Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-12072

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-24 Oct, 2025 | 08:23
Updated At-24 Oct, 2025 | 16:45
Rejected At-
Credits

Disable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration Update

The Disable Content Editor For Specific Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing nonce validation on template configuration updates. This makes it possible for unauthenticated attackers to add or delete template configurations via a forged request granted they can trick an administrator into performing an action such as clicking on a link.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:24 Oct, 2025 | 08:23
Updated At:24 Oct, 2025 | 16:45
Rejected At:
▼CVE Numbering Authority (CNA)
Disable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration Update

The Disable Content Editor For Specific Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing nonce validation on template configuration updates. This makes it possible for unauthenticated attackers to add or delete template configurations via a forged request granted they can trick an administrator into performing an action such as clicking on a link.

Affected Products
Vendor
mynamevenu24
Product
Disable Content Editor For Specific Template
Default Status
unaffected
Versions
Affected
  • From * through 2.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Nabil Irawan
Timeline
EventDate
Disclosed2025-10-23 20:09:19
Event: Disclosed
Date: 2025-10-23 20:09:19
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/243200f4-5a5d-4275-bf2b-f4cb6099d145?source=cve
N/A
https://plugins.trac.wordpress.org/browser/disable-contect-editor-for-specific-template/tags/2.0/disable-editor-specific-template.php#L57
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/243200f4-5a5d-4275-bf2b-f4cb6099d145?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/disable-contect-editor-for-specific-template/tags/2.0/disable-editor-specific-template.php#L57
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:24 Oct, 2025 | 09:15
Updated At:27 Oct, 2025 | 13:20

The Disable Content Editor For Specific Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing nonce validation on template configuration updates. This makes it possible for unauthenticated attackers to add or delete template configurations via a forged request granted they can trick an administrator into performing an action such as clicking on a link.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Primarysecurity@wordfence.com
CWE ID: CWE-352
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/browser/disable-contect-editor-for-specific-template/tags/2.0/disable-editor-specific-template.php#L57security@wordfence.com
N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/243200f4-5a5d-4275-bf2b-f4cb6099d145?source=cvesecurity@wordfence.com
N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/disable-contect-editor-for-specific-template/tags/2.0/disable-editor-specific-template.php#L57
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/243200f4-5a5d-4275-bf2b-f4cb6099d145?source=cve
Source: security@wordfence.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2088Records found
CVE-2024-30546
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.13%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 10:26
Updated-08 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Login With Ajax plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Login With Ajax.This issue affects Login With Ajax: from n/a through 4.1.

Action-Not Available
Vendor-Pixelite
Product-Login With Ajax
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30456
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.39%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 13:07
Updated-02 Aug, 2024 | 01:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPCS – WordPress Currency Switcher Professional plugin <=1.2.0.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WPCS.This issue affects WPCS: from n/a through 1.2.0.1.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-WPCSwordpress_currency_switcher
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30455
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.13%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 16:36
Updated-31 Jan, 2025 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GamiPress plugin <= 6.8.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 6.8.5.

Action-Not Available
Vendor-gamipressGamiPress
Product-gamipressGamiPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58032
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:23
Updated-23 Sep, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Compiler Plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Bytes.co WP Compiler allows Cross Site Request Forgery. This issue affects WP Compiler: from n/a through 1.0.0.

Action-Not Available
Vendor-Bytes.co
Product-WP Compiler
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30526
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.30%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 18:33
Updated-09 Jun, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin <= 6.5.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Easy Social Feed.This issue affects Easy Social Feed: from n/a through 6.5.6.

Action-Not Available
Vendor-easysocialfeedEasy Social Feed
Product-easy_social_feedEasy Social Feed
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58800
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 13:45
Updated-08 Sep, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Email Template Plugin <= 2.8.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Steve Truman WP Email Template allows Cross Site Request Forgery. This issue affects WP Email Template: from n/a through 2.8.3.

