Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-35673

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-05 Jun, 2024 | 13:22
Updated At-02 Aug, 2024 | 03:14
Rejected At-
Credits

WordPress Pure Chat plugin <= 2.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Pure Chat by Ruby Pure Chat.This issue affects Pure Chat: from n/a through 2.22.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:05 Jun, 2024 | 13:22
Updated At:02 Aug, 2024 | 03:14
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Pure Chat plugin <= 2.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Pure Chat by Ruby Pure Chat.This issue affects Pure Chat: from n/a through 2.22.

Affected Products
Vendor
Pure Chat by Ruby
Product
Pure Chat
Collection URL
https://wordpress.org/plugins
Package Name
pure-chat
Default Status
unaffected
Versions
Affected
  • From n/a through 2.22 (custom)
    • -> unaffectedfrom2.3
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update to 2.3 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
Majed Refaea (Patchstack Alliance)
Timeline
EventDate
Vendor notified about the vulnerability.2024-02-20 09:29:00
Event: Vendor notified about the vulnerability.
Date: 2024-02-20 09:29:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/pure-chat/wordpress-pure-chat-plugin-2-22-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/pure-chat/wordpress-pure-chat-plugin-2-22-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
pure_chat_by_ruby
Product
pure_chat
CPEs
  • cpe:2.3:a:pure_chat_by_ruby:pure_chat:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 through 2.22 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/pure-chat/wordpress-pure-chat-plugin-2-22-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/pure-chat/wordpress-pure-chat-plugin-2-22-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:05 Jun, 2024 | 14:15
Updated At:14 Jun, 2024 | 18:14

Cross-Site Request Forgery (CSRF) vulnerability in Pure Chat by Ruby Pure Chat.This issue affects Pure Chat: from n/a through 2.22.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
purechat
purechat
>>pure_chat>>Versions before 2.3(exclusive)
cpe:2.3:a:purechat:pure_chat:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/pure-chat/wordpress-pure-chat-plugin-2-22-cross-site-request-forgery-csrf-vulnerability?_s_id=cveaudit@patchstack.com
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/pure-chat/wordpress-pure-chat-plugin-2-22-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2075Records found
CVE-2025-14168
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.29%
||
7 Day CHG~0.00%
Published-20 Dec, 2025 | 03:20
Updated-23 Dec, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP DB Booster <= 1.0.1 - Cross-Site Request Forgery to Database Cleanup

The WP DB Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the cleanup_all AJAX action. This makes it possible for unauthenticated attackers to delete database records including post drafts, revisions, comments, and metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-wpmaniax
Product-WP DB Booster
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-4872
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.72%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 20:31
Updated-27 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WooCommerce Chained Products < 2.12.0 - Unauthenticated Arbitrary Options Update to 'no'

The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'

Action-Not Available
Vendor-chained_products_projectUnknown
Product-chained_productsChained Products
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2025-14117
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 17.01%
||
7 Day CHG~0.00%
Published-06 Dec, 2025 | 05:32
Updated-12 Dec, 2025 | 12:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fit2cloud Halo cross-site request forgery

A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-FIT2CLOUD Inc.
Product-haloHalo
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2022-47172
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.63%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 14:36
Updated-30 Sep, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooLentor Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions.

Action-Not Available
Vendor-HasTech IT Limited (HasThemes)
Product-woolentor_-_woocommerce_elementor_addons_\+_builderShopLentor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47148
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.33%
||
7 Day CHG~0.00%
Published-01 Mar, 2023 | 14:25
Updated-13 Jan, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce PDF Invoices & Packing Slips Plugin <= 3.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup dismiss.

Action-Not Available
Vendor-wpovernightWP Overnight
Product-woocommerce_pdf_invoices\&_packing_slipsPDF Invoices & Packing Slips for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47136
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.38%
||
7 Day CHG+0.01%
Published-25 May, 2023 | 11:45
Updated-08 Jan, 2025 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ninja Tables Plugin <= 4.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC Ninja Tables – Best Data Table Plugin for WordPress plugin <= 4.3.4 versions.

Action-Not Available
Vendor-wpmanageninjaWPManageNinja LLC
Product-ninja_tablesNinja Tables – Best Data Table Plugin for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-13363
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.21%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 03:20
Updated-15 Dec, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IMAQ Core <= 1.2.1 - Cross-Site Request Forgery to URL Structure Update

The IMAQ Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the URL structure settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's URL structure settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-imaqpress
Product-IMAQ CORE
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47178
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.38%
||
7 Day CHG+0.01%
Published-25 May, 2023 | 11:49
Updated-08 Jan, 2025 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Share Buttons Adder Plugin <= 8.4.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Simple Share Buttons Simple Share Buttons Adder plugin <= 8.4.7 versions.

