Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-31285

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-11 Apr, 2024 | 12:10
Updated At-28 Apr, 2026 | 16:09
Rejected At-
Credits

WordPress WordPress Tooltips plugin <= 9.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 9.5.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:11 Apr, 2024 | 12:10
Updated At:28 Apr, 2026 | 16:09
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress WordPress Tooltips plugin <= 9.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 9.5.3.

Affected Products
Vendor
Tooltip
Product
WordPress Tooltips
Collection URL
https://wordpress.org/plugins
Package Name
wordpress-tooltips
Default Status
unaffected
Versions
Affected
  • From n/a through 9.5.3 (custom)
    • -> unaffectedfrom9.5.9
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-592CAPEC-592 Stored XSS
CAPEC ID: CAPEC-592
Description: CAPEC-592 Stored XSS
Solutions

Update to 9.5.9 or a higher version.

Configurations

Workarounds

Exploits

Credits

finder
Majed Refaea (Patchstack Alliance)
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://patchstack.com/database/vulnerability/wordpress-tooltips/wordpress-wordpress-tooltips-plugin-9-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/wordpress-tooltips/wordpress-wordpress-tooltips-plugin-9-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://patchstack.com/database/vulnerability/wordpress-tooltips/wordpress-wordpress-tooltips-plugin-9-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/wordpress-tooltips/wordpress-wordpress-tooltips-plugin-9-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:11 Apr, 2024 | 13:15
Updated At:15 Apr, 2026 | 00:35

Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 9.5.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-352Secondaryaudit@patchstack.com
CWE ID: CWE-352
Type: Secondary
Source: audit@patchstack.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/wordpress-tooltips/wordpress-wordpress-tooltips-plugin-9-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cveaudit@patchstack.com
N/A
https://patchstack.com/database/vulnerability/wordpress-tooltips/wordpress-wordpress-tooltips-plugin-9-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cveaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://patchstack.com/database/vulnerability/wordpress-tooltips/wordpress-wordpress-tooltips-plugin-9-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A
Hyperlink: https://patchstack.com/database/vulnerability/wordpress-tooltips/wordpress-wordpress-tooltips-plugin-9-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

710Records found

CVE-2024-42605
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.21% / 10.95%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-21 Aug, 2024 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1

Action-Not Available
Vendor-pliggn/apligg
Product-pligg_cmsn/apligg_cms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-2079
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.1||HIGH
EPSS-0.29% / 20.30%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 02:03
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buy Me a Coffee – Button and Widget Plugin <= 3.7 - Cross-Site Request Forgery

The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This makes it possible for unauthenticated attackers to update the plugins settings, via a forged request granted the attacker can trick a site's administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-buymeacoffeebuymeacoffee
Product-buy_me_a_coffeeBuy Me a Coffee – Button and Widget Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-42609
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.21% / 10.95%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-21 Aug, 2024 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars

Action-Not Available
Vendor-pliggn/apligg
Product-pligg_cmsn/apligg_cms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3903
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.21% / 11.49%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 06:00
Updated-14 May, 2025 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF

The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack

Action-Not Available
Vendor-technologicxUnknownsilkypress
Product-add_custom_css_and_jsAdd Custom CSS and JSadd_custom_css_and_js
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38776
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.15% / 4.51%
||
7 Day CHG~0.00%
Published-02 Aug, 2024 | 07:25
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP GoToWebinar plugin <= 15.7 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson WP GoToWebinar allows Cross-Site Scripting (XSS).This issue affects WP GoToWebinar: from n/a through 15.7.

Action-Not Available
Vendor-Martin Gibson
Product-WP GoToWebinar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-38724
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.16% / 5.56%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 10:16
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form 7 Summary and Print plugin <= 1.2.5 - Cross Site Request Forgery (CSRF) to XSS vulnerability

Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Muhammad Rehman Contact Form 7 Summary and Print allows Stored XSS.This issue affects Contact Form 7 Summary and Print: from n/a through 1.2.5.

Action-Not Available
Vendor-Muhammad Rehman
Product-Contact Form 7 Summary and Print
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-53724
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 6.23%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-12 May, 2026 | 23:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress IceStats plugin <= 1.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ronnybull IceStats icestats allows Stored XSS.This issue affects IceStats: from n/a through <= 1.3.

Action-Not Available
Vendor-ronnybull
Product-IceStats
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37213
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 7.53%
||
7 Day CHG~0.00%
Published-12 Jul, 2024 | 13:27
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.4.6 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in guru-aliexpress AliNext ali2woo-lite allows Cross Site Request Forgery.This issue affects AliNext: from n/a through <= 3.4.6.

