product-WP Copy Media URL
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31460
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 11:54
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress OmniLeads Scripts and Tags Manager plugin <= 1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in danielmuldernl OmniLeads Scripts and Tags Manager allows Stored XSS. This issue affects OmniLeads Scripts and Tags Manager: from n/a through 1.3.

Action-Not Available
Vendor-danielmuldernl
Product-OmniLeads Scripts and Tags Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31908
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG-0.01%
Published-01 Apr, 2025 | 14:52
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JSON Structuring Markup plugin <= 0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui JSON Structuring Markup allows Stored XSS. This issue affects JSON Structuring Markup: from n/a through 0.1.

Action-Not Available
Vendor-Sami Ahmed Siddiqui
Product-JSON Structuring Markup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31623
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rich Text Editor plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich Text Editor allows Stored XSS. This issue affects Rich Text Editor: from n/a through 1.0.1.

Action-Not Available
Vendor-richtexteditor
Product-Rich Text Editor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31617
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PostmarkApp Email Integrator plugin <= 2.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Gagan Deep Singh PostmarkApp Email Integrator allows Cross Site Request Forgery. This issue affects PostmarkApp Email Integrator: from n/a through 2.4.

Action-Not Available
Vendor-Gagan Deep Singh
Product-PostmarkApp Email Integrator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31906
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG-0.01%
Published-01 Apr, 2025 | 14:52
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Profitshare Plugin <= 1.4.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ProfitShare.ro WP Profitshare allows Stored XSS. This issue affects WP Profitshare: from n/a through 1.4.9.

Action-Not Available
Vendor-ProfitShare.ro
Product-WP Profitshare
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-6063
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 2.55%
||
7 Day CHG~0.00%
Published-14 Jun, 2025 | 08:23
Updated-17 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XiSearch bar <= 2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The XiSearch bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6. This is due to missing or incorrect nonce validation on the 'xisearch-key-config' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-dmitry78
Product-XiSearch bar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31566
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rio Video Gallery plugin <= 2.3.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in riosisgroup Rio Video Gallery allows Stored XSS. This issue affects Rio Video Gallery: from n/a through 2.3.6.

Action-Not Available
Vendor-riosisgroup
Product-Rio Video Gallery
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31443
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 11:54
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress KK I Like It plugin <= 1.7.5.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Furtak KK I Like It allows Stored XSS. This issue affects KK I Like It: from n/a through 1.7.5.3.

Action-Not Available
Vendor-Krzysztof Furtak
Product-KK I Like It
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31401
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MMX – Make Me Christmas plugin <= 1.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in mmetrodw MMX &#8211; Make Me Christmas allows Stored XSS. This issue affects MMX &#8211; Make Me Christmas: from n/a through 1.0.0.

Action-Not Available
Vendor-mmetrodw
Product-MMX &#8211; Make Me Christmas
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31569
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wordpress related Posts with thumbnails plugin <= 3.0.0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in wp-buy wordpress related Posts with thumbnails allows Stored XSS. This issue affects wordpress related Posts with thumbnails: from n/a through 3.0.0.1.

Action-Not Available
Vendor-wp-buy
Product-wordpress related Posts with thumbnails
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31570
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Related Posts Widget with Thumbnails plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in wp-buy Related Posts Widget with Thumbnails allows Stored XSS. This issue affects Related Posts Widget with Thumbnails: from n/a through 1.2.

Action-Not Available
Vendor-wp-buy
Product-Related Posts Widget with Thumbnails
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31400
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WS Audio Player plugin <= 1.1.8 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in icyleaf WS Audio Player allows Stored XSS. This issue affects WS Audio Player: from n/a through 1.1.8.

Action-Not Available
Vendor-icyleaf
Product-WS Audio Player
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31393
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Bookmarking RELOADED plugin <= 3.18 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in vfvalent Social Bookmarking RELOADED allows Stored XSS. This issue affects Social Bookmarking RELOADED: from n/a through 3.18.

Action-Not Available
Vendor-vfvalent
Product-Social Bookmarking RELOADED
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30558
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.85%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ANAC XML Render plugin <= 1.5.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in EnzoCostantini55 ANAC XML Render allows Stored XSS. This issue affects ANAC XML Render: from n/a through 1.5.7.

Action-Not Available
Vendor-EnzoCostantini55
Product-ANAC XML Render
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30550
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CallPhone'r plugin <= 1.1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WPShop.ru CallPhone'r allows Stored XSS. This issue affects CallPhone'r: from n/a through 1.1.1.

