Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-31086

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-15 Apr, 2024 | 07:46
Updated At-02 Aug, 2024 | 01:46
Rejected At-
Credits

WordPress Change default login logo,url and title plugin <= 2.0 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Change default login logo,url and title allows Cross-Site Scripting (XSS).This issue affects Change default login logo,url and title: from n/a through 2.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:15 Apr, 2024 | 07:46
Updated At:02 Aug, 2024 | 01:46
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Change default login logo,url and title plugin <= 2.0 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Change default login logo,url and title allows Cross-Site Scripting (XSS).This issue affects Change default login logo,url and title: from n/a through 2.0.

Affected Products
Vendor
Venugopal
Product
Change default login logo,url and title
Collection URL
https://wordpress.org/plugins
Package Name
change-default-login-logo-url-and-title
Default Status
unaffected
Versions
Affected
  • From n/a through 2.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-63CAPEC-63 Cross-Site Scripting (XSS)
CAPEC ID: CAPEC-63
Description: CAPEC-63 Cross-Site Scripting (XSS)
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Dimas Maulana (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/change-default-login-logo-url-and-title/wordpress-change-default-login-logo-url-and-title-plugin-2-0-csrf-to-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/change-default-login-logo-url-and-title/wordpress-change-default-login-logo-url-and-title-plugin-2-0-csrf-to-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/change-default-login-logo-url-and-title/wordpress-change-default-login-logo-url-and-title-plugin-2-0-csrf-to-xss-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/change-default-login-logo-url-and-title/wordpress-change-default-login-logo-url-and-title-plugin-2-0-csrf-to-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:15 Apr, 2024 | 08:15
Updated At:15 Apr, 2024 | 13:15

Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Change default login logo,url and title allows Cross-Site Scripting (XSS).This issue affects Change default login logo,url and title: from n/a through 2.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Primaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/change-default-login-logo-url-and-title/wordpress-change-default-login-logo-url-and-title-plugin-2-0-csrf-to-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/change-default-login-logo-url-and-title/wordpress-change-default-login-logo-url-and-title-plugin-2-0-csrf-to-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

631Records found
CVE-2025-28861
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.91%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-19 Mar, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP jQuery Persian Datepicker plugin <= 0.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in bhzad WP jQuery Persian Datepicker allows Stored XSS. This issue affects WP jQuery Persian Datepicker: from n/a through 0.1.0.

Action-Not Available
Vendor-bhzadbhzad
Product-wp_jquery_persian_datepickerWP jQuery Persian Datepicker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28900
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-12 Mar, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TabGarb Pro plugin <= 2.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in webgarb TabGarb Pro allows Stored XSS. This issue affects TabGarb Pro: from n/a through 2.6.

Action-Not Available
Vendor-webgarb
Product-TabGarb Pro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27355
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 14:49
Updated-24 Feb, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woocommerce – Loi Hamon Plugin <= 1.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Nicolas GRILLET Woocommerce – Loi Hamon allows Stored XSS. This issue affects Woocommerce – Loi Hamon: from n/a through 1.1.0.

Action-Not Available
Vendor-Nicolas GRILLET
Product-Woocommerce – Loi Hamon
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28981
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Mail Options plugin <= 0.2.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Options allows Stored XSS. This issue affects WP Mail Options: from n/a through 0.2.3.

Action-Not Available
Vendor-Soli
Product-WP Mail Options
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28901
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-12 Mar, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Members page only for logged in users plugin <= 1.4.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Naren Members page only for logged in users allows Stored XSS. This issue affects Members page only for logged in users: from n/a through 1.4.2.

Action-Not Available
Vendor-Naren
Product-Members page only for logged in users
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28923
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:01
Updated-12 Mar, 2025 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress No Disposable Email plugin <= 2.5.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in philippe No Disposable Email allows Stored XSS. This issue affects No Disposable Email: from n/a through 2.5.1.

Action-Not Available
Vendor-philippe
Product-No Disposable Email
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28897
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-12 Mar, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Domain Theme plugin <= 1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Steveorevo Domain Theme allows Stored XSS. This issue affects Domain Theme: from n/a through 1.3.

Action-Not Available
Vendor-Steveorevo
Product-Domain Theme
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28922
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:01
Updated-12 Mar, 2025 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Go To Top plugin <= 0.0.8 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Terence D. Go To Top allows Stored XSS. This issue affects Go To Top: from n/a through 0.0.8.

