Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-10930

Summary
Assigner-drupal
Assigner Org ID-2c85b837-eb8b-40ed-9d74-228c62987387
Published At-29 Oct, 2025 | 23:13
Updated At-30 Oct, 2025 | 13:27
Rejected At-
Credits

Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:drupal
Assigner Org ID:2c85b837-eb8b-40ed-9d74-228c62987387
Published At:29 Oct, 2025 | 23:13
Updated At:30 Oct, 2025 | 13:27
Rejected At:
▼CVE Numbering Authority (CNA)
Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.

Affected Products
Vendor
The Drupal AssociationDrupal
Product
Currency
Collection URL
https://www.drupal.org/project/currency
Repo
https://git.drupalcode.org/project/currency
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 3.5.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62CAPEC-62 Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: CAPEC-62 Cross Site Request Forgery
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Juraj Nemec (poker10)
remediation developer
Sascha Grossenbacher (berdir)
remediation developer
Pieter Frenssen (pfrenssen)
coordinator
Juraj Nemec (poker10)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.drupal.org/sa-contrib-2025-110
N/A
Hyperlink: https://www.drupal.org/sa-contrib-2025-110
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:mlhess@drupal.org
Published At:30 Oct, 2025 | 00:15
Updated At:12 Dec, 2025 | 18:06

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CPE Matches
2bits
2bits
>>currency>>Versions before 8.x-3.5(exclusive)
cpe:2.3:a:2bits:currency:*:*:*:*:*:drupal:*:*
Weaknesses
CWE IDTypeSource
CWE-352Secondarymlhess@drupal.org
CWE ID: CWE-352
Type: Secondary
Source: mlhess@drupal.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.drupal.org/sa-contrib-2025-110mlhess@drupal.org
Patch
Vendor Advisory
Hyperlink: https://www.drupal.org/sa-contrib-2025-110
Source: mlhess@drupal.org
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2126Records found
CVE-2025-32274
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-07 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress w3all phpBB integration Plugin <= 2.9.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB allows Cross Site Request Forgery. This issue affects WP w3all phpBB: from n/a through 2.9.2.

Action-Not Available
Vendor-axew3
Product-WP w3all phpBB
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32261
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-08 Apr, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced All in One Admin Search by WP Spotlight <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Kuppuraj Advanced All in One Admin Search by WP Spotlight allows Cross Site Request Forgery. This issue affects Advanced All in One Admin Search by WP Spotlight: from n/a through 1.1.1.

Action-Not Available
Vendor-Kuppuraj
Product-Advanced All in One Admin Search by WP Spotlight
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32264
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-08 Apr, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UltraAddons – Elementor Addons plugin <= 2.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam UltraAddons Elementor Lite allows Cross Site Request Forgery. This issue affects UltraAddons Elementor Lite: from n/a through 2.0.0.

Action-Not Available
Vendor-Saiful Islam
Product-UltraAddons Elementor Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-4014
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.63%
||
7 Day CHG~0.00%
Published-16 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FeehiCMS Post My Comment Tab cross-site request forgery

A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this vulnerability is VDB-213788.

Action-Not Available
Vendor-feehiunspecified
Product-feehicmsFeehiCMS
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32270
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-07 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Broadstreet Plugin <= 1.51.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Broadstreet Broadstreet allows Cross Site Request Forgery. This issue affects Broadstreet: from n/a through 1.51.1.

Action-Not Available
Vendor-Broadstreet
Product-Broadstreet
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32268
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-07 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress QR Code Tag for WC plugin <= 1.9.36 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in www.15.to QR Code Tag for WC allows Cross Site Request Forgery. This issue affects QR Code Tag for WC: from n/a through 1.9.36.

Action-Not Available
Vendor-www.15.to
Product-QR Code Tag for WC
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32265
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JobWP plugin <= 2.3.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.3.9.

Action-Not Available
Vendor-Hossni Mubarak
Product-JobWP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32494
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress reCAPTCHA Jetpack <= 0.2.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in bozdoz reCAPTCHA Jetpack allows Cross Site Request Forgery. This issue affects reCAPTCHA Jetpack: from n/a through 0.2.2.

