Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-10930

Summary
Assigner-drupal
Assigner Org ID-2c85b837-eb8b-40ed-9d74-228c62987387
Published At-29 Oct, 2025 | 23:13
Updated At-30 Oct, 2025 | 13:27
Rejected At-
Credits

Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:drupal
Assigner Org ID:2c85b837-eb8b-40ed-9d74-228c62987387
Published At:29 Oct, 2025 | 23:13
Updated At:30 Oct, 2025 | 13:27
Rejected At:
▼CVE Numbering Authority (CNA)
Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.

Affected Products
Vendor
The Drupal AssociationDrupal
Product
Currency
Collection URL
https://www.drupal.org/project/currency
Repo
https://git.drupalcode.org/project/currency
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 3.5.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62CAPEC-62 Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: CAPEC-62 Cross Site Request Forgery
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Juraj Nemec (poker10)
remediation developer
Sascha Grossenbacher (berdir)
remediation developer
Pieter Frenssen (pfrenssen)
coordinator
Juraj Nemec (poker10)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.drupal.org/sa-contrib-2025-110
N/A
Hyperlink: https://www.drupal.org/sa-contrib-2025-110
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:mlhess@drupal.org
Published At:30 Oct, 2025 | 00:15
Updated At:12 Dec, 2025 | 18:06

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CPE Matches
2bits
2bits
>>currency>>Versions before 8.x-3.5(exclusive)
cpe:2.3:a:2bits:currency:*:*:*:*:*:drupal:*:*
Weaknesses
CWE IDTypeSource
CWE-352Secondarymlhess@drupal.org
CWE ID: CWE-352
Type: Secondary
Source: mlhess@drupal.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.drupal.org/sa-contrib-2025-110mlhess@drupal.org
Patch
Vendor Advisory
Hyperlink: https://www.drupal.org/sa-contrib-2025-110
Source: mlhess@drupal.org
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2126Records found
CVE-2023-41667
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.44%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 17:38
Updated-18 Sep, 2024 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-dTree Plugin <= 4.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions.

Action-Not Available
Vendor-ulfbenjaminssonUlf Benjaminsson
Product-wp-dtreeWP-dTree
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47470
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG+0.06%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GPT3 AI Content Writer plugin <= 1.9.14 - Cross Site Request Forgery (CSRF) to Prompt Generation vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in senols GPT3 AI Content Writer allows Cross Site Request Forgery. This issue affects GPT3 AI Content Writer: from n/a through 1.9.14.

Action-Not Available
Vendor-senols
Product-GPT3 AI Content Writer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47597
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG+0.06%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Podcasts Manager <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Maulik Vora WP Podcasts Manager allows Cross Site Request Forgery. This issue affects WP Podcasts Manager: from n/a through 1.2.

Action-Not Available
Vendor-Maulik Vora
Product-WP Podcasts Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-40212
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.51%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 12:36
Updated-20 Sep, 2024 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Product Attachment Plugin <= 2.1.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <= 2.1.8 versions.

Action-Not Available
Vendor-multidotstheDotstore
Product-product_attachment_for_woocommerceProduct Attachment for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-4209
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.51%
||
7 Day CHG~0.00%
Published-30 Aug, 2023 | 14:22
Updated-23 Apr, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
POEditor < 0.9.8 - Settings Reset via CSRF

The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks.

Action-Not Available
Vendor-poeditorUnknown
Product-poeditorPOEditor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47446
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG+0.06%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Listamester <= 2.3.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in listamester Listamester allows Cross Site Request Forgery. This issue affects Listamester: from n/a through 2.3.6.

Action-Not Available
Vendor-listamester
Product-Listamester
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46246
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.05%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 09:53
Updated-29 Apr, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CM Answers <= 3.3.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers allows Cross Site Request Forgery. This issue affects CM Answers: from n/a through 3.3.3.

