Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-34367

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-06 May, 2024 | 18:16
Updated At-02 Aug, 2024 | 02:51
Rejected At-
Credits

WordPress Popup Box plugin <= 4.1.2 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popup box allows Cross-Site Scripting (XSS).This issue affects Popup box: from n/a through 4.1.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:06 May, 2024 | 18:16
Updated At:02 Aug, 2024 | 02:51
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Popup Box plugin <= 4.1.2 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popup box allows Cross-Site Scripting (XSS).This issue affects Popup box: from n/a through 4.1.2.

Affected Products
Vendor
AYS Pro ExtensionsPopup Box Team
Product
Popup box
Collection URL
https://wordpress.org/plugins
Package Name
ays-popup-box
Default Status
unaffected
Versions
Affected
  • From n/a through 4.1.2 (custom)
    • -> unaffectedfrom4.1.3
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-63CAPEC-63 Cross-Site Scripting (XSS)
CAPEC ID: CAPEC-63
Description: CAPEC-63 Cross-Site Scripting (XSS)
Solutions

Update to 4.1.3 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
Steven Julian (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/ays-popup-box/wordpress-popup-box-plugin-4-1-2-csrf-to-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/ays-popup-box/wordpress-popup-box-plugin-4-1-2-csrf-to-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
WordPress.orgwordpress
Product
popup_box
CPEs
  • cpe:2.3:a:wordpress:popup_box:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From - through 4.1.2 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/ays-popup-box/wordpress-popup-box-plugin-4-1-2-csrf-to-xss-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/ays-popup-box/wordpress-popup-box-plugin-4-1-2-csrf-to-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:06 May, 2024 | 19:15
Updated At:06 May, 2024 | 19:53

Cross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popup box allows Cross-Site Scripting (XSS).This issue affects Popup box: from n/a through 4.1.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Primaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/ays-popup-box/wordpress-popup-box-plugin-4-1-2-csrf-to-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/ays-popup-box/wordpress-popup-box-plugin-4-1-2-csrf-to-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

686Records found
CVE-2025-26768
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-16 Feb, 2025 | 22:17
Updated-18 Feb, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress what3words Address Field plugin <= 4.0.15 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field allows Stored XSS. This issue affects what3words Address Field: from n/a through 4.0.15.

Action-Not Available
Vendor-what3words
Product-what3words Address Field
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25088
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-07 Feb, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Keyword Monitor Plugin <=1.0.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in blackus3r WP Keyword Monitor allows Stored XSS. This issue affects WP Keyword Monitor: from n/a through 1.0.5.

Action-Not Available
Vendor-blackus3r
Product-WP Keyword Monitor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25139
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Custom Post RSS Feed plugin <= 1.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Cynob IT Consultancy WP Custom Post RSS Feed allows Stored XSS. This issue affects WP Custom Post RSS Feed: from n/a through 1.0.0.

Action-Not Available
Vendor-Cynob IT Consultancy
Product-WP Custom Post RSS Feed
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25168
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.91%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:12
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BookPress – For Book Authors Plugin <= 1.2.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigital BookPress – For Book Authors allows Cross-Site Scripting (XSS). This issue affects BookPress – For Book Authors: from n/a through 1.2.7.

Action-Not Available
Vendor-blackandwhitedigitalblackandwhitedigital
Product-bookpressBookPress – For Book Authors
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24562
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.18%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress KBucket plugin <= 4.1.6 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Optimal Access Inc. KBucket allows Stored XSS. This issue affects KBucket: from n/a through 4.1.6.

Action-Not Available
Vendor-Optimal Access Inc.
Product-KBucket
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25152
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Smart DoFollow plugin <= 1.0.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in LukaszWiecek Smart DoFollow allows Stored XSS. This issue affects Smart DoFollow: from n/a through 1.0.2.

Action-Not Available
Vendor-LukaszWiecek
Product-Smart DoFollow
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25125
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fyrebox Quizzes plugin <= 2.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CyrilG Fyrebox Quizzes allows Stored XSS. This issue affects Fyrebox Quizzes: from n/a through 2.7.