Action-Not Available
Vendor-Terence D.
Product-Go To Top
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28892
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-12 Mar, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FTP Sync plugin <= 1.1.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in a2rocklobster FTP Sync allows Stored XSS. This issue affects FTP Sync: from n/a through 1.1.6.

Action-Not Available
Vendor-a2rocklobster
Product-FTP Sync
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28857
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.91%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-19 Mar, 2025 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rankchecker.io Integration plugin <= 1.0.9 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration allows Stored XSS. This issue affects Rankchecker.io Integration: from n/a through 1.0.9.

Action-Not Available
Vendor-rankcheckerrankchecker
Product-rankcheckerRankchecker.io Integration
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28891
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-12 Mar, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress price-calc plugin <= 0.6.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in jazzigor price-calc allows Stored XSS. This issue affects price-calc: from n/a through 0.6.3.

Action-Not Available
Vendor-jazzigor
Product-price-calc
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28974
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Free WP Mail SMTP plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP allows Stored XSS. This issue affects Free WP Mail SMTP: from n/a through 1.0.

Action-Not Available
Vendor-mail250
Product-Free WP Mail SMTP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28925
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:01
Updated-12 Mar, 2025 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WATI Chat and Notification plugin <= 1.1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Hieu Nguyen WATI Chat and Notification allows Stored XSS. This issue affects WATI Chat and Notification: from n/a through 1.1.2.

Action-Not Available
Vendor-Hieu Nguyen
Product-WATI Chat and Notification
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28883
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-12 Mar, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Compare Tables plugin <= 1.0.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables allows Stored XSS. This issue affects WP Compare Tables: from n/a through 1.0.5.

Action-Not Available
Vendor-Martin
Product-WP Compare Tables
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27321
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 14:49
Updated-24 Feb, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blightly Explorer plugin <= 2.3.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Blighty Blightly Explorer allows Stored XSS. This issue affects Blightly Explorer: from n/a through 2.3.0.

Action-Not Available
Vendor-Blighty
Product-Blightly Explorer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28964
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Personal Favicon plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon allows Stored XSS. This issue affects Personal Favicon: from n/a through 2.0.

Action-Not Available
Vendor-mangup
Product-Personal Favicon
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28933
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:01
Updated-12 Mar, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MaxA/B plugin <= 2.2.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in maxfoundry MaxA/B allows Stored XSS. This issue affects MaxA/B: from n/a through 2.2.2.

Action-Not Available
Vendor-maxfoundry
Product-MaxA/B
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28950
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Author <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in David Shabtai Post Author allows Stored XSS. This issue affects Post Author: from n/a through 1.1.1.

Action-Not Available
Vendor-David Shabtai
Product-Post Author
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28860
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.91%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-19 Mar, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Google News Editors Picks Feed Generator plugin <= 2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PPDPurveyor Google News Editors Picks Feed Generator allows Stored XSS. This issue affects Google News Editors Picks Feed Generator: from n/a through 2.1.

Action-Not Available
Vendor-ppdpurveyorPPDPurveyor
Product-google_news_editors_picks_feed_generatorGoogle News Editors Picks Feed Generator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-41990
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 20.50%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 16:18
Updated-23 May, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 3D Tag Cloud Plugin <= 3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8.

Action-Not Available
Vendor-cardozatechnologiesVinoj Cardoza
Product-cardoza-3d-tag-cloud3D Tag Cloud
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28894
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-12 Mar, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress List of Posts from each Category plugin for WordPress plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in frucomerci List of Posts from each Category plugin for WordPress allows Stored XSS. This issue affects List of Posts from each Category plugin for WordPress: from n/a through 2.0.

Action-Not Available
Vendor-frucomerci
Product-List of Posts from each Category plugin for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27332
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 14:49
Updated-24 Feb, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Smart Maintenance & Countdown Plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in gmnazmul Smart Maintenance & Countdown allows Stored XSS. This issue affects Smart Maintenance & Countdown: from n/a through 1.2.

Action-Not Available
Vendor-gmnazmul
Product-Smart Maintenance & Countdown
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26578
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:53
Updated-18 Feb, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Documentation plugin <= 1.2.8 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in mathieuhays Simple Documentation allows Stored XSS. This issue affects Simple Documentation: from n/a through 1.2.8.