Action-Not Available
Vendor-guru-aliexpress
Product-AliNext
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-52421
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 6.77%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 16:32
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Popup Window Maker plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Popup Window Maker easy-popup-lightbox-maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through <= 2.0.

Action-Not Available
Vendor-wp-buy
Product-WP Popup Window Maker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-51632
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 9.29%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 16:32
Updated-11 May, 2026 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SH Slideshow plugin <= 4.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Sam Hoe SH Slideshow sh-slideshow allows Stored XSS.This issue affects SH Slideshow: from n/a through <= 4.3.

Action-Not Available
Vendor-Sam Hoe
Product-SH Slideshow
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-51688
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.15% / 4.73%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 20:04
Updated-13 May, 2026 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FraudLabs Pro SMS Verification plugin <= 1.10.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in fraudlabspro FraudLabs Pro SMS Verification fraudlabs-pro-sms-verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from n/a through <= 1.10.1.

Action-Not Available
Vendor-fraudlabspro
Product-FraudLabs Pro SMS Verification
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-51639
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 9.29%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 16:32
Updated-11 May, 2026 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Naver Blog plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Hints Naver Blog naver-blog-api allows Stored XSS.This issue affects Naver Blog: from n/a through <= 1.0.

Action-Not Available
Vendor-Hints
Product-Naver Blog
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34367
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 8.13%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 18:16
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popup Box plugin <= 4.1.2 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popup box allows Cross-Site Scripting (XSS).This issue affects Popup box: from n/a through 4.1.2.

Action-Not Available
Vendor-WordPress.orgAYS Pro Extensions
Product-Popup boxpopup_box
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34818
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 13.43%
||
7 Day CHG~0.00%
Published-10 May, 2024 | 08:40
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Webinar plugin <= 1.33.17 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress.This issue affects WebinarPress: from n/a through 1.33.17.

Action-Not Available
Vendor-WebinarPress
Product-WebinarPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-32958
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 8.15%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 14:47
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slash Admin plugin <= 3.8.1 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannidis Slash Admin allows Cross-Site Scripting (XSS).This issue affects Slash Admin: from n/a through 3.8.1.

Action-Not Available
Vendor-Giorgos Sarigiannidis
Product-Slash Admin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-33681
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 9.58%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 06:01
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Regenerate post permalink plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) leading to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Regenerate post permalink allows Cross-Site Scripting (XSS).This issue affects Regenerate post permalink: from n/a through 1.0.3.

Action-Not Available
Vendor-Sandor KovacsSandor_Kovacs
Product-Regenerate post permalinkregenerate_post_permalink
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-32785
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.25% / 16.50%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 10:22
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Pack Elementor addons plugin <= 2.0.8.3 - Cross Site Request Forgery (CSRF) to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Webangon The Pack Elementor addons allows Cross-Site Scripting (XSS).This issue affects The Pack Elementor addons: from n/a through 2.0.8.3.

Action-Not Available
Vendor-webangonWebangon
Product-the_pack_elementor_addonsThe Pack Elementor addons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-41990
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 13.75%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 16:18
Updated-28 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 3D Tag Cloud Plugin <= 3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8.

Action-Not Available
Vendor-cardozatechnologiesVinoj Cardoza
Product-cardoza-3d-tag-cloud3D Tag Cloud
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-32789
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 8.15%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 10:21
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Seers plugin <= 8.0.6 - Cross Site Request Forgery (CSRF) to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).This issue affects Seers: from n/a through 8.1.0.

Action-Not Available
Vendor-SeersWordPress.org
Product-Seersseers_plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-32550
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 8.13%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 08:09
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BMI Adult & Kid Calculator plugin <= 1.2.1 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in BMI Adult & Kid Calculator allows Stored XSS.This issue affects BMI Adult & Kid Calculator: from n/a through 1.2.1.

Action-Not Available
Vendor-BMI Adult & Kid Calculator
Product-BMI Adult & Kid Calculator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-32538
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 6.44%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 08:35
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy CountDowner plugin <= 1.0.8 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Joshua Eldridge Easy CountDowner allows Stored XSS.This issue affects Easy CountDowner: from n/a through 1.0.8.

Action-Not Available
Vendor-Joshua Eldridgerayhan
Product-Easy CountDownereasy_countdowner
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31109
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 8.13%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 17:31
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woocommerce Social Media Share Buttons plugin <= 1.3.0 - CSRF to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Woocommerce Social Media Share Buttons allows Stored XSS.This issue affects Woocommerce Social Media Share Buttons: from n/a through 1.3.0.