Action-Not Available
Vendor-simplesharebuttonsSimple Share Buttons
Product-simple_share_buttons_adderSimple Share Buttons Adder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47166
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.39%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 09:09
Updated-13 Jan, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Void Contact Form 7 Widget For Elementor Page Builder Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.1.1 versions.

Action-Not Available
Vendor-voidcodersvoidCoders
Product-void_contact_form_7_widget_for_elementor_page_builderVoid Contact Form 7 Widget For Elementor Page Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47165
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.38%
||
7 Day CHG+0.01%
Published-25 May, 2023 | 09:07
Updated-08 Jan, 2025 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CoSchedule Plugin <= 3.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin <= 3.3.8 versions.

Action-Not Available
Vendor-coscheduleCoSchedule
Product-coscheduleCoSchedule
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47169
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.63%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 12:09
Updated-25 Sep, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Visibility Logic for Elementor Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in StaxWP Visibility Logic for Elementor plugin <= 2.3.4 versions.

Action-Not Available
Vendor-staxwpStaxWP
Product-visibility_logic_for_elementorVisibility Logic for Elementor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47142
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.15%
||
7 Day CHG+0.02%
Published-22 May, 2023 | 08:52
Updated-09 Jan, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mediamatic – Media Library Folders Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions.

Action-Not Available
Vendor-mediamaticPlugincraft
Product-media_library_foldersMediamatic – Media Library Folders
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-14062
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.21%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 03:20
Updated-12 Dec, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Animated Pixel Marquee Creator <= 1.0.0 - Cross-Site Request Forgery via 'marquee' Parameter

The Animated Pixel Marquee Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery via the 'marquee' parameter in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the marquee deletion function. This makes it possible for unauthenticated attackers to delete arbitrary marquees via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-tekafran
Product-Animated Pixel Marquee Creator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47135
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.02%
||
7 Day CHG+0.02%
Published-25 May, 2023 | 08:06
Updated-08 Jan, 2025 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chronoforms Plugin <= 7.0.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Chronoforms plugin <= 7.0.9 versions.

Action-Not Available
Vendor-chronoenginechronoengine.com
Product-chronoformsChronoforms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47447
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.38%
||
7 Day CHG+0.01%
Published-24 May, 2023 | 16:10
Updated-08 Jan, 2025 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-Advanced-Search Plugin <= 3.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin <= 3.3.8 versions.

Action-Not Available
Vendor-internet-formationMathieu Chartier
Product-wp-advanced-searchWordPress WP-Advanced-Search
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47155
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.39%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 06:58
Updated-13 Jan, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slider by Supsystic Plugin <= 1.8.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by Supsystic plugin <= 1.8.5 versions.

Action-Not Available
Vendor-supsysticSupsystic
Product-sliderSlider by Supsystic
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47149
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.38%
||
7 Day CHG+0.01%
Published-25 May, 2023 | 09:13
Updated-08 Jan, 2025 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Shortlinks by Pretty Links Plugin <= 3.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 3.4.0 versions.

Action-Not Available
Vendor-upressPretty Links
Product-enable_accessibilityPretty Links
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-13361
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.63%
||
7 Day CHG~0.00%
Published-21 Dec, 2025 | 03:20
Updated-23 Dec, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Web to SugarCRM Lead <= 1.0.0 - Cross-Site Request Forgery to Custom Field Deletion

The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the custom field deletion functionality. This makes it possible for unauthenticated attackers to delete custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-dipesh_patel
Product-Web to SugarCRM Lead
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47164
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.38%
||
7 Day CHG+0.01%
Published-25 May, 2023 | 08:27
Updated-08 Jan, 2025 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Event Manager for WooCommerce Plugin <= 3.7.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.7.7 versions.

Action-Not Available
Vendor-MagePeople
Product-event_manager_and_tickets_selling_plugin_for_woocommerceEvent Manager and Tickets Selling Plugin for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47180
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.02%
||
7 Day CHG+0.02%
Published-24 May, 2023 | 15:55
Updated-08 Jan, 2025 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kopa Framework Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Framework plugin <= 1.3.5 versions.

Action-Not Available
Vendor-kopathemeKopa Theme
Product-kopa_frameworkKopa Framework
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47130
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-3.12% / 86.56%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page.

Action-Not Available
Vendor-n/aCreativeitem
Product-academy_lmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47138
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.38%
||
7 Day CHG+0.01%
Published-25 May, 2023 | 08:14
Updated-08 Jan, 2025 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LOGIN AND REGISTRATION ATTEMPTS LIMIT Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin <= 2.1 versions.