Action-Not Available
Vendor-CyrilG
Product-Fyrebox Quizzes
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25075
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-07 Feb, 2025 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Show notice or message on admin area plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Show notice or message on admin area allows Stored XSS. This issue affects Show notice or message on admin area: from n/a through 2.0.

Action-Not Available
Vendor-Venugopal
Product-Show notice or message on admin area
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25140
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple User Profile plugin <= 1.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile allows Stored XSS. This issue affects Simple User Profile: from n/a through 1.9.

Action-Not Available
Vendor-Scriptonite
Product-Simple User Profile
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24636
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.18%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MachForm Shortcode plugin <= 1.4.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Laymance Technologies LLC MachForm Shortcode allows Stored XSS. This issue affects MachForm Shortcode: from n/a through 1.4.1.

Action-Not Available
Vendor-Laymance Technologies LLC
Product-MachForm Shortcode
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25166
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.91%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:12
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress InLocation plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation allows Stored XSS. This issue affects InLocation: from n/a through 1.8.

Action-Not Available
Vendor-gabrieldarezzogabrieldarezzo
Product-inlocationInLocation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24749
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.18%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 08:24
Updated-31 Jan, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EZPZ SAML SP Single Sign On (SSO) plugin <= 1.2.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) allows Cross Site Request Forgery. This issue affects EZPZ SAML SP Single Sign On (SSO): from n/a through 1.2.5.

Action-Not Available
Vendor-Overt Software Solutions LTD
Product-EZPZ SAML SP Single Sign On (SSO)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25149
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Login-box plugin <= 2.0.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Danillo Nunes Login-box allows Stored XSS. This issue affects Login-box: from n/a through 2.0.4.

Action-Not Available
Vendor-Danillo Nunes
Product-Login-box
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24549
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.18%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 08:24
Updated-10 Feb, 2025 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Meta plugin <= 1.0.9 - Reflected Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Mahbubur Rahman Post Meta allows Reflected XSS. This issue affects Post Meta: from n/a through 1.0.9.

Action-Not Available
Vendor-Mahbubur Rahman
Product-Post Meta
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25128
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Facilita Form Tracker plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in orlandolac Facilita Form Tracker allows Stored XSS. This issue affects Facilita Form Tracker: from n/a through 1.0.

Action-Not Available
Vendor-orlandolac
Product-Facilita Form Tracker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25104
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-07 Feb, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress URL-Preview-Box plugin <= 1.20 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in mraliende URL-Preview-Box allows Cross Site Request Forgery. This issue affects URL-Preview-Box: from n/a through 1.20.

Action-Not Available
Vendor-mraliende
Product-URL-Preview-Box
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25074
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-07 Feb, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Social Stream plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP Social Stream allows Stored XSS. This issue affects WP Social Stream: from n/a through 1.1.

Action-Not Available
Vendor-Nirmal Kumar Ram
Product-WP Social Stream
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25126
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ZMSEO plugin <= 1.14.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in zmseo ZMSEO allows Stored XSS. This issue affects ZMSEO: from n/a through 1.14.1.

Action-Not Available
Vendor-zmseo
Product-ZMSEO
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25135
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Links On Admin Dashboard Toolbar plugin <= 3.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar allows Stored XSS. This issue affects Custom Links On Admin Dashboard Toolbar: from n/a through 3.3.

Action-Not Available
Vendor-Victor Barkalov
Product-Custom Links On Admin Dashboard Toolbar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25123
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Related Posts plugin <= 2.0.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy Related Posts allows Stored XSS. This issue affects Easy Related Posts: from n/a through 2.0.2.

Action-Not Available
Vendor-xdark
Product-Easy Related Posts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25086
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG-0.01%
Published-27 Mar, 2025 | 14:08
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Secret Meta plugin <= 1.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Secret Meta allows Reflected XSS.This issue affects Secret Meta: from n/a through 1.2.1.

