Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-52421

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-19 Nov, 2024 | 16:32
Updated At-19 Nov, 2024 | 20:58
Rejected At-
Credits

WordPress WP Popup Window Maker plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Popup Window Maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through 2.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:19 Nov, 2024 | 16:32
Updated At:19 Nov, 2024 | 20:58
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress WP Popup Window Maker plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Popup Window Maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through 2.0.

Affected Products
Vendor
wp-buy
Product
WP Popup Window Maker
Collection URL
https://wordpress.org/plugins
Package Name
easy-popup-lightbox-maker
Default Status
unaffected
Versions
Affected
  • From n/a through 2.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-592CAPEC-592 Stored XSS
CAPEC ID: CAPEC-592
Description: CAPEC-592 Stored XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
SOPROBRO (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/easy-popup-lightbox-maker/wordpress-wp-popup-window-maker-plugin-2-0-csrf-to-stored-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/easy-popup-lightbox-maker/wordpress-wp-popup-window-maker-plugin-2-0-csrf-to-stored-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:19 Nov, 2024 | 17:15
Updated At:19 Nov, 2024 | 21:56

Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Popup Window Maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through 2.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Secondaryaudit@patchstack.com
CWE ID: CWE-352
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/easy-popup-lightbox-maker/wordpress-wp-popup-window-maker-plugin-2-0-csrf-to-stored-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/easy-popup-lightbox-maker/wordpress-wp-popup-window-maker-plugin-2-0-csrf-to-stored-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

635Records found
CVE-2025-48308
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:36
Updated-28 Aug, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Newsletter subscription optin module plugin <= 1.2.9 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in nonletter Newsletter subscription optin module allows Stored XSS. This issue affects Newsletter subscription optin module: from n/a through 1.2.9.

Action-Not Available
Vendor-nonletter
Product-Newsletter subscription optin module
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49044
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 2.15%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-14 Aug, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Poll plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in tosend.it Simple Poll allows Stored XSS. This issue affects Simple Poll: from n/a through 1.1.1.

Action-Not Available
Vendor-tosend.it
Product-Simple Poll
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48311
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:36
Updated-28 Aug, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Invisible Optin plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in OffClicks Invisible Optin allows Stored XSS. This issue affects Invisible Optin: from n/a through 1.0.

Action-Not Available
Vendor-OffClicks
Product-Invisible Optin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48321
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:36
Updated-28 Aug, 2025 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate twitter profile widget plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in dyiosah Ultimate twitter profile widget allows Stored XSS. This issue affects Ultimate twitter profile widget: from n/a through 1.0.

Action-Not Available
Vendor-dyiosah
Product-Ultimate twitter profile widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48351
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-28 Aug, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kento Splash Screen plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PluginsPoint Kento Splash Screen allows Stored XSS. This issue affects Kento Splash Screen: from n/a through 1.4.

Action-Not Available
Vendor-PluginsPoint
Product-Kento Splash Screen
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49425
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Konami Easter Egg <= v0.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Adrian Hanft Konami Easter Egg allows Stored XSS. This issue affects Konami Easter Egg: from n/a through v0.4.

Action-Not Available
Vendor-Adrian Hanft
Product-Konami Easter Egg
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48307
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:36
Updated-28 Aug, 2025 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SEO For Images plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao SEO For Images allows Stored XSS. This issue affects SEO For Images: from n/a through 1.0.0.

Action-Not Available
Vendor-kasonzhao
Product-SEO For Images
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48320
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:36
Updated-28 Aug, 2025 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 百度分享按钮 plugin <= 1.0.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in cuckoohello 百度分享按钮 allows Stored XSS. This issue affects 百度分享按钮: from n/a through 1.0.6.

Action-Not Available
Vendor-cuckoohello
Product-百度分享按钮
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48109
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:36
Updated-28 Aug, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress XM-Backup plugin <= 0.9.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Xavier Media XM-Backup allows Stored XSS. This issue affects XM-Backup: from n/a through 0.9.1.

