Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-49629

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-20 Oct, 2024 | 10:05
Updated At-20 Oct, 2024 | 13:50
Rejected At-
Credits

WordPress Endless Posts Navigation plugin <= 2.2.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Fahad Mahmood Endless Posts Navigation allows Stored XSS.This issue affects Endless Posts Navigation: from n/a through 2.2.7.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:20 Oct, 2024 | 10:05
Updated At:20 Oct, 2024 | 13:50
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Endless Posts Navigation plugin <= 2.2.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Fahad Mahmood Endless Posts Navigation allows Stored XSS.This issue affects Endless Posts Navigation: from n/a through 2.2.7.

Affected Products
Vendor
Fahad Mahmood
Product
Endless Posts Navigation
Collection URL
https://wordpress.org/plugins
Package Name
endless-posts-navigation
Default Status
unaffected
Versions
Affected
  • From n/a through 2.2.7 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-592CAPEC-592 Stored XSS
CAPEC ID: CAPEC-592
Description: CAPEC-592 Stored XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
SOPROBRO (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/endless-posts-navigation/wordpress-endless-posts-navigation-plugin-2-2-7-csrf-to-stored-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/endless-posts-navigation/wordpress-endless-posts-navigation-plugin-2-2-7-csrf-to-stored-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:20 Oct, 2024 | 10:15
Updated At:22 Oct, 2024 | 18:57

Cross-Site Request Forgery (CSRF) vulnerability in Fahad Mahmood Endless Posts Navigation allows Stored XSS.This issue affects Endless Posts Navigation: from n/a through 2.2.7.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
androidbubbles
androidbubbles
>>endless_posts_navigation>>Versions before 2.2.8(exclusive)
cpe:2.3:a:androidbubbles:endless_posts_navigation:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/endless-posts-navigation/wordpress-endless-posts-navigation-plugin-2-2-7-csrf-to-stored-xss-vulnerability?_s_id=cveaudit@patchstack.com
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/endless-posts-navigation/wordpress-endless-posts-navigation-plugin-2-2-7-csrf-to-stored-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

842Records found
CVE-2025-31404
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AF Tell a Friend plugin <= 1.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wladyslaw Madejczyk AF Tell a Friend allows Stored XSS. This issue affects AF Tell a Friend: from n/a through 1.4.

Action-Not Available
Vendor-Wladyslaw Madejczyk
Product-AF Tell a Friend
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31583
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Copy Media URL plugin <= 2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Copy Media URL allows Stored XSS. This issue affects WP Copy Media URL: from n/a through 2.1.

Action-Not Available
Vendor-Ashish Ajani
Product-WP Copy Media URL
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31435
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG-0.01%
Published-28 Mar, 2025 | 11:54
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Microblog Poster plugin <= 2.1.6 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Efficient Scripts Microblog Poster allows Stored XSS. This issue affects Microblog Poster: from n/a through 2.1.6.

Action-Not Available
Vendor-Efficient Scripts
Product-Microblog Poster
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31375
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Scheduled plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp Scheduled allows Stored XSS. This issue affects Scheduled: from n/a through 1.0.

Action-Not Available
Vendor-bhoogterp
Product-Scheduled
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31444
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG-0.01%
Published-28 Mar, 2025 | 11:54
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShowTime Slideshow plugin <= 1.6 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in youtag ShowTime Slideshow allows Stored XSS. This issue affects ShowTime Slideshow: from n/a through 1.6.

Action-Not Available
Vendor-youtag
Product-ShowTime Slideshow
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31617
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PostmarkApp Email Integrator plugin <= 2.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Gagan Deep Singh PostmarkApp Email Integrator allows Cross Site Request Forgery. This issue affects PostmarkApp Email Integrator: from n/a through 2.4.

Action-Not Available
Vendor-Gagan Deep Singh
Product-PostmarkApp Email Integrator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31585
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Leadfox for WordPress plugin <= 2.1.8 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in leadfox Leadfox for WordPress allows Cross Site Request Forgery. This issue affects Leadfox for WordPress: from n/a through 2.1.8.

Action-Not Available
Vendor-leadfox
Product-Leadfox for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30787
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG-0.01%
Published-27 Mar, 2025 | 10:54
Updated-27 Mar, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup allows Stored XSS. This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through 5.25.08.