Action-Not Available
Vendor-mathieuhays
Product-Simple Documentation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26550
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:52
Updated-18 Feb, 2025 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Global Meta Keyword & Description plugin <= 2.3 - CSRF to Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Kunal Shivale Global Meta Keyword & Description allows Stored XSS. This issue affects Global Meta Keyword & Description: from n/a through 2.3.

Action-Not Available
Vendor-Kunal Shivale
Product-Global Meta Keyword & Description
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-27968
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.15% / 36.77%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 16:58
Updated-12 Feb, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Super Page Cache for Cloudflare plugin <= 4.7.5 - Cross Site Request Forgery (CSRF) to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Optimole Super Page Cache for Cloudflare allows Stored XSS.This issue affects Super Page Cache for Cloudflare: from n/a through 4.7.5.

Action-Not Available
Vendor-optimoleOptimole
Product-super_page_cacheSuper Page Cache for Cloudflare
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27277
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 14:48
Updated-24 Feb, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Add Linked Images To Gallery plugin <= 1.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in tiefpunkt Add Linked Images To Gallery allows Cross Site Request Forgery. This issue affects Add Linked Images To Gallery: from n/a through 1.4.

Action-Not Available
Vendor-tiefpunkt
Product-Add Linked Images To Gallery
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26571
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:53
Updated-18 Feb, 2025 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wibiya Toolbar plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in wibiya Wibiya Toolbar allows Cross Site Request Forgery. This issue affects Wibiya Toolbar: from n/a through 2.0.

Action-Not Available
Vendor-wibiya
Product-Wibiya Toolbar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26568
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:53
Updated-13 Feb, 2025 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Amazon Product Information plugin <= 4.0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in jensmueller Easy Amazon Product Information allows Stored XSS. This issue affects Easy Amazon Product Information: from n/a through 4.0.1.

Action-Not Available
Vendor-jensmueller
Product-Easy Amazon Product Information
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26545
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:52
Updated-18 Feb, 2025 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Related Posts Line-up-Exactly by Milliard plugin <= 0.0.22 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in shisuh Related Posts Line-up-Exactly by Milliard allows Stored XSS. This issue affects Related Posts Line-up-Exactly by Milliard: from n/a through 0.0.22.

Action-Not Available
Vendor-shisuh
Product-Related Posts Line-up-Exactly by Milliard
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-27195
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.44%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 01:17
Updated-10 Apr, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Watermark RELOADED plugin <= 1.3.5 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Watermark RELOADED allows Stored XSS.This issue affects Watermark RELOADED: from n/a through 1.3.5.

Action-Not Available
Vendor-Sandi Verdev
Product-Watermark RELOADED
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26549
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:52
Updated-18 Feb, 2025 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Html Page Sitemap plugin <= 2.2 - CSRF to Stored Cross-Site Scripting

Cross-Site Request Forgery (CSRF) vulnerability in pa1 WP Html Page Sitemap allows Stored XSS. This issue affects WP Html Page Sitemap: from n/a through 2.2.

Action-Not Available
Vendor-pa1
Product-WP Html Page Sitemap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26569
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:53
Updated-13 Feb, 2025 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Thumbs Plugin <= 1.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in callmeforsox Post Thumbs allows Stored XSS. This issue affects Post Thumbs: from n/a through 1.5.

Action-Not Available
Vendor-callmeforsox
Product-Post Thumbs
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26543
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:52
Updated-18 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Responsive Menu plugin <= 2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Pukhraj Suthar Simple Responsive Menu allows Stored XSS. This issue affects Simple Responsive Menu: from n/a through 2.1.

Action-Not Available
Vendor-Pukhraj Suthar
Product-Simple Responsive Menu
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-27194
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 01:22
Updated-08 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fontific plugin <= 0.1.6 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Fontific | Google Fonts allows Stored XSS.This issue affects Fontific | Google Fonts: from n/a through 0.1.6.

Action-Not Available
Vendor-Andrei Ivasiuc
Product-Fontific | Google Fonts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26582
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:53
Updated-18 Feb, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TinyMCE Advanced qTranslate fix editor problems plugin <= 1.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Blackbam TinyMCE Advanced qTranslate fix editor problems allows Stored XSS. This issue affects TinyMCE Advanced qTranslate fix editor problems: from n/a through 1.0.0.

Action-Not Available
Vendor-Blackbam
Product-TinyMCE Advanced qTranslate fix editor problems
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27009
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG~0.00%
Published-14 Apr, 2025 | 11:05
Updated-15 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress My auctions allegro plugin <= 3.6.20 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro allows Stored XSS.This issue affects My auctions allegro: from n/a through 3.6.20.