Action-Not Available
Vendor-Toastie Studio
Product-Woocommerce Social Media Share Buttons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31086
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 9.39%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 07:46
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Change default login logo,url and title plugin <= 2.0 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Change default login logo,url and title allows Cross-Site Scripting (XSS).This issue affects Change default login logo,url and title: from n/a through 2.0.

Action-Not Available
Vendor-Venugopal
Product-Change default login logo,url and title
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31105
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 8.13%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 17:33
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tax Rate Upload plugin <= 2.4.5 - CSRF leading to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Adam Bowen Tax Rate Upload allows Reflected XSS.This issue affects Tax Rate Upload: from n/a through 2.4.5.

Action-Not Available
Vendor-Adam Bowen
Product-Tax Rate Upload
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31093
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 9.39%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 07:45
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Broken Images plugin <= 0.2 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Kaloyan K. Tsvetkov Broken Images allows Cross-Site Scripting (XSS).This issue affects Broken Images: from n/a through 0.2.

Action-Not Available
Vendor-Kaloyan K. Tsvetkov
Product-Broken Images
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30545
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 9.39%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 07:47
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Author Bio plugin <= 2.4 - Stored XSS via Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Nick Powers Social Author Bio allows Stored XSS.This issue affects Social Author Bio: from n/a through 2.4.

Action-Not Available
Vendor-Nick Powers
Product-Social Author Bio
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-29773
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 9.39%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 13:21
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BizPrint plugin <= 4.5.5 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through 4.5.5.

Action-Not Available
Vendor-BizSwoop (CPF Concepts, LLC)
Product-BizPrint
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23698
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 6.59%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-11 May, 2026 | 22:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Custom Google Search plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ivanra10 WP Custom Google Search wp-custom-google-search allows Stored XSS.This issue affects WP Custom Google Search: from n/a through <= 1.0.

Action-Not Available
Vendor-ivanra10
Product-WP Custom Google Search
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-27968
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 8.42%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 16:58
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Super Page Cache for Cloudflare plugin <= 4.7.5 - Cross Site Request Forgery (CSRF) to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Optimole Super Page Cache for Cloudflare allows Stored XSS.This issue affects Super Page Cache for Cloudflare: from n/a through 4.7.5.

Action-Not Available
Vendor-optimoleOptimole
Product-super_page_cacheSuper Page Cache for Cloudflare
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-22555
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 6.43%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 14:57
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Smoothness Slider Shortcode plugin <= v1.2.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in njshofe Smoothness Slider Shortcode smoothness-slider-shortcode allows Cross Site Request Forgery.This issue affects Smoothness Slider Shortcode: from n/a through <= v1.2.2.

Action-Not Available
Vendor-njshofe
Product-Smoothness Slider Shortcode
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-27194
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 8.45%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 01:22
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fontific plugin <= 0.1.6 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Fontific | Google Fonts allows Stored XSS.This issue affects Fontific | Google Fonts: from n/a through 0.1.6.

Action-Not Available
Vendor-Andrei Ivasiuc
Product-Fontific | Google Fonts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26759
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 3.34%
||
7 Day CHG~0.00%
Published-16 Feb, 2025 | 22:17
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Content Snippet Manager plugin <= 1.1.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager content-snippet-manager allows Stored XSS.This issue affects Content Snippet Manager: from n/a through <= 1.1.5.

Action-Not Available
Vendor-alexvtn
Product-Content Snippet Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-27195
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.24% / 14.50%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 01:17
Updated-11 May, 2026 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Watermark RELOADED plugin <= 1.3.5 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in sverde1 Watermark RELOADED watermark-reloaded allows Cross Site Request Forgery.This issue affects Watermark RELOADED: from n/a through <= 1.3.5.

Action-Not Available
Vendor-sverde1
Product-Watermark RELOADED
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-57761
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 0.78%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 11:16
Updated-02 Jul, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SEOWP theme <= 3.12.2 - CSRF to Stored XSS vulnerability

Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions.

Action-Not Available
Vendor-BlueAstralThemes
Product-SEOWP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26545
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 3.33%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:52
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Related Posts Line-up-Exactly by Milliard plugin <= 0.0.22 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in shisuh Related Posts Line-up-Exactly by Milliard related-posts-line-up-exactry-by-milliard allows Stored XSS.This issue affects Related Posts Line-up-Exactly by Milliard: from n/a through <= 0.0.22.

Action-Not Available
Vendor-shisuh
Product-Related Posts Line-up-Exactly by Milliard
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-57758
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 0.78%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 11:16
Updated-02 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.2 - CSRF to Stored XSS vulnerability

Unauthenticated Cross Site Request Forgery (CSRF) in Permalink Manager for WooCommerce <= 1.0.8.2 versions.