Action-Not Available
Vendor-Eli
Product-EZ SQL Reports Shortcode Widget and DB Backup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30995
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Widgetize Pages Light plugin <= 3.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Widgetize Pages Light allows Stored XSS. This issue affects Widgetize Pages Light: from n/a through 3.0.

Action-Not Available
Vendor-OTWthemes
Product-Widgetize Pages Light
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31391
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Script Compressor plugin <= 1.7.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in regen Script Compressor allows Stored XSS. This issue affects Script Compressor: from n/a through 1.7.1.

Action-Not Available
Vendor-regen
Product-Script Compressor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30769
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG-0.01%
Published-27 Mar, 2025 | 10:54
Updated-27 Mar, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WIP WooCarousel Lite plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in alexvtn WIP WooCarousel Lite allows Stored XSS. This issue affects WIP WooCarousel Lite: from n/a through 1.1.7.

Action-Not Available
Vendor-alexvtn
Product-WIP WooCarousel Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31623
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rich Text Editor plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich Text Editor allows Stored XSS. This issue affects Rich Text Editor: from n/a through 1.0.1.

Action-Not Available
Vendor-richtexteditor
Product-Rich Text Editor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-3099
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 1.03%
||
7 Day CHG-0.02%
Published-02 Apr, 2025 | 09:21
Updated-02 Apr, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advanced Search by My Solr Server <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Advanced Search by My Solr Server plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the 'MySolrServerSettings' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-dbejean
Product-Advanced Search by My Solr Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31402
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NewsBoard Post and RSS Scroller plugin <= 1.2.12 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in NewsBoard Plugin NewsBoard Post and RSS Scroller allows Stored XSS. This issue affects NewsBoard Post and RSS Scroller: from n/a through 1.2.12.

Action-Not Available
Vendor-NewsBoard Plugin
Product-NewsBoard Post and RSS Scroller
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31566
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rio Video Gallery plugin <= 2.3.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in riosisgroup Rio Video Gallery allows Stored XSS. This issue affects Rio Video Gallery: from n/a through 2.3.6.

Action-Not Available
Vendor-riosisgroup
Product-Rio Video Gallery
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31032
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pagopar – WooCommerce Gateway plugin <= 2.7.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Pagopar - Grupo M S.A. Pagopar &#8211; WooCommerce Gateway allows Stored XSS. This issue affects Pagopar &#8211; WooCommerce Gateway: from n/a through 2.7.1.

Action-Not Available
Vendor-Pagopar - Grupo M S.A.
Product-Pagopar &#8211; WooCommerce Gateway
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30919
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG-0.01%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Store Locator Widget plugin <= 20200131 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Store Locator Widgets Store Locator Widget allows Stored XSS. This issue affects Store Locator Widget: from n/a through 20200131.

Action-Not Available
Vendor-Store Locator Widgets
Product-Store Locator Widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31616
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Varnish WordPress plugin <= 1.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in AdminGeekZ Varnish WordPress allows Cross Site Request Forgery. This issue affects Varnish WordPress: from n/a through 1.7.

Action-Not Available
Vendor-AdminGeekZ
Product-Varnish WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31459
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG-0.01%
Published-28 Mar, 2025 | 11:54
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Login Alert plugin <= 0.2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PasqualePuzio Login Alert allows Stored XSS. This issue affects Login Alert: from n/a through 0.2.1.

Action-Not Available
Vendor-PasqualePuzio
Product-Login Alert
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31401
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MMX – Make Me Christmas plugin <= 1.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in mmetrodw MMX &#8211; Make Me Christmas allows Stored XSS. This issue affects MMX &#8211; Make Me Christmas: from n/a through 1.0.0.

Action-Not Available
Vendor-mmetrodw
Product-MMX &#8211; Make Me Christmas
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31026
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Comment Validation Reloaded plugin <= 0.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Austin Comment Validation Reloaded allows Stored XSS. This issue affects Comment Validation Reloaded: from n/a through 0.5.