Action-Not Available
Vendor-bozdoz
Product-reCAPTCHA Jetpack
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32263
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-08 Apr, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sequential Order Numbers for WooCommerce plugin <= 3.6.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in BeRocket Sequential Order Numbers for WooCommerce allows Cross Site Request Forgery. This issue affects Sequential Order Numbers for WooCommerce: from n/a through 3.6.2.

Action-Not Available
Vendor-BeRocket
Product-Sequential Order Numbers for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-41730
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 33.58%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 07:47
Updated-17 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SendPress Newsletters Plugin <= 1.22.3.31 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions.

Action-Not Available
Vendor-pressifiedSendPress
Product-sendpressSendPress Newsletters
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32269
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-07 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms allows Cross Site Request Forgery. This issue affects WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through 1.1.3.

Action-Not Available
Vendor-CRM Perks
Product-WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-3978
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.08%
||
7 Day CHG~0.00%
Published-13 Nov, 2022 | 00:00
Updated-15 Apr, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NodeBB abort cross-site request forgery

A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this issue. The name of the patch is 2f9d8c350e54543f608d3d4c8e1a49bbb6cdea38. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-213555.

Action-Not Available
Vendor-nodebbunspecified
Product-nodebbNodeBB
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32271
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-07 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woocommerce Role Pricing Plugin <= 3.5.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ablancodev Woocommerce Role Pricing allows Cross Site Request Forgery. This issue affects Woocommerce Role Pricing: from n/a through 3.5.5.

Action-Not Available
Vendor-ablancodev
Product-Woocommerce Role Pricing
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32272
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-07 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wishlist Plugin <= 1.0.44 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Wishlist allows Cross Site Request Forgery. This issue affects Wishlist: from n/a through 1.0.44.

Action-Not Available
Vendor-PickPlugins
Product-Wishlist
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31474
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 11:54
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Database Optimizer <= 1.2.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in matthewprice1178 WP Database Optimizer allows Cross Site Request Forgery. This issue affects WP Database Optimizer: from n/a through 1.2.1.3.

Action-Not Available
Vendor-matthewprice1178
Product-WP Database Optimizer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31845
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Theme Duplicator Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rohit Choudhary Theme Duplicator allows Cross Site Request Forgery. This issue affects Theme Duplicator: from n/a through 1.1.

Action-Not Available
Vendor-Rohit Choudhary
Product-Theme Duplicator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31839
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Footer Contacts Bar Plugin <= 1.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in digireturn DN Footer Contacts allows Cross Site Request Forgery. This issue affects DN Footer Contacts: from n/a through 1.8.

Action-Not Available
Vendor-digireturn
Product-DN Footer Contacts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31753
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 20:42
Updated-02 Apr, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Speed Increaser Plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Animesh Kumar Advanced Speed Increaser. This issue affects Advanced Speed Increaser: from n/a through 2.2.1.

Action-Not Available
Vendor-Animesh Kumar
Product-Advanced Speed Increaser
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31828
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.06%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-08 Jul, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy!Appointments plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in alextselegidis Easy!Appointments allows Cross Site Request Forgery. This issue affects Easy!Appointments: from n/a through 1.4.2.

Action-Not Available
Vendor-easyappointmentsalextselegidis
Product-easy\!appointmentsEasy!Appointments
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31639
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spare <= 1.7 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery. This issue affects Spare: from n/a through 1.7.

Action-Not Available
Vendor-themeton
Product-Spare
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31769
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-01 Apr, 2025 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CLP – Custom Login Page by NiteoThemes plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in NiteoThemes CLP – Custom Login Page by NiteoThemes allows Cross Site Request Forgery. This issue affects CLP – Custom Login Page by NiteoThemes: from n/a through 1.5.5.