Action-Not Available
Vendor-WPDeveloper
Product-Secret Meta
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25138
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.52%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress On Page SEO + Social Live Chat (Formerly OPS) plugin <= 2.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rishi On Page SEO + Whatsapp Chat Button allows Stored XSS. This issue affects On Page SEO + Whatsapp Chat Button: from n/a through 2.0.0.

Action-Not Available
Vendor-Rishi
Product-On Page SEO + Whatsapp Chat Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24555
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.18%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Subscription DNA plugin <= 2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SubscriptionDNA.com Subscription DNA allows Stored XSS. This issue affects Subscription DNA: from n/a through 2.1.

Action-Not Available
Vendor-SubscriptionDNA.com
Product-Subscription DNA
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24756
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.18%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-12 Feb, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Roi Calculator plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in mgplugin Roi Calculator allows Stored XSS. This issue affects Roi Calculator: from n/a through 1.0.

Action-Not Available
Vendor-mgplugin
Product-Roi Calculator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25071
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-07 Feb, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Vignette Ads plugin <= 0.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in topplugins Vignette Ads allows Stored XSS. This issue affects Vignette Ads: from n/a through 0.2.

Action-Not Available
Vendor-topplugins
Product-Vignette Ads
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24699
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.52%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 12:44
Updated-14 Feb, 2025 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Coder Plugin <= 3.6 - CSRF to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder allows Cross-Site Scripting (XSS). This issue affects WP Coder: from n/a through 3.6.

Action-Not Available
Vendor-Wow-Company
Product-WP Coder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25072
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-07 Feb, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Admin Custom Page plugin <= 1.5.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in thunderbax WP Admin Custom Page allows Stored XSS. This issue affects WP Admin Custom Page: from n/a through 1.5.0.

Action-Not Available
Vendor-thunderbax
Product-WP Admin Custom Page
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25148
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Read More Copy Link plugin <= 1.0.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ElbowRobo Read More Copy Link allows Stored XSS. This issue affects Read More Copy Link: from n/a through 1.0.2.

Action-Not Available
Vendor-ElbowRobo
Product-Read More Copy Link
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24561
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 13.46%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ReviewsTap plugin <= 1.1.2 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ReviewsTap ReviewsTap allows Stored XSS. This issue affects ReviewsTap: from n/a through 1.1.2.

Action-Not Available
Vendor-ReviewsTap
Product-ReviewsTap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25153
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Auto Tag plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in djjmz Simple Auto Tag allows Stored XSS. This issue affects Simple Auto Tag: from n/a through 1.1.

Action-Not Available
Vendor-djjmz
Product-Simple Auto Tag
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25100
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG-0.01%
Published-27 Mar, 2025 | 14:02
Updated-28 Mar, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cazamba plugin <= 1.2 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in victoracano Cazamba allows Reflected XSS.This issue affects Cazamba: from n/a through 1.2.

Action-Not Available
Vendor-victoracano
Product-Cazamba
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25147
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Auto SEO plugin <= 2.5.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Phillip.Gooch Auto SEO allows Stored XSS. This issue affects Auto SEO: from n/a through 2.5.6.

Action-Not Available
Vendor-Phillip.Gooch
Product-Auto SEO
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25160
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.91%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Style Tweaker plugin <= 0.11 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker allows Stored XSS. This issue affects Style Tweaker: from n/a through 0.11.

Action-Not Available
Vendor-markbarnesMark Barnes
Product-style_tweakerStyle Tweaker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25154
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Comment Notifications plugin <= 1.0.8 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in scweber Custom Comment Notifications allows Stored XSS. This issue affects Custom Comment Notifications: from n/a through 1.0.8.

Action-Not Available
Vendor-scweber
Product-Custom Comment Notifications
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25156
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quote Comments plugin <= 2.2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Stanko Metodiev Quote Comments allows Stored XSS. This issue affects Quote Comments: from n/a through 2.2.1.

Action-Not Available
Vendor-Stanko Metodiev
Product-Quote Comments
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23808
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.64%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom List Table Example Plugin <=1.4.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Matt van Andel Custom List Table Example allows Reflected XSS.This issue affects Custom List Table Example: from n/a through 1.4.1.