Action-Not Available
Vendor-wphocus
Product-My auctions allegro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26572
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:53
Updated-18 Feb, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP PHPList Plugin <= 1.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in jesseheap WP PHPList allows Cross Site Request Forgery. This issue affects WP PHPList: from n/a through 1.7.

Action-Not Available
Vendor-jesseheap
Product-WP PHPList
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26910
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.91%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 14:34
Updated-27 Jun, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPBookit plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1.

Action-Not Available
Vendor-iqonicIqonic Design
Product-wpbookitWPBookit
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26759
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-16 Feb, 2025 | 22:17
Updated-18 Feb, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Content Snippet Manager plugin <= 1.1.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager allows Stored XSS. This issue affects Content Snippet Manager: from n/a through 1.1.5.

Action-Not Available
Vendor-alexvtn
Product-Content Snippet Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26577
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:53
Updated-18 Feb, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DX-auto-publish plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in daxiawp DX-auto-publish allows Stored XSS. This issue affects DX-auto-publish: from n/a through 1.2.

Action-Not Available
Vendor-daxiawp
Product-DX-auto-publish
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26562
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:52
Updated-13 Feb, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RSS FIlter Plugin <= 1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Patnaik RSS Filter allows Stored XSS. This issue affects RSS Filter: from n/a through 1.2.

Action-Not Available
Vendor-Shambhu Patnaik
Product-RSS Filter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26580
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:53
Updated-18 Feb, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Page/Post Specific Social Share Buttons plugin <= 2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CompleteWebResources Page/Post Specific Social Share Buttons allows Stored XSS. This issue affects Page/Post Specific Social Share Buttons: from n/a through 2.1.

Action-Not Available
Vendor-CompleteWebResources
Product-Page/Post Specific Social Share Buttons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26547
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:52
Updated-18 Feb, 2025 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress My Login Logout Plugin plugin <= 2.4 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in nagarjunsonti My Login Logout Plugin allows Stored XSS. This issue affects My Login Logout Plugin: from n/a through 2.4.

Action-Not Available
Vendor-nagarjunsonti
Product-My Login Logout Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26570
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:53
Updated-18 Feb, 2025 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Glance That plugin <= 4.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in uamv Glance That allows Cross Site Request Forgery. This issue affects Glance That: from n/a through 4.9.

Action-Not Available
Vendor-uamv
Product-Glance That
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26931
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 14:17
Updated-25 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tribulant Gallery Voting plugin <= 1.2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Tribulant Gallery Voting allows Stored XSS. This issue affects Tribulant Gallery Voting: from n/a through 1.2.1.

Action-Not Available
Vendor-Tribulant Software
Product-Tribulant Gallery Voting
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26768
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-16 Feb, 2025 | 22:17
Updated-18 Feb, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress what3words Address Field plugin <= 4.0.15 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field allows Stored XSS. This issue affects what3words Address Field: from n/a through 4.0.15.

Action-Not Available
Vendor-what3words
Product-what3words Address Field
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25088
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-07 Feb, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Keyword Monitor Plugin <=1.0.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in blackus3r WP Keyword Monitor allows Stored XSS. This issue affects WP Keyword Monitor: from n/a through 1.0.5.

Action-Not Available
Vendor-blackus3r
Product-WP Keyword Monitor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25139
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Custom Post RSS Feed plugin <= 1.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Cynob IT Consultancy WP Custom Post RSS Feed allows Stored XSS. This issue affects WP Custom Post RSS Feed: from n/a through 1.0.0.

Action-Not Available
Vendor-Cynob IT Consultancy
Product-WP Custom Post RSS Feed
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25168
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.91%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:12
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BookPress – For Book Authors Plugin <= 1.2.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigital BookPress – For Book Authors allows Cross-Site Scripting (XSS). This issue affects BookPress – For Book Authors: from n/a through 1.2.7.

Action-Not Available
Vendor-blackandwhitedigitalblackandwhitedigital
Product-bookpressBookPress – For Book Authors
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24562
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.18%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress KBucket plugin <= 4.1.6 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Optimal Access Inc. KBucket allows Stored XSS. This issue affects KBucket: from n/a through 4.1.6.

Action-Not Available
Vendor-Optimal Access Inc.
Product-KBucket
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 12
  • 13
  • Next
Details not found