Action-Not Available
Vendor-cmindsCreativeMindsSolutions
Product-cm_answersCM Answers
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46513
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress All in One Time Clock Lite <= 1.3.324 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite allows Cross Site Request Forgery. This issue affects All in One Time Clock Lite: from n/a through 1.3.324.

Action-Not Available
Vendor-Codebangers
Product-All in One Time Clock Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-40556
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 05:30
Updated-19 Sep, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Schedule Posts Calendar Plugin <= 5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions.

Action-Not Available
Vendor-toolstackGreg Ross
Product-schedule_posts_calendarSchedule Posts Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-41852
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.15%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 08:40
Updated-17 Sep, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MailMunch – Grow your Email List Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch – Grow your Email List plugin <= 3.1.2 versions.

Action-Not Available
Vendor-mailmunchMailMunch
Product-mailmunchMailMunch – Grow your Email List
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-39917
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.15%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 11:14
Updated-19 Sep, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Gallery by Ays Plugin <= 5.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions.

Action-Not Available
Vendor-AYS Pro Extensions
Product-photo_galleryPhoto Gallery by Ays – Responsive Image Gallery
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-40559
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 14:11
Updated-19 Sep, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Dynamic Pricing and Discount Rules Plugin <= 2.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic Pricing and Discount Rules for WooCommerce plugin <= 2.4.0 versions.

Action-Not Available
Vendor-multidotstheDotstore
Product-dynamic_pricing_and_discount_rules_for_woocommerceDynamic Pricing and Discount Rules for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53456
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:25
Updated-23 Sep, 2025 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SEO Backlink Monitor Plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in activewebsight SEO Backlink Monitor allows Cross Site Request Forgery. This issue affects SEO Backlink Monitor: from n/a through 1.6.0.

Action-Not Available
Vendor-activewebsight
Product-SEO Backlink Monitor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-40008
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.15%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 12:35
Updated-19 Sep, 2024 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Org Chart Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.

Action-Not Available
Vendor-webtechforceGangesh Matta
Product-simple_org_chartSimple Org Chart
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53273
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.58%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slickstream plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Slickstream Slickstream allows Cross Site Request Forgery. This issue affects Slickstream: from n/a through 2.0.3.

Action-Not Available
Vendor-Slickstream
Product-Slickstream
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-20580
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.51%
||
7 Day CHG~0.00%
Published-29 Jun, 2021 | 15:50
Updated-17 Sep, 2024 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-3841
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.34%
||
7 Day CHG~0.00%
Published-23 Jul, 2023 | 03:00
Updated-02 Aug, 2024 | 07:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NxFilter user.jsp cross-site request forgery

A vulnerability has been found in NxFilter 4.3.2.5 and classified as problematic. This vulnerability affects unknown code of the file user.jsp. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235192. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-nxfiltern/a
Product-nxfilterNxFilter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-39158
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.51%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 13:20
Updated-20 Sep, 2024 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woocommerce Category Banner Management Plugin <= 2.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions.

Action-Not Available
Vendor-multidotstheDotstore
Product-banner_management_for_woocommerceBanner Management For WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-39286
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.49%
||
7 Day CHG~0.00%
Published-14 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.

Action-Not Available
Vendor-n/aMitel Networks Corp.
Product-connect_mobility_routern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-38739
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.69%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 15:19
Updated-05 Mar, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator cross-site request forgery

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-38268
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.12%
||
7 Day CHG~0.00%
Published-01 Dec, 2023 | 19:21
Updated-02 Aug, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server cross-site request forgery

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-38390
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.15%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 10:24
Updated-20 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mobile Address Bar Changer Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile Address Bar Changer plugin <= 3.0 versions.

Action-Not Available
Vendor-anshullabsAnshul Labs
Product-mobile_address_bar_changerMobile Address Bar Changer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-3959
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 36.36%
||
7 Day CHG~0.00%
Published-27 Apr, 2025 | 04:31
Updated-12 May, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
withstars Books-Management-System reader_delete.html cross-site request forgery

A vulnerability was found in withstars Books-Management-System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /reader_delete.html. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-withstarswithstars
Product-books-management-systemBooks-Management-System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2025-39425
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:17
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Style Manager plugin <= 2.2.7 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in pixelgrade Style Manager allows Cross Site Request Forgery. This issue affects Style Manager: from n/a through 2.2.7.