Action-Not Available
Vendor-Austin
Product-Comment Validation Reloaded
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30908
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 13:27
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Web Directory Free plugin <= 1.7.6 - CSRF to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shamalli Web Directory Free allows Stored XSS. This issue affects Web Directory Free: from n/a through 1.7.6.

Action-Not Available
Vendor-Shamalli
Product-Web Directory Free
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31390
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Crowd plugin <= 0.9.6.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in bdoga Social Crowd allows Stored XSS. This issue affects Social Crowd: from n/a through 0.9.6.1.

Action-Not Available
Vendor-bdoga
Product-Social Crowd
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31570
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Related Posts Widget with Thumbnails plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in wp-buy Related Posts Widget with Thumbnails allows Stored XSS. This issue affects Related Posts Widget with Thumbnails: from n/a through 1.2.

Action-Not Available
Vendor-wp-buy
Product-Related Posts Widget with Thumbnails
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31385
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:13
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Site Table of Contents plugin <= 0.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Site Table of Contents allows Stored XSS. This issue affects Site Table of Contents: from n/a through 0.3.

Action-Not Available
Vendor-intelcaprep
Product-Site Table of Contents
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31460
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG-0.01%
Published-28 Mar, 2025 | 11:54
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress OmniLeads Scripts and Tags Manager plugin <= 1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in danielmuldernl OmniLeads Scripts and Tags Manager allows Stored XSS. This issue affects OmniLeads Scripts and Tags Manager: from n/a through 1.3.

Action-Not Available
Vendor-danielmuldernl
Product-OmniLeads Scripts and Tags Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31393
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Bookmarking RELOADED plugin <= 3.18 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in vfvalent Social Bookmarking RELOADED allows Stored XSS. This issue affects Social Bookmarking RELOADED: from n/a through 3.18.

Action-Not Available
Vendor-vfvalent
Product-Social Bookmarking RELOADED
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31382
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Language Field plugin <= 0.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in theode Language Field allows Stored XSS. This issue affects Language Field: from n/a through 0.9.

Action-Not Available
Vendor-theode
Product-Language Field
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31613
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AB Google Map Travel plugin <= 4.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. AB Google Map Travel allows Cross Site Request Forgery. This issue affects AB Google Map Travel : from n/a through 4.6.

Action-Not Available
Vendor-Aboobacker.
Product-AB Google Map Travel
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31569
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wordpress related Posts with thumbnails plugin <= 3.0.0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in wp-buy wordpress related Posts with thumbnails allows Stored XSS. This issue affects wordpress related Posts with thumbnails: from n/a through 3.0.0.1.

Action-Not Available
Vendor-wp-buy
Product-wordpress related Posts with thumbnails
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30550
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CallPhone'r plugin <= 1.1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WPShop.ru CallPhone'r allows Stored XSS. This issue affects CallPhone'r: from n/a through 1.1.1.

Action-Not Available
Vendor-WPShop.ru
Product-CallPhone'r
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30555
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.85%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPres 同步微博 plugin <= 1.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in iiiryan WordPres 同步微博 allows Stored XSS. This issue affects WordPres 同步微博: from n/a through 1.1.0.

Action-Not Available
Vendor-iiiryan
Product-WordPres 同步微博
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30565
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.85%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-01 Apr, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress banner-manager plugin <= 16.04.19 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in karrikas banner-manager allows Stored XSS. This issue affects banner-manager: from n/a through 16.04.19.

Action-Not Available
Vendor-karrikas
Product-banner-manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30583
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-24 Mar, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pro Rank Tracker plugin <= 1.0.0 - CSRF to Stored XSS Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ProRankTracker Pro Rank Tracker allows Stored XSS. This issue affects Pro Rank Tracker: from n/a through 1.0.0.

Action-Not Available
Vendor-ProRankTracker
Product-Pro Rank Tracker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30561
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.85%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-24 Mar, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CAS Maestro plugin <= 1.1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Henrique Mouta CAS Maestro allows Stored XSS. This issue affects CAS Maestro: from n/a through 1.1.3.

Action-Not Available
Vendor-Henrique Mouta
Product-CAS Maestro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30746
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 1.76%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-22 Jul, 2025 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iStore accessible data as well as unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-Oracle iStore
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30558
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.85%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ANAC XML Render plugin <= 1.5.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in EnzoCostantini55 ANAC XML Render allows Stored XSS. This issue affects ANAC XML Render: from n/a through 1.5.7.