Action-Not Available
Vendor-BeRocket
Product-Permalink Manager for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22290
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 9.33%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 11:56
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Dashboard Widgets Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting (XSS).This issue affects Custom Dashboard Widgets: from n/a through 1.3.1.

Action-Not Available
Vendor-custom_dashboard_widgets_projectAboZain,O7abeeb,UnitOne
Product-custom_dashboard_widgetsCustom Dashboard Widgets
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26568
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 3.33%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:53
Updated-11 May, 2026 | 23:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Amazon Product Information plugin <= 4.0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in jensmueller Easy Amazon Product Information easy-amazon-product-information allows Stored XSS.This issue affects Easy Amazon Product Information: from n/a through <= 4.0.1.

Action-Not Available
Vendor-jensmueller
Product-Easy Amazon Product Information
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22287
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 7.30%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 12:01
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Better Anchor Links Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting (XSS).This issue affects Better Anchor Links: from n/a through 1.7.5.

Action-Not Available
Vendor-ludekLuděk Melichar
Product-better_anchor_linksBetter Anchor Links
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-21752
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 9.89%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 05:17
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ajax Search Lite Plugin <= 4.11.4 is vulnerable to Cross Site Scripting (XSS)

Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4.

Action-Not Available
Vendor-wp-dreamsErnest Marcinko
Product-ajax_searchAjax Search Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13057
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.15% / 4.94%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 06:00
Updated-07 May, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dyn Business Panel <= 1.0.0 - Stored XSS via CSRF

The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

Action-Not Available
Vendor-phycticioUnknown
Product-dyn_business_panelDyn Business Panel
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-41347
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-2.3||LOW
EPSS-0.11% / 1.62%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 21:58
Updated-28 Apr, 2026 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.3.31 - Cross-Site Request Forgery via Missing Browser-Origin Validation in HTTP Operator Endpoints

OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing cross-site request forgery attacks. Attackers can exploit this by sending malicious requests from a browser in trusted-proxy deployments to perform unauthorized actions on HTTP operator endpoints.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26572
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 3.33%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:53
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP PHPList Plugin <= 1.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in jesseheap WP PHPList phplist-form-integration allows Cross Site Request Forgery.This issue affects WP PHPList: from n/a through <= 1.7.

Action-Not Available
Vendor-jesseheap
Product-WP PHPList
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26570
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 2.46%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:53
Updated-27 May, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Glance That plugin <= 4.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in uamv Glance That allows Cross Site Request Forgery. This issue affects Glance That: from n/a through 4.9.

Action-Not Available
Vendor-uamv
Product-Glance That
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26571
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 2.46%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:53
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wibiya Toolbar plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in wibiya Wibiya Toolbar wibiya allows Cross Site Request Forgery.This issue affects Wibiya Toolbar: from n/a through <= 2.0.

Action-Not Available
Vendor-wibiya
Product-Wibiya Toolbar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26547
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 3.33%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:52
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress My Login Logout Plugin plugin <= 2.4 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in nagarjunsonti My Login Logout Plugin my-loginlogout allows Stored XSS.This issue affects My Login Logout Plugin: from n/a through <= 2.4.

Action-Not Available
Vendor-nagarjunsonti
Product-My Login Logout Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26768
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 3.34%
||
7 Day CHG~0.00%
Published-16 Feb, 2025 | 22:17
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress what3words Address Field plugin <= 4.0.15 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through <= 4.0.15.

Action-Not Available
Vendor-what3words
Product-what3words Address Field
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26562
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 2.46%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:52
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RSS FIlter Plugin <= 1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Patnaik RSS Filter rss-filter allows Stored XSS.This issue affects RSS Filter: from n/a through <= 1.2.

Action-Not Available
Vendor-Shambhu Patnaik
Product-RSS Filter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26931
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 3.33%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 14:17
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tribulant Gallery Voting plugin <= 1.2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Tribulant Gallery Voting gallery-voting allows Stored XSS.This issue affects Tribulant Gallery Voting: from n/a through <= 1.2.1.

Action-Not Available
Vendor-Tribulant Software
Product-Tribulant Gallery Voting
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26550
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 3.33%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:52
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Global Meta Keyword & Description plugin <= 2.3 - CSRF to Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Kunal Shivale Global Meta Keyword & Description global-meta-keyword-and-description allows Stored XSS.This issue affects Global Meta Keyword & Description: from n/a through <= 2.3.

Action-Not Available
Vendor-Kunal Shivale
Product-Global Meta Keyword & Description
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 14
  • 15
  • Next
Details not found