Action-Not Available
Vendor-login_and_registration_attempts_limit_projectGerman Krutov
Product-login_and_registration_attempts_limitLOGIN AND REGISTRATION ATTEMPTS LIMIT
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47143
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.39%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 08:58
Updated-13 Jan, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG plugin <= 3.3.9 versions.

Action-Not Available
Vendor-ThemeisleThemeisle
Product-multiple_page_generatorMultiple Page Generator Plugin – MPG
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47422
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.54%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 08:47
Updated-13 Jan, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress Stripe Donation and Payment Plugin Plugin <= 3.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin <= 3.1.5 versions.

Action-Not Available
Vendor-hmpluginHM Plugin
Product-accept_stripe_donation_-_aidwpAccept Stripe Donation – AidWP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-13685
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.62%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 06:40
Updated-02 Dec, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Photo Gallery by Ays <= 6.4.8 - Cross-Site Request Forgery to Bulk Actions

The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.8. This is due to missing nonce verification on the bulk action functionality in the 'process_bulk_action()' function. This makes it possible for unauthenticated attackers to perform bulk operations (delete, publish, or unpublish galleries) via a forged request granted they can trick an administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-AYS Pro Extensions
Product-Photo Gallery by Ays – Responsive Image Gallery
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47440
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.39%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 09:14
Updated-13 Jan, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress My Tickets Plugin <= 1.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Tickets plugin <= 1.9.10 versions.

Action-Not Available
Vendor-my_tickets_projectJoseph C Dolson
Product-my_ticketsMy Tickets
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47175
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.49%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 12:45
Updated-19 Sep, 2024 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Royal Elementor Addons Plugin <= 1.3.75 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions.

Action-Not Available
Vendor-Royal Elementor Addons
Product-royal_elementor_addonsRoyal Elementor Addons and Templates
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47179
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 30.52%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 14:59
Updated-13 Jan, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress OWM Weather Plugin <= 5.6.11 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a draft.

Action-Not Available
Vendor-ujsoftwareUwe Jacobs
Product-owm_weatherOWM Weather
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47161
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.38%
||
7 Day CHG+0.01%
Published-25 May, 2023 | 09:04
Updated-08 Jan, 2025 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Health Check & Troubleshooting Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions.

Action-Not Available
Vendor-The WordPress.org communityWordPress.org
Product-health_check_\&_troubleshootingHealth Check & Troubleshooting
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47134
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.44%
||
7 Day CHG~0.00%
Published-20 May, 2023 | 22:51
Updated-09 Jan, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallery Metabox Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Gallery Metabox plugin <= 1.5 versions.

Action-Not Available
Vendor-gallery_metabox_projectBill Erickson
Product-gallery_metaboxGallery Metabox
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47612
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.33%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 14:51
Updated-13 Jan, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Participants Database Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update.

Action-Not Available
Vendor-xnauRoland Barker, xnau webdesign
Product-participants_databaseParticipants Database
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-4845
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.7||MEDIUM
EPSS-0.09% / 25.81%
||
7 Day CHG~0.00%
Published-29 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in usememos/memos

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

Action-Not Available
Vendor-Usememos
Product-memosusememos/memos
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-45823
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.49%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 07:50
Updated-11 Oct, 2024 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video Contest WordPress Plugin Plugin <= 3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Video Contest WordPress plugin <= 3.2 versions.

Action-Not Available
Vendor-video_contest_wordpress_projectGalleryPlugins
Product-video_contest_wordpressVideo Contest WordPress Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46806
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.70%
||
7 Day CHG~0.00%
Published-01 Mar, 2023 | 14:16
Updated-13 Jan, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cart All In One For WooCommerce Plugin <= 1.1.10 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All In One For WooCommerce plugin <= 1.1.10 leading to cart modification.

Action-Not Available
Vendor-VillaTheme
Product-cart_all_in_one_for_woocommerceCart All In One For WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46813
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.38%
||
7 Day CHG+0.01%
Published-23 May, 2023 | 14:49
Updated-08 Jan, 2025 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Database Cleaner Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner plugin <= 3.1.1 versions.

Action-Not Available
Vendor-sigmapluginYounes JFR.
Product-advanced_database_cleanerAdvanced Database Cleaner
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46865
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.38%
||
7 Day CHG+0.01%
Published-25 May, 2023 | 08:40
Updated-08 Jan, 2025 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bulk Resize Media Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Bulk Resize Media plugin <= 1.1 versions.

Action-Not Available
Vendor-bulk_resize_media_projectMarty Thornley
Product-bulk_resize_mediaBulk Resize Media
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46853
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.15%
||
7 Day CHG+0.02%
Published-23 May, 2023 | 13:12
Updated-15 Apr, 2025 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Post Grid Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 5.0.4 versions.