Action-Not Available
Vendor-NiteoThemes
Product-CLP – Custom Login Page by NiteoThemes
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31751
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.82%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-01 Apr, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Breaking News WP Plugin <= 1.3 - CSRF to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in doit Breaking News WP allows Cross Site Request Forgery. This issue affects Breaking News WP: from n/a through 1.3.

Action-Not Available
Vendor-doit
Product-Breaking News WP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-3150
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 36.39%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 07:31
Updated-13 Aug, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itning Student Homework Management System cross-site request forgery

A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected.

Action-Not Available
Vendor-itningitning
Product-student-homework-management-systemStudent Homework Management System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2022-38468
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.05%
||
7 Day CHG+0.08%
Published-01 Mar, 2023 | 13:02
Updated-13 Jan, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NextGEN Gallery Plugin <= 3.28 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration.

Action-Not Available
Vendor-Imagely, LLC (Imagely)
Product-nextgen_galleryWordPress Gallery Plugin – NextGEN Gallery
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31756
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-01 Apr, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TZ PlusGallery Plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in tuyennv TZ PlusGallery allows Cross Site Request Forgery. This issue affects TZ PlusGallery: from n/a through 1.5.5.

Action-Not Available
Vendor-tuyennv
Product-TZ PlusGallery
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31600
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DesignO plugin <= 2.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in designnbuy DesignO allows Cross Site Request Forgery. This issue affects DesignO: from n/a through 2.2.0.

Action-Not Available
Vendor-designnbuy
Product-DesignO
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31572
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi Days Events and Multi Events in One Day Calendar plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in v20202020 Multi Days Events and Multi Events in One Day Calendar allows Cross Site Request Forgery. This issue affects Multi Days Events and Multi Events in One Day Calendar: from n/a through 1.1.3.

Action-Not Available
Vendor-v20202020
Product-Multi Days Events and Multi Events in One Day Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31438
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 11:54
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Supersized <= 3.1.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Benoit De Boeck WP Supersized allows Cross Site Request Forgery. This issue affects WP Supersized: from n/a through 3.1.6.

Action-Not Available
Vendor-Benoit De Boeck
Product-WP Supersized
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31840
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Fixed Notice Plugin <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in digireturn Simple Fixed Notice allows Cross Site Request Forgery. This issue affects Simple Fixed Notice: from n/a through 1.6.

Action-Not Available
Vendor-digireturn
Product-Simple Fixed Notice
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31808
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SCSS WP Editor Plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in IT Path Solutions SCSS WP Editor allows Cross Site Request Forgery. This issue affects SCSS WP Editor: from n/a through 1.1.8.

Action-Not Available
Vendor-IT Path Solutions
Product-SCSS WP Editor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31880
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:52
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pearl plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Stylemix Pearl allows Cross Site Request Forgery. This issue affects Pearl: from n/a through 1.3.9.

Action-Not Available
Vendor-Stylemix
Product-Pearl
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31602
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Apimo Connector plugin <= 2.6.3.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in apimofficiel Apimo Connector allows Cross Site Request Forgery. This issue affects Apimo Connector: from n/a through 2.6.3.1.

Action-Not Available
Vendor-apimofficiel
Product-Apimo Connector
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31601
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.82%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Appointy Appointment Scheduler plugin <= 4.2.1 - CSRF to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in appointy Appointy Appointment Scheduler allows Cross Site Request Forgery. This issue affects Appointy Appointment Scheduler: from n/a through 4.2.1.

Action-Not Available
Vendor-appointy
Product-Appointy Appointment Scheduler
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-4246
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.62%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 08:33
Updated-11 Jun, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_remote_install_handler function. This makes it possible for unauthenticated attackers to install and activate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-GiveWP
Product-givewpGiveWP – Donation Plugin and Fundraising Platform
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31775
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-01 Apr, 2025 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Google SEO Pressor for Rich snippets Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in smackcoders Google SEO Pressor Snippet allows Cross Site Request Forgery. This issue affects Google SEO Pressor Snippet: from n/a through 2.0.