Action-Not Available
Vendor-Steve Truman
Product-WP Email Template
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2959
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.60%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 16:52
Updated-20 Feb, 2025 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the savePricingTable() function. This makes it possible for unauthenticated attackers to create and edit pricing tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-svs-websoftsvs-websoftsvs-websoft
Product-svs_pricing_tablesSVS Pricing Tablessvs_pricing_tables
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-29093
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.51%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 16:40
Updated-02 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.3.

Action-Not Available
Vendor-Tobias Conrad
Product-Builder for WooCommerce reviews shortcodes – ReviewShort
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-5885
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.40%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 15:00
Updated-30 Jan, 2026 | 00:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Konica Minolta bizhub cross-site request forgery

A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-konicaminoltaKonica Minolta
Product-bizhubbizhub
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2024-2823
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.55%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 17:00
Updated-10 Apr, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS mda_main.php cross-site request forgery

A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/mda_main.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-4349
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 28.94%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 13:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CTF-hacker pwn delete.html cross-site request forgery

A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability.

Action-Not Available
Vendor-pwn_projectCTF-hacker
Product-pwnpwn
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2821
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 13.81%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 16:00
Updated-29 Sep, 2025 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS friendlink_edit.php cross-site request forgery

A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58611
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-03 Sep, 2025 | 14:36
Updated-04 Sep, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tickera Plugin <= 3.5.5.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tickera Tickera allows Cross Site Request Forgery. This issue affects Tickera: from n/a through 3.5.5.6.

Action-Not Available
Vendor-Tickera
Product-Tickera
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2820
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.76%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 16:00
Updated-15 Jan, 2025 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS baidunews.php cross-site request forgery

A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /src/dede/baidunews.php. The manipulation of the argument filename leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-43491
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 33.34%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 18:12
Updated-20 Feb, 2025 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import.

Action-Not Available
Vendor-AlgolPlus
Product-advanced_dynamic_pricing_for_woocommerceAdvanced Dynamic Pricing for WooCommerce (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-57960
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:24
Updated-24 Sep, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Travel Map Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in TravelMap Travel Map allows Cross Site Request Forgery. This issue affects Travel Map: from n/a through 1.0.3.

Action-Not Available
Vendor-TravelMap
Product-Travel Map
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58794
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 13:45
Updated-05 Sep, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Notification for Telegram Plugin <= 3.4.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in rainafarai Notification for Telegram allows Cross Site Request Forgery. This issue affects Notification for Telegram: from n/a through 3.4.6.

Action-Not Available
Vendor-rainafarai
Product-Notification for Telegram
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-28731
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.24% / 47.26%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 00:00
Updated-22 Nov, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwarding option.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dwr-2000m_firmwaredwr-2000mn/adwr-2000m_firmware
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-57927
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:25
Updated-24 Sep, 2025 | 13:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dashboard Notepad Plugin <= 1.42 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Dashboard Notepad allows Cross Site Request Forgery. This issue affects Dashboard Notepad: from n/a through 1.42.

Action-Not Available
Vendor-Stephanie Leary
Product-Dashboard Notepad
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-57914
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:25
Updated-23 Sep, 2025 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Deliver via Shipos for WooCommerce Plugin <= 3.0.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Matat Technologies Deliver via Shipos for WooCommerce allows Cross Site Request Forgery. This issue affects Deliver via Shipos for WooCommerce: from n/a through 3.0.2.

Action-Not Available
Vendor-Matat Technologies
Product-Deliver via Shipos for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58199
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:23
Updated-23 Sep, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fastly Plugin <= 1.2.28 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28.

Action-Not Available
Vendor-Fastly
Product-Fastly
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58804
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 13:45
Updated-08 Sep, 2025 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Single Page Checkout Plugin <= 1.2.7 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in brijrajs WooCommerce Single Page Checkout allows Cross Site Request Forgery. This issue affects WooCommerce Single Page Checkout: from n/a through 1.2.7.

Action-Not Available
Vendor-brijrajs
Product-WooCommerce Single Page Checkout
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2904
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.19%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 09:45
Updated-08 Jan, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Calliope theme <= 1.0.33 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calliope.This issue affects Calliope: from n/a through 1.0.33.