Action-Not Available
Vendor-EnzoCostantini55
Product-ANAC XML Render
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30572
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.85%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-31 Mar, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Rating plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Igor Yavych Simple Rating allows Stored XSS. This issue affects Simple Rating: from n/a through 1.4.

Action-Not Available
Vendor-Igor Yavych
Product-Simple Rating
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30577
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.85%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-25 Mar, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Browser Address Bar Color plugin <= 3.3 - Cross Site Request Forgery (CSRF) to Stored XSS Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in mendibass Browser Address Bar Color allows Stored XSS. This issue affects Browser Address Bar Color: from n/a through 3.3.

Action-Not Available
Vendor-mendibass
Product-Browser Address Bar Color
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-11084
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.12% / 32.40%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 19:30
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.

Action-Not Available
Vendor-n/aMattermost, Inc.
Product-mattermost_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30587
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-25 Mar, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LH OGP Meta plugin <= 1.73 - CSRF to Stored XSS Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in shawfactor LH OGP Meta allows Stored XSS. This issue affects LH OGP Meta: from n/a through 1.73.

Action-Not Available
Vendor-shawfactor
Product-LH OGP Meta
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30588
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-25 Mar, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Map Contact plugin <= 3.0.4 - CSRF to Stored XSS Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ryan_xantoo Map Contact allows Stored XSS. This issue affects Map Contact: from n/a through 3.0.4.

Action-Not Available
Vendor-ryan_xantoo
Product-Map Contact
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30608
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.61%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-24 Mar, 2025 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress SQL Backup - <= <= 3.5.2 Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress SQL Backup allows Stored XSS. This issue affects WordPress SQL Backup: from n/a through 3.5.2.

Action-Not Available
Vendor-Anthony
Product-WordPress SQL Backup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30560
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.85%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-24 Mar, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress jQuery Dropdown Menu plugin <= 3.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Sana Ullah jQuery Dropdown Menu allows Stored XSS. This issue affects jQuery Dropdown Menu: from n/a through 3.0.

Action-Not Available
Vendor-Sana Ullah
Product-jQuery Dropdown Menu
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30586
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-25 Mar, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress cTabs plugin <= 1.3 - CSRF to Stored XSS Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in bbodine1 cTabs allows Stored XSS. This issue affects cTabs: from n/a through 1.3.

Action-Not Available
Vendor-bbodine1
Product-cTabs
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30552
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress Admin Bar Improved plugin <= 3.3.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Donald Gilbert WordPress Admin Bar Improved allows Stored XSS. This issue affects WordPress Admin Bar Improved: from n/a through 3.3.5.

Action-Not Available
Vendor-Donald Gilbert
Product-WordPress Admin Bar Improved
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30621
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.61%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-24 Mar, 2025 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Translator plugin <= 0.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator allows Stored XSS. This issue affects Translator: from n/a through 0.3.

Action-Not Available
Vendor-kornelly
Product-Translator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30620
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.61%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-24 Mar, 2025 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Odoo Form Integrator plugin <=1.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in coderscom WP Odoo Form Integrator allows Stored XSS. This issue affects WP Odoo Form Integrator: from n/a through 1.1.0.

Action-Not Available
Vendor-coderscom
Product-WP Odoo Form Integrator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30603
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.61%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-25 Mar, 2025 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CopyLink plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in DEJAN CopyLink allows Stored XSS. This issue affects CopyLink: from n/a through 1.1.

Action-Not Available
Vendor-DEJAN
Product-CopyLink
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30584
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.43%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-25 Mar, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AlphaOmega Captcha & Anti-Spam Filter plugin <= 3.3 - CSRF to Stored XSS Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in alphaomegaplugins AlphaOmega Captcha &amp; Anti-Spam Filter allows Stored XSS. This issue affects AlphaOmega Captcha &amp; Anti-Spam Filter: from n/a through 3.3.

Action-Not Available
Vendor-alphaomegaplugins
Product-AlphaOmega Captcha &amp; Anti-Spam Filter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • ...
  • 16
  • 17
  • Next
Details not found