Action-Not Available
Vendor-WPShop.ru
Product-CallPhone'r
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30578
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-25 Mar, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AdSense Privacy Policy plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) to Stored XSS Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in hotvanrod AdSense Privacy Policy allows Stored XSS. This issue affects AdSense Privacy Policy: from n/a through 1.1.1.

Action-Not Available
Vendor-hotvanrod
Product-AdSense Privacy Policy
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30587
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-25 Mar, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LH OGP Meta plugin <= 1.73 - CSRF to Stored XSS Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in shawfactor LH OGP Meta allows Stored XSS. This issue affects LH OGP Meta: from n/a through 1.73.

Action-Not Available
Vendor-shawfactor
Product-LH OGP Meta
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30620
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.62%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-24 Mar, 2025 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Odoo Form Integrator plugin <=1.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in coderscom WP Odoo Form Integrator allows Stored XSS. This issue affects WP Odoo Form Integrator: from n/a through 1.1.0.

Action-Not Available
Vendor-coderscom
Product-WP Odoo Form Integrator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30857
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG-0.01%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Currency Switcher for WooCommerce plugin <= 0.0.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PressMaximum Currency Switcher for WooCommerce allows Stored XSS. This issue affects Currency Switcher for WooCommerce: from n/a through 0.0.7.

Action-Not Available
Vendor-PressMaximum
Product-Currency Switcher for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30612
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.62%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-24 Mar, 2025 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Replace Default Words plugin <= 1.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in mandegarweb Replace Default Words allows Stored XSS. This issue affects Replace Default Words: from n/a through 1.3.

Action-Not Available
Vendor-mandegarweb
Product-Replace Default Words
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30621
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.62%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-24 Mar, 2025 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Translator plugin <= 0.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator allows Stored XSS. This issue affects Translator: from n/a through 0.3.

Action-Not Available
Vendor-kornelly
Product-Translator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30572
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.85%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-31 Mar, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Rating plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Igor Yavych Simple Rating allows Stored XSS. This issue affects Simple Rating: from n/a through 1.4.

Action-Not Available
Vendor-Igor Yavych
Product-Simple Rating
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30552
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress Admin Bar Improved plugin <= 3.3.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Donald Gilbert WordPress Admin Bar Improved allows Stored XSS. This issue affects WordPress Admin Bar Improved: from n/a through 3.3.5.

Action-Not Available
Vendor-Donald Gilbert
Product-WordPress Admin Bar Improved
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30565
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.85%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-01 Apr, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress banner-manager plugin <= 16.04.19 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in karrikas banner-manager allows Stored XSS. This issue affects banner-manager: from n/a through 16.04.19.

Action-Not Available
Vendor-karrikas
Product-banner-manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13510
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.95%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 09:21
Updated-12 Feb, 2025 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ShopSite <= 1.5.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The ShopSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.10. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-shopsite
Product-ShopSite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30603
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.62%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-25 Mar, 2025 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CopyLink plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in DEJAN CopyLink allows Stored XSS. This issue affects CopyLink: from n/a through 1.1.

Action-Not Available
Vendor-DEJAN
Product-CopyLink
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30522
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form 7 Material Design plugin <= 1.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Damian Orzol Contact Form 7 Material Design allows Stored XSS. This issue affects Contact Form 7 Material Design: from n/a through 1.0.0.

Action-Not Available
Vendor-Damian Orzol
Product-Contact Form 7 Material Design
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30555
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.85%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPres 同步微博 plugin <= 1.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in iiiryan WordPres 同步微博 allows Stored XSS. This issue affects WordPres 同步微博: from n/a through 1.1.0.

Action-Not Available
Vendor-iiiryan
Product-WordPres 同步微博
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30560
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.85%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-24 Mar, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress jQuery Dropdown Menu plugin <= 3.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Sana Ullah jQuery Dropdown Menu allows Stored XSS. This issue affects jQuery Dropdown Menu: from n/a through 3.0.

Action-Not Available
Vendor-Sana Ullah
Product-jQuery Dropdown Menu
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30583
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-24 Mar, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pro Rank Tracker plugin <= 1.0.0 - CSRF to Stored XSS Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ProRankTracker Pro Rank Tracker allows Stored XSS. This issue affects Pro Rank Tracker: from n/a through 1.0.0.

Action-Not Available
Vendor-ProRankTracker
Product-Pro Rank Tracker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30588
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-25 Mar, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Map Contact plugin <= 3.0.4 - CSRF to Stored XSS Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ryan_xantoo Map Contact allows Stored XSS. This issue affects Map Contact: from n/a through 3.0.4.