Action-Not Available
Vendor-Xavier Media
Product-XM-Backup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48238
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:44
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AWcode Toolkit plugin <= 1.0.18 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in awcode AWcode Toolkit allows Stored XSS. This issue affects AWcode Toolkit: from n/a through 1.0.18.

Action-Not Available
Vendor-awcode
Product-AWcode Toolkit
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48353
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-28 Aug, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Clickbank WordPress Plugin (Niche Storefront) plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in dactum Clickbank WordPress Plugin (Niche Storefront) allows Stored XSS. This issue affects Clickbank WordPress Plugin (Niche Storefront): from n/a through 1.3.5.

Action-Not Available
Vendor-dactum
Product-Clickbank WordPress Plugin (Niche Storefront)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48325
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:36
Updated-28 Aug, 2025 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Admin Theme plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in shmish111 WP Admin Theme allows Stored XSS. This issue affects WP Admin Theme: from n/a through 1.0.

Action-Not Available
Vendor-shmish111
Product-WP Admin Theme
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48304
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:36
Updated-28 Aug, 2025 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Google XML News Sitemap plugin plugin <= 0.02 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes Google XML News Sitemap plugin allows Stored XSS. This issue affects Google XML News Sitemap plugin: from n/a through 0.02.

Action-Not Available
Vendor-Gary Illyes
Product-Google XML News Sitemap plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48144
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.15%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-30 May, 2025 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Import Export For WooCommerce plugin <= 1.6.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce allows Stored XSS. This issue affects Import Export For WooCommerce: from n/a through 1.6.2.

Action-Not Available
Vendor-sidngrsidngr
Product-import_export_for_woocommerceImport Export For WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48359
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-28 Aug, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ATT YouTube Widget plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in thaihavnn07 ATT YouTube Widget allows Stored XSS. This issue affects ATT YouTube Widget: from n/a through 1.0.

Action-Not Available
Vendor-thaihavnn07
Product-ATT YouTube Widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48343
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.45%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-28 Aug, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPMU Ldap Authentication plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Aaron Axelsen WPMU Ldap Authentication allows Stored XSS. This issue affects WPMU Ldap Authentication: from n/a through 5.0.1.

Action-Not Available
Vendor-Aaron Axelsen
Product-WPMU Ldap Authentication
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48306
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:36
Updated-28 Aug, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Savyour Affiliate Partner plugin <= 2.1.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in developers savyour Savyour Affiliate Partner allows Stored XSS. This issue affects Savyour Affiliate Partner: from n/a through 2.1.4.

Action-Not Available
Vendor-developers savyour
Product-Savyour Affiliate Partner
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47517
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.15%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-09 Jun, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Accept Donations with PayPal plugin <= 1.4.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Accept Donations with PayPal allows Stored XSS. This issue affects Accept Donations with PayPal: from n/a through 1.4.5.

Action-Not Available
Vendor-wppluginScott Paterson
Product-accept_donations_with_paypalAccept Donations with PayPal
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47639
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Supertext Translation and Proofreading plugin <= 4.25 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Supertext Supertext Translation and Proofreading allows Stored XSS. This issue affects Supertext Translation and Proofreading: from n/a through 4.25.

Action-Not Available
Vendor-Supertext
Product-Supertext Translation and Proofreading
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47514
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ELI's Related Posts Footer Links and Widget plugin <= 1.2.04.20 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Eli ELI's Related Posts Footer Links and Widget allows Stored XSS. This issue affects ELI's Related Posts Footer Links and Widget: from n/a through 1.2.04.20.

Action-Not Available
Vendor-Eli
Product-ELI's Related Posts Footer Links and Widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-21752
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.30%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 05:17
Updated-22 Apr, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ajax Search Lite Plugin <= 4.11.4 is vulnerable to Cross Site Scripting (XSS)

Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4.