Action-Not Available
Vendor-radiusthemeRadiusTheme
Product-the_post_gridThe Post Grid
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46794
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.38%
||
7 Day CHG+0.01%
Published-24 May, 2023 | 16:00
Updated-08 Jan, 2025 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Weight Based Shipping Plugin <= 5.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in weightbasedshipping.Com WooCommerce Weight Based Shipping plugin <= 5.4.1 versions.

Action-Not Available
Vendor-weightbasedshippingweightbasedshipping.com
Product-woocommerce_weight_based_shippingWooCommerce Weight Based Shipping
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-1358
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.15%
||
7 Day CHG~0.00%
Published-16 Feb, 2025 | 19:31
Updated-18 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pix Software Vivaz cross-site request forgery

A vulnerability classified as problematic was found in Pix Software Vivaz 6.0.10. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Pix Software
Product-Vivaz
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2022-46867
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.45%
||
7 Day CHG~0.00%
Published-17 Mar, 2023 | 15:29
Updated-13 Jan, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Universal Star Rating Plugin <= 2.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Chasil Universal Star Rating plugin <= 2.1.0 version.

Action-Not Available
Vendor-universal_star_rating_projectChasil
Product-universal_star_ratingUniversal Star Rating
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46797
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.70%
||
7 Day CHG~0.00%
Published-01 Mar, 2023 | 13:43
Updated-12 Mar, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Conversios.io Plugin <= 5.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin <= 5.2.3 leads to plugin settings change.

Action-Not Available
Vendor-conversiosConversios
Product-conversiosAll-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-1383
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 11:11
Updated-19 Mar, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Podlove Podcast Publisher <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete Function

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajax_transcript_delete() function. This makes it possible for unauthenticated attackers to delete arbitrary episode transcripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-podloveeteubert
Product-podlove_podcast_publisherPodlove Podcast Publisher
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46812
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.38%
||
7 Day CHG+0.01%
Published-25 May, 2023 | 08:48
Updated-15 Jan, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions.

Action-Not Available
Vendor-VillaTheme
Product-woocommerce_thank_you_page_customizerThank You Page Customizer for WooCommerce – Increase Your Sales
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-45815
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.38%
||
7 Day CHG+0.01%
Published-25 May, 2023 | 10:59
Updated-08 Jan, 2025 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GDPR Compliance & Cookie Consent Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes GDPR Compliance & Cookie Consent plugin <= 1.2 versions.

Action-Not Available
Vendor-stylemixthemesStylemixThemes
Product-gdpr_compliance_\&_cookie_consentGDPR Compliance & Cookie Consent
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46862
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.77%
||
7 Day CHG+0.02%
Published-14 Feb, 2023 | 11:26
Updated-13 Jan, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quiz And Survey Master Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions.

Action-Not Available
Vendor-expresstechExpressTech
Product-quiz_and_survey_masterQuiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-4564
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.78%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
University of Central Florida Materia API Controller api.php before cross-site request forgery

A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.1-alpha1 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability.

Action-Not Available
Vendor-ucfUniversity of Central Florida
Product-materiaMateria
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46810
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.33%
||
7 Day CHG+0.01%
Published-25 May, 2023 | 11:18
Updated-15 Jan, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions.

Action-Not Available
Vendor-VillaTheme
Product-woocommerce_thank_you_page_customizerThank You Page Customizer for WooCommerce – Increase Your Sales
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46816
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.38%
||
7 Day CHG+0.01%
Published-24 May, 2023 | 15:45
Updated-08 Jan, 2025 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Booking Ultra Pro Plugin <= 1.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.4 versions.

Action-Not Available
Vendor-bookingultraproBooking Ultra Pro
Product-booking_ultra_pro_appointments_booking_calendarBooking Ultra Pro Appointments Booking Calendar Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-13438
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 1.56%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 04:36
Updated-19 Feb, 2026 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Page Title, Description & Open Graph Updater <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title Modification

The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dieno_update_page_title. This makes it possible for unauthenticated attackers to update page titles and metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-dienodigital
Product-Page Title, Description & Open Graph Updater
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-45367
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.38%
||
7 Day CHG+0.01%
Published-25 May, 2023 | 09:55
Updated-08 Jan, 2025 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Order Numbers for WooCommerce Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Custom Order Numbers for WooCommerce plugin <= 1.4.0 versions.

Action-Not Available
Vendor-tychesoftwaresTyche Softwares
Product-custom_order_numbers_for_woocommerceCustom Order Numbers for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 41
  • 42
  • Next
Details not found