Action-Not Available
Vendor-pixelgrade
Product-Style Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37954
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.82%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 15:52
Updated-06 Nov, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build.

Action-Not Available
Vendor-Jenkins
Product-rebuilderJenkins Rebuilder Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28910
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-12 Mar, 2025 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Hide Admin Bar plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ravinder Khurana WP Hide Admin Bar allows Cross Site Request Forgery. This issue affects WP Hide Admin Bar: from n/a through 2.0.

Action-Not Available
Vendor-Ravinder Khurana
Product-WP Hide Admin Bar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28863
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.59%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-19 Mar, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Delete Original Image plugin <= 0.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Carlos Minatti Delete Original Image allows Cross Site Request Forgery. This issue affects Delete Original Image: from n/a through 0.4.

Action-Not Available
Vendor-carlosminattiCarlos Minatti
Product-delete_original_imageDelete Original Image
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28856
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.59%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-09 Apr, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress W3Counter Free Real-Time Web Stats plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in dangrossman W3Counter Free Real-Time Web Stats allows Cross Site Request Forgery. This issue affects W3Counter Free Real-Time Web Stats: from n/a through 4.1.

Action-Not Available
Vendor-w3counterdangrossman
Product-w3counterW3Counter Free Real-Time Web Stats
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28940
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:01
Updated-12 Mar, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Back To Top Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top allows Cross Site Request Forgery. This issue affects Back To Top: from n/a through 2.0.

Action-Not Available
Vendor-arkapravamajumder
Product-Back To Top
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39443
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:15
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Verge3D plugin <= 4.9.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.9.0.

Action-Not Available
Vendor-Soft8Soft LLC
Product-Verge3D
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27311
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 14:48
Updated-24 Feb, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bulk Content Creator Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in luk3thomas Bulk Content Creator allows Cross Site Request Forgery. This issue affects Bulk Content Creator: from n/a through 1.2.1.

Action-Not Available
Vendor-luk3thomas
Product-Bulk Content Creator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49896
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:03
Updated-20 Aug, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Discord Post Plus – Supports Unlimited Channels plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in wptasker WP Discord Post Plus &#8211; Supports Unlimited Channels allows Cross Site Request Forgery. This issue affects WP Discord Post Plus &#8211; Supports Unlimited Channels: from n/a through 1.0.2.

Action-Not Available
Vendor-wptasker
Product-WP Discord Post Plus &#8211; Supports Unlimited Channels
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39453
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:15
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.9.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in algol.plus Advanced Dynamic Pricing for WooCommerce allows Cross Site Request Forgery. This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.9.3.

Action-Not Available
Vendor-algol.plus
Product-Advanced Dynamic Pricing for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-5033
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.02%
||
7 Day CHG~0.00%
Published-21 May, 2025 | 17:31
Updated-20 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XiaoBingby TeaCMS addUser cross-site request forgery

A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-teacms_projectXiaoBingby
Product-teacmsTeaCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2023-37985
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 15:04
Updated-30 Sep, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Five Star Restaurant Menu Plugin <= 2.4.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin <= 2.4.6 versions.

Action-Not Available
Vendor-fivestarpluginsFiveStarPlugins
Product-five_star_restaurant_menuRestaurant Menu and Food Ordering by Five Star Plugins
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37998
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.37%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 09:51
Updated-02 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Disabler Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler allows Cross Site Request Forgery.This issue affects Disabler: from n/a through 3.0.3.

Action-Not Available
Vendor-saasSaassaas
Product-disablerDisablerdisabler
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49975
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.58%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-23 Jun, 2025 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JobWP plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.4.0.