Action-Not Available
Vendor-wp-dreamsErnest Marcinko
Product-ajax_searchAjax Search Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47685
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contribuinte Checkout plugin <= 2.0.02 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Moloni Contribuinte Checkout allows Stored XSS. This issue affects Contribuinte Checkout: from n/a through 2.0.02.

Action-Not Available
Vendor-Moloni
Product-Contribuinte Checkout
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47655
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress theMarketer plugin <= 1.4.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 theMarketer allows Stored XSS. This issue affects theMarketer: from n/a through 1.4.7.

Action-Not Available
Vendor-themarketer2023
Product-theMarketer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46497
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Navegg Analytics plugin <= 3.3.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics allows Stored XSS. This issue affects Navegg Analytics: from n/a through 3.3.3.

Action-Not Available
Vendor-Navegg
Product-Navegg Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46510
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form 7 Calendar plugin <= 3.0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in harrysudana Contact Form 7 Calendar allows Stored XSS. This issue affects Contact Form 7 Calendar: from n/a through 3.0.1.

Action-Not Available
Vendor-harrysudana
Product-Contact Form 7 Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46528
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Availability Calendar <= 0.2.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Steve Availability Calendar allows Stored XSS. This issue affects Availability Calendar: from n/a through 0.2.4.

Action-Not Available
Vendor-Steve
Product-Availability Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-43840
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 17:07
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CheckBot plugin <= 1.05 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ref CheckBot allows Stored XSS.This issue affects CheckBot: from n/a through 1.05.

Action-Not Available
Vendor-Ref
Product-CheckBot
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46522
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tabs plugin <= 4.0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Billy Bryant Tabs allows Stored XSS. This issue affects Tabs: from n/a through 4.0.3.

Action-Not Available
Vendor-Billy Bryant
Product-Tabs
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46466
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Modern Polls plugin <= 1.0.10 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in felixtz Modern Polls allows Stored XSS. This issue affects Modern Polls: from n/a through 1.0.10.

Action-Not Available
Vendor-felixtz
Product-Modern Polls
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46514
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Milat jQuery Automatic Popup plugin <= 1.3.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery Automatic Popup allows Stored XSS. This issue affects Milat jQuery Automatic Popup: from n/a through 1.3.1.

Action-Not Available
Vendor-milat
Product-Milat jQuery Automatic Popup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46435
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Time Based Greeting plugin <= 2.2.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting allows Stored XSS. This issue affects Time Based Greeting: from n/a through 2.2.2.

Action-Not Available
Vendor-Yash Binani
Product-Time Based Greeting
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46450
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress occupancyplan plugin <= 1.0.3.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan allows Stored XSS. This issue affects occupancyplan: from n/a through 1.0.3.0.

Action-Not Available
Vendor-x000x
Product-occupancyplan
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46506
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WpZon – Amazon Affiliate Plugin plugin <= 1.3 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Lora77 WpZon – Amazon Affiliate Plugin allows Reflected XSS. This issue affects WpZon – Amazon Affiliate Plugin: from n/a through 1.3.

Action-Not Available
Vendor-Lora77
Product-WpZon – Amazon Affiliate Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46442
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Loan Calculator plugin <= 1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Casey Johnson Loan Calculator allows Stored XSS. This issue affects Loan Calculator: from n/a through 1.3.

Action-Not Available
Vendor-Casey Johnson
Product-Loan Calculator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46452
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Google News plugin <= 2.5.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News allows Stored XSS. This issue affects Google News: from n/a through 2.5.1.

Action-Not Available
Vendor-Olav Kolbu
Product-Google News
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46504
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Vasaio QR Code plugin <= 1.2.5 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Olar Marius Vasaio QR Code allows Stored XSS. This issue affects Vasaio QR Code: from n/a through 1.2.5.

Action-Not Available
Vendor-Olar Marius
Product-Vasaio QR Code
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46465
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Print Science Designer plugin <= 1.3.155 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in John Weissberg Print Science Designer allows Stored XSS. This issue affects Print Science Designer: from n/a through 1.3.155.