Action-Not Available
Vendor-Matt van Andel
Product-Custom List Table Example
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23980
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.18%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 08:23
Updated-31 Jan, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Full Circle plugin <= 0.5.7.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in James Andrews Full Circle allows Stored XSS. This issue affects Full Circle: from n/a through 0.5.7.8.

Action-Not Available
Vendor-James Andrews
Product-Full Circle
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24001
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 6.21%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 13:57
Updated-12 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PPO Call To Actions plugin <= 0.1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PPO Việt Nam (ppo.vn) PPO Call To Actions allows Cross Site Request Forgery. This issue affects PPO Call To Actions: from n/a through 0.1.3.

Action-Not Available
Vendor-PPO Việt Nam (ppo.vn)
Product-PPO Call To Actions
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23508
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 6.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Extra Options – Favicons plugin <= 1.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in EdesaC Extra Options – Favicons allows Stored XSS.This issue affects Extra Options – Favicons: from n/a through 1.1.0.

Action-Not Available
Vendor-EdesaC
Product-Extra Options – Favicons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23990
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.18%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 08:23
Updated-10 Feb, 2025 | 22:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Scroll Styler plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in jablonczay Scroll Styler. This issue affects Scroll Styler: from n/a through 1.1.

Action-Not Available
Vendor-jablonczay
Product-Scroll Styler
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23627
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 6.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Comment-Emailer plugin <= 1.0.5 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Gordon French Comment-Emailer allows Stored XSS.This issue affects Comment-Emailer: from n/a through 1.0.5.

Action-Not Available
Vendor-Gordon French
Product-Comment-Emailer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23989
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.18%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 08:23
Updated-10 Feb, 2025 | 22:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Internal Link Builder plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi - SabLab Internal Link Builder allows Cross Site Request Forgery. This issue affects Internal Link Builder: from n/a through 1.0.

Action-Not Available
Vendor-Alessandro Piconi - SabLab
Product-Internal Link Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23900
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 6.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Genki Announcement plugin <= 1.4.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Genkisan Genki Announcement allows Cross Site Request Forgery.This issue affects Genki Announcement: from n/a through 1.4.1.

Action-Not Available
Vendor-Genkisan
Product-Genki Announcement
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23801
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 6.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Style Admin Plugin <= 1.4.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Guy Style Admin allows Stored XSS.This issue affects Style Admin: from n/a through 1.4.3.

Action-Not Available
Vendor-Benjamin Guy
Product-Style Admin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23690
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 6.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Book a Place plugin <= 0.7.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ArtkanMedia Book a Place allows Stored XSS.This issue affects Book a Place: from n/a through 0.7.1.

Action-Not Available
Vendor-ArtkanMedia
Product-Book a Place
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23557
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 6.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Find Your Reps plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Kathleen Malone Find Your Reps allows Stored XSS.This issue affects Find Your Reps: from n/a through 1.2.

Action-Not Available
Vendor-Kathleen Malone
Product-Find Your Reps
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23715
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 6.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post & Page Notes plugin <= 0.1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in RaymondDesign Post & Page Notes allows Stored XSS.This issue affects Post & Page Notes: from n/a through 0.1.1.

Action-Not Available
Vendor-RaymondDesign
Product-Post & Page Notes
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23502
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-05 Mar, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Curated Search plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in NotFound Curated Search allows Stored XSS. This issue affects Curated Search: from n/a through 1.2.

Action-Not Available
Vendor-NotFound
Product-Curated Search
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23640
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 6.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rename Author Slug plugin <= 1.2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan Rename Author Slug allows Stored XSS.This issue affects Rename Author Slug: from n/a through 1.2.0.

Action-Not Available
Vendor-Nazmul Ahsan
Product-Rename Author Slug
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23902
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 6.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Error Notification plugin <= 0.2.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Taras Dashkevych Error Notification allows Cross Site Request Forgery.This issue affects Error Notification: from n/a through 0.2.7.

Action-Not Available
Vendor-Taras Dashkevych
Product-Error Notification
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 7
  • 8
  • 9
  • ...
  • 13
  • 14
  • Next
Details not found