Action-Not Available
Vendor-extendthemesExtend Themes
Product-calliopeCalliope
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58219
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:23
Updated-23 Sep, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Show Pages List Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in LIJE Show Pages List allows Cross Site Request Forgery. This issue affects Show Pages List: from n/a through 1.2.0.

Action-Not Available
Vendor-LIJE
Product-Show Pages List
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-57885
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 11:59
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fluent Support Plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel Fluent Support allows Cross Site Request Forgery. This issue affects Fluent Support: from n/a through 1.9.1.

Action-Not Available
Vendor-Shahjahan Jewel
Product-Fluent Support
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2816
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.07%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 07:31
Updated-21 Aug, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC15 SysToolReboot fromSysToolReboot cross-site request forgery

A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac15_firmwareac15AC15ac15_firmware
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-57978
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:24
Updated-25 Sep, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Appointment Booking & Scheduling Plugin <= 1.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in themespride Advanced Appointment Booking &amp; Scheduling allows Cross Site Request Forgery. This issue affects Advanced Appointment Booking &amp; Scheduling: from n/a through 1.9.

Action-Not Available
Vendor-themespride
Product-Advanced Appointment Booking &amp; Scheduling
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2911
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.11% / 29.70%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 21:31
Updated-21 Aug, 2025 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tianjin PubliCMS cross-site request forgery

A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-publiccmsTianjintianjin
Product-publiccmsPubliCMSpublicms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58010
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:24
Updated-01 Oct, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SV Proven Expert Plugin <= 2.0.06 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in straightvisions GmbH SV Proven Expert allows Cross Site Request Forgery. This issue affects SV Proven Expert: from n/a through 2.0.06.

Action-Not Available
Vendor-straightvisions GmbH
Product-SV Proven Expert
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2817
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.07%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 08:00
Updated-10 Apr, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC15 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery

A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac15_firmwareac15AC15ac15
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58200
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:23
Updated-23 Sep, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Flexible FAQ Plugin <= 0.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Bage Flexible FAQ allows Cross Site Request Forgery. This issue affects Flexible FAQ: from n/a through 0.2.

Action-Not Available
Vendor-Bage
Product-Flexible FAQ
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-26216
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.05%
||
7 Day CHG~0.00%
Published-18 Mar, 2021 | 15:44
Updated-03 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.

Action-Not Available
Vendor-seeddmsn/a
Product-seeddmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58799
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 13:45
Updated-05 Sep, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom WooCommerce Checkout Fields Editor Plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in themelocation Custom WooCommerce Checkout Fields Editor allows Cross Site Request Forgery. This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.4.

Action-Not Available
Vendor-themelocation
Product-Custom WooCommerce Checkout Fields Editor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-57992
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:24
Updated-23 Sep, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mail Baby SMTP Plugin <= 2.8 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in InterServer Mail Baby SMTP allows Cross Site Request Forgery. This issue affects Mail Baby SMTP: from n/a through 2.8.

Action-Not Available
Vendor-InterServer
Product-Mail Baby SMTP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-57905
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:25
Updated-23 Sep, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AgreeMe Checkboxes For WooCommerce Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Amin Y AgreeMe Checkboxes For WooCommerce allows Cross Site Request Forgery. This issue affects AgreeMe Checkboxes For WooCommerce: from n/a through 1.1.3.

Action-Not Available
Vendor-Amin Y
Product-AgreeMe Checkboxes For WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58802
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 13:45
Updated-08 Sep, 2025 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TrustMate.io – WooCommerce integration Plugin <= 1.14.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in michalzagdan TrustMate.io – WooCommerce integration allows Cross Site Request Forgery. This issue affects TrustMate.io – WooCommerce integration: from n/a through 1.14.0.

Action-Not Available
Vendor-michalzagdan
Product-TrustMate.io – WooCommerce integration
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-57930
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:25
Updated-23 Sep, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Double the Donation Plugin <= 2.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in kanwei_doublethedonation Double the Donation allows Cross Site Request Forgery. This issue affects Double the Donation: from n/a through 2.0.0.