Action-Not Available
Vendor-John Weissberg
Product-Print Science Designer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46492
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Call Now PHT Blog plugin <= 2.4.1 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog allows Stored XSS. This issue affects Call Now PHT Blog: from n/a through 2.4.1.

Action-Not Available
Vendor-Pham Thanh
Product-Call Now PHT Blog
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46520
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Related Posts via Taxonomies plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in alphasis Related Posts via Taxonomies allows Stored XSS. This issue affects Related Posts via Taxonomies: from n/a through 1.0.1.

Action-Not Available
Vendor-alphasis
Product-Related Posts via Taxonomies
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46530
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hacklog Remote Attachment <= 1.3.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Attachment allows Stored XSS. This issue affects Hacklog Remote Attachment: from n/a through 1.3.2.

Action-Not Available
Vendor-HuangYe WuDeng
Product-Hacklog Remote Attachment
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46512
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Functions Plugin plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shamim Hasan Custom Functions Plugin allows Stored XSS. This issue affects Custom Functions Plugin: from n/a through 1.1.

Action-Not Available
Vendor-Shamim Hasan
Product-Custom Functions Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46251
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.54%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 09:53
Updated-30 Apr, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VikRestaurants Table Reservations and Take-Away plugin <= 1.3.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Cross Site Request Forgery. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.3.3.

Action-Not Available
Vendor-e4jconnecte4jvikwp
Product-vikrestaurants_table_reservations_and_take-awayVikRestaurants Table Reservations and Take-Away
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46508
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced lazy load plugin <= 1.6.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao Advanced lazy load allows Stored XSS. This issue affects Advanced lazy load: from n/a through 1.6.0.

Action-Not Available
Vendor-kasonzhao
Product-Advanced lazy load
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46457
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wp Custom CMS Block plugin <= 2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in digontoahsan Wp Custom CMS Block allows Stored XSS. This issue affects Wp Custom CMS Block: from n/a through 2.1.

Action-Not Available
Vendor-digontoahsan
Product-Wp Custom CMS Block
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46507
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Unsafe Mimetypes plugin <= 0.1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimetypes allows Stored XSS. This issue affects Unsafe Mimetypes: from n/a through 0.1.4.

Action-Not Available
Vendor-ldrumm
Product-Unsafe Mimetypes
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39547
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-16 Apr, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Internal Link Optimiser plugin <= 5.1.3 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Internal Link Optimiser allows Stored XSS. This issue affects Internal Link Optimiser: from n/a through 5.1.3.

Action-Not Available
Vendor-Toast Plugins
Product-Internal Link Optimiser
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39548
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-16 Apr, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Right Click Disable OR Ban plugin <= 1.1.17 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Right Click Disable OR Ban allows Stored XSS. This issue affects Right Click Disable OR Ban: from n/a through 1.1.17.

Action-Not Available
Vendor-A WP Life
Product-Right Click Disable OR Ban
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39530
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:45
Updated-16 Apr, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Site Search 360 plugin <= 2.1.7 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in dsky Site Search 360 allows Stored XSS. This issue affects Site Search 360: from n/a through 2.1.7.

Action-Not Available
Vendor-dsky
Product-Site Search 360
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58217
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 17:45
Updated-27 Aug, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Instant Breaking News Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov Instant Breaking News allows Stored XSS. This issue affects Instant Breaking News: from n/a through 1.0.

Action-Not Available
Vendor-GeroNikolov
Product-Instant Breaking News
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39455
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.95%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:15
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress IP2Location Variables plugin <= 2.9.5 - CSRF to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ip2location IP2Location Variables allows Reflected XSS. This issue affects IP2Location Variables: from n/a through 2.9.5.

Action-Not Available
Vendor-ip2location
Product-IP2Location Variables
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 12
  • 13
  • Next
Details not found