Action-Not Available
Vendor-ryan_xantoo
Product-Map Contact
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30564
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.85%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-24 Mar, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Script Integration - <= <= 2.1 Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in wpwox Custom Script Integration allows Stored XSS. This issue affects Custom Script Integration: from n/a through 2.1.

Action-Not Available
Vendor-wpwox
Product-Custom Script Integration
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30756
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 1.63%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-16 Jul, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in Oracle REST Data Services (component: General). The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle REST Data Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle REST Data Services accessible data as well as unauthorized read access to a subset of Oracle REST Data Services accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-Oracle REST Data Services
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13115
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 5.08%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 06:00
Updated-07 May, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Projects Portfolio with Client Testimonials <= 3.0 - Stored XSS via CSRF

The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

Action-Not Available
Vendor-phptechieUnknown
Product-wp_projects_portfolio_with_client_testimonialsWP Projects Portfolio with Client Testimonials
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-30769
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:54
Updated-27 Mar, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WIP WooCarousel Lite plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in alexvtn WIP WooCarousel Lite allows Stored XSS. This issue affects WIP WooCarousel Lite: from n/a through 1.1.7.

Action-Not Available
Vendor-alexvtn
Product-WIP WooCarousel Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-35877
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.96%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 17:06
Updated-28 Aug, 2024 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Extra User Details Plugin <= 0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User Details allows Stored XSS.This issue affects Extra User Details: from n/a through 0.5.

Action-Not Available
Vendor-vadimkVadym K.
Product-extra_user_detailsExtra User Details
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30584
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-25 Mar, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AlphaOmega Captcha & Anti-Spam Filter plugin <= 3.3 - CSRF to Stored XSS Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in alphaomegaplugins AlphaOmega Captcha &amp; Anti-Spam Filter allows Stored XSS. This issue affects AlphaOmega Captcha &amp; Anti-Spam Filter: from n/a through 3.3.

Action-Not Available
Vendor-alphaomegaplugins
Product-AlphaOmega Captcha &amp; Anti-Spam Filter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13512
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.95%
||
7 Day CHG~0.00%
Published-30 Jan, 2025 | 13:41
Updated-31 Jan, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wonder FontAwesome <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Wonder FontAwesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-wonderjarcreativeedigermatthew
Product-wonder_fontawesomeWonder FontAwesome
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30787
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:54
Updated-27 Mar, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup allows Stored XSS. This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through 5.25.08.

Action-Not Available
Vendor-Eli
Product-EZ SQL Reports Shortcode Widget and DB Backup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-24434
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.10% / 28.05%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 19:21
Updated-03 Aug, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glass <= 1.3.2 - CSRF to Stored Cross-Site Scripting (XSS)

The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.

Action-Not Available
Vendor-codeblabUnknown
Product-glassGlass
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30586
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-25 Mar, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress cTabs plugin <= 1.3 - CSRF to Stored XSS Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in bbodine1 cTabs allows Stored XSS. This issue affects cTabs: from n/a through 1.3.

Action-Not Available
Vendor-bbodine1
Product-cTabs
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30608
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.62%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-24 Mar, 2025 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress SQL Backup - <= <= 3.5.2 Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress SQL Backup allows Stored XSS. This issue affects WordPress SQL Backup: from n/a through 3.5.2.

Action-Not Available
Vendor-Anthony
Product-WordPress SQL Backup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3590
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.17% / 38.88%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 06:00
Updated-14 May, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LetterPress <= 1.2.2 - Subscriber Deletion via CSRF

The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers

Action-Not Available
Vendor-themeqxUnknownthemeqx
Product-letterpressLetterPress letterpress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-33333
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 40.31%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 14:00
Updated-20 Nov, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Complianz and Complianz Premium plugins - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS)

Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting (XSS).This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through 6.4.6.1.

Action-Not Available
Vendor-really-simple-pluginsReally Simple Plugins
Product-complianzComplianzComplianz Premium
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28932
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.56%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:01
Updated-12 Mar, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Insert Code plugin <= 2.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in BCS Website Solutions Insert Code allows Stored XSS. This issue affects Insert Code: from n/a through 2.4.

Action-Not Available
Vendor-BCS Website Solutions
Product-Insert Code
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28891
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.56%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-12 Mar, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress price-calc plugin <= 0.6.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in jazzigor price-calc allows Stored XSS. This issue affects price-calc: from n/a through 0.6.3.

Action-Not Available
Vendor-jazzigor
Product-price-calc
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 16
  • 17
  • Next
Details not found