Action-Not Available
Vendor-Hossni Mubarak
Product-JobWP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-10108
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.12%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 19:00
Updated-06 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
meitar Inline Google Spreadsheet Viewer Plugin inline-gdocs-viewer.php displayShortcode cross-site request forgery

A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The patch is identified as 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VDB-230234 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-inline_google_spreadsheet_viewer_projectmeitar
Product-inline_google_spreadsheet_viewerInline Google Spreadsheet Viewer Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37991
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.15%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 09:39
Updated-20 Sep, 2024 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Emoji One Plugin <= 0.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emoji One plugin <= 0.6.0 versions.

Action-Not Available
Vendor-monchitoMonchito.net
Product-wp_emoji_oneWP Emoji One
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49968
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.58%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-23 Jun, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress XML Travel Portal Widget plugin <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Oganro XML Travel Portal Widget allows Cross Site Request Forgery. This issue affects XML Travel Portal Widget: from n/a through 2.0.

Action-Not Available
Vendor-Oganro
Product-XML Travel Portal Widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49972
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.58%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-23 Jun, 2025 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TM Replace Howdy plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in David Wood TM Replace Howdy allows Cross Site Request Forgery. This issue affects TM Replace Howdy: from n/a through 1.4.2.

Action-Not Available
Vendor-David Wood
Product-TM Replace Howdy
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49286
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Table Builder <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP Table Builder WP Table Builder allows Cross Site Request Forgery. This issue affects WP Table Builder: from n/a through 2.0.6.

Action-Not Available
Vendor-WP Table Builder
Product-WP Table Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37990
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.16%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 10:19
Updated-20 Sep, 2024 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Perelink Pro Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro plugin <= 2.1.4 versions.

Action-Not Available
Vendor-perelink_pro_projectMike
Product-perelink_proPerelink Pro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37892
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 12:31
Updated-26 Sep, 2024 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Shortcode IMDB Plugin <= 6.0.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB plugin <= 6.0.8 versions.

Action-Not Available
Vendor-pluginpressKemal YAZICI - PluginPress
Product-shortcode_imdbShortcode IMDB
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37889
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 12:25
Updated-30 Sep, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPAdmin AWS CDN Plugin <= 2.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WPAdmin WPAdmin AWS CDN plugin <= 2.0.13 versions.

Action-Not Available
Vendor-wpadminWPAdmin
Product-aws_cdnWPAdmin AWS CDN
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49269
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Market Exporter <= 2.0.22 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Anton Vanyukov Market Exporter allows Cross Site Request Forgery. This issue affects Market Exporter: from n/a through 2.0.22.

Action-Not Available
Vendor-Anton Vanyukov
Product-Market Exporter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27359
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Media File Type Manager plugin <= 2.3.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager allows Cross Site Request Forgery. This issue affects WP Media File Type Manager: from n/a through 2.3.0.

Action-Not Available
Vendor-Seerox
Product-WP Media File Type Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-50179
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 5.13%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 15:48
Updated-21 Aug, 2025 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tuleap missing CSRF protection on tracker reports manipulation

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1 to trick victims into changing the canned responses. Tuleap Community Edition 16.8.99.1749830289 and Tuleap Enterprise Edition 16.9-1 contain a patch for the issue.

Action-Not Available
Vendor-Enalean SAS
Product-tuleaptuleap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-37891
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.15%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 09:34
Updated-20 Sep, 2024 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Exit Popups & Onsite Retargeting by OptiMonk Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <= 2.0.4 versions.

Action-Not Available
Vendor-optimonkOptiMonk
Product-optimonk\OptiMonk: Popups, Personalization & A/B Testing
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48363
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-29 Aug, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popup for CF7 with Sweet Alert plugin <= 1.6.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Metin Saraç Popup for CF7 with Sweet Alert allows Cross Site Request Forgery. This issue affects Popup for CF7 with Sweet Alert: from n/a through 1.6.5.

Action-Not Available
Vendor-Metin Saraç
Product-Popup for CF7 with Sweet Alert
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 31
  • 32
  • 33
  • ...
  • 42
  • 43
  • Next
Details not found