Action-Not Available
Vendor-smackcoders
Product-Google SEO Pressor Snippet
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31776
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-02 Apr, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uptime Robot Plugin <= 2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows Cross Site Request Forgery. This issue affects Uptime Robot Plugin for WordPress: from n/a through 2.3.

Action-Not Available
Vendor-Aphotrax
Product-Uptime Robot Plugin for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-47305
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.08%
||
7 Day CHG~0.00%
Published-25 Sep, 2024 | 17:34
Updated-02 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Use Any Font plugin <= 6.3.08 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08.

Action-Not Available
Vendor-dineshkarkiDnesscarkey
Product-use_any_fontUse Any Font
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31784
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more Plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rudy Susanto Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more allows Cross Site Request Forgery. This issue affects Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more: from n/a through 1.4.0.

Action-Not Available
Vendor-Rudy Susanto
Product-Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31807
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Notices for WooCommerce plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CloudRedux Product Notices for WooCommerce allows Cross Site Request Forgery. This issue affects Product Notices for WooCommerce: from n/a through 1.3.3.

Action-Not Available
Vendor-CloudRedux
Product-Product Notices for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-41244
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 13:17
Updated-20 Sep, 2024 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Localize Remote Images Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions.

Action-Not Available
Vendor-buildfailBuildfail
Product-localize_remote_imagesLocalize Remote Images
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31921
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Ultimate Tours Builder <= 1.055 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Ultimate Tours Builder allows Cross Site Request Forgery. This issue affects WP Ultimate Tours Builder: from n/a through 1.055.

Action-Not Available
Vendor-loopus
Product-WP Ultimate Tours Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31888
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:52
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Multi Store Locator Plugin <= 2.5.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WPExperts.io WP Multistore Locator allows Cross Site Request Forgery. This issue affects WP Multistore Locator: from n/a through 2.5.2.

Action-Not Available
Vendor-WPExperts.io
Product-WP Multistore Locator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31410
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 08:29
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Church Donation plugin <= 1.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Church Donation allows Cross Site Request Forgery.This issue affects WP Church Donation: from n/a through 1.7.

Action-Not Available
Vendor-Ashish Ajani
Product-WP Church Donation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-41694
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.18%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 07:36
Updated-19 Feb, 2025 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Realbig Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbig For WordPress plugin <= 1.0.3 versions.

Action-Not Available
Vendor-realbigRealbig Team
Product-realbigRealbig For WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30557
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.27%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy 301 Redirects plugin <= 1.33 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in odihost Easy 301 Redirects allows Cross Site Request Forgery. This issue affects Easy 301 Redirects: from n/a through 1.33.

Action-Not Available
Vendor-odihost
Product-Easy 301 Redirects
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30833
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Verge3D Publishing and E-Commerce Plugin <= 4.8.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.8.2.

Action-Not Available
Vendor-Soft8Soft LLC
Product-Verge3D
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30888
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Fields Account Registration For Woocommerce Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce allows Cross Site Request Forgery. This issue affects Custom Fields Account Registration For Woocommerce: from n/a through 1.1.

Action-Not Available
Vendor-silverplugins217
Product-Custom Fields Account Registration For Woocommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30546
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cackle plugin <= 4.33 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in boroV Cackle allows Cross Site Request Forgery. This issue affects Cackle: from n/a through 4.33.

Action-Not Available
Vendor-boroV
Product-Cackle
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30526
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Typekit plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in lucksy Typekit plugin for WordPress allows Cross Site Request Forgery. This issue affects Typekit plugin for WordPress: from n/a through 1.2.3.

Action-Not Available
Vendor-lucksy
Product-Typekit plugin for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30865
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 3DPrint Lite plugin <= 2.1.3.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in fuzzoid 3DPrint Lite allows Cross Site Request Forgery. This issue affects 3DPrint Lite: from n/a through 2.1.3.5.

Action-Not Available
Vendor-fuzzoid
Product-3DPrint Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 21
  • 22
  • 23
  • ...
  • 42
  • 43
  • Next
Details not found