Action-Not Available
Vendor-kanwei_doublethedonation
Product-Double the Donation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-57924
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:25
Updated-24 Sep, 2025 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6.

Action-Not Available
Vendor-Automattic Inc.
Product-Developer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-57895
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 11:59
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JobWP Plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.4.3.

Action-Not Available
Vendor-Hossni Mubarak
Product-JobWP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58202
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 17:45
Updated-27 Aug, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Page Access Restriction Plugin <= 1.0.32 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Plugins and Snippets Simple Page Access Restriction allows Cross Site Request Forgery. This issue affects Simple Page Access Restriction: from n/a through 1.0.32.

Action-Not Available
Vendor-Plugins and Snippets
Product-Simple Page Access Restriction
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-43336
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.08%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 20:34
Updated-27 Aug, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager.This issue affects WP User Manager: from n/a through 2.9.10.

Action-Not Available
Vendor-wpusermanagerWP User Manager
Product-wp_user_managerWP User Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58236
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:23
Updated-23 Sep, 2025 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Force Update Translations Plugin <= 0.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Mayo Moriyama Force Update Translations allows Cross Site Request Forgery. This issue affects Force Update Translations: from n/a through 0.5.

Action-Not Available
Vendor-Mayo Moriyama
Product-Force Update Translations
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58865
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 13:45
Updated-05 Sep, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Compact Admin Plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in reimund Compact Admin allows Cross Site Request Forgery. This issue affects Compact Admin: from n/a through 1.3.0.

Action-Not Available
Vendor-reimund
Product-Compact Admin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-43287
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.52%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 20:46
Updated-12 Sep, 2024 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Brevo plugin <= 3.1.82 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.82.

Action-Not Available
Vendor-sendinblueBrevo
Product-newsletter\,_smtp\,_email_marketing_and_subscribeNewsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-1148
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 6.94%
||
7 Day CHG~0.00%
Published-19 Jan, 2026 | 09:32
Updated-23 Feb, 2026 | 08:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System cross-site request forgery

A vulnerability was determined in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This vulnerability affects unknown code. Executing a manipulation can lead to cross-site request forgery. It is possible to launch the attack remotely.

Action-Not Available
Vendor-pamzeyPatrick MvumaSourceCodester
Product-patients_waiting_area_queue_management_systemPatients Waiting Area Queue Management System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2025-57893
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 11:59
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Fast Total Search Plugin <= 1.79.270 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search allows Cross Site Request Forgery. This issue affects WP Fast Total Search: from n/a through 1.79.270.

Action-Not Available
Vendor-Epsiloncool
Product-WP Fast Total Search
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-27967
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 36.21%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 15:29
Updated-27 May, 2025 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DSGVO All in one for WP plugin <= 4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3.

Action-Not Available
Vendor-dsgvo-for-wpMichael Leithold
Product-dsgvo_all_in_one_for_wpDSGVO All in one for WP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-57915
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:25
Updated-23 Sep, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TOCHAT.BE Plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in César Martín TOCHAT.BE allows Cross Site Request Forgery. This issue affects TOCHAT.BE: from n/a through 1.3.4.

Action-Not Available
Vendor-César Martín
Product-TOCHAT.BE
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-57970
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:24
Updated-04 Oct, 2025 | 04:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SALESmanago Plugin <= 3.8.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SALESmanago SALESmanago & Leadoo allows Cross Site Request Forgery.This issue affects SALESmanago & Leadoo: from n/a through 3.8.1.

Action-Not Available
Vendor-SALESmanago
Product-SALESmanago & Leadoo
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58014
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.77%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:24
Updated-12 Dec, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quiz Maker Plugin <= 6.7.0.61 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker allows Cross Site Request Forgery. This issue affects Quiz Maker: from n/a through 6.7.0.61.

Action-Not Available
Vendor-AYS Pro Extensions
Product-quiz_makerQuiz Maker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 12
  • 13
  • 14
  • ...
  • 41
  • 42
  • Next
Details not found