Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-14167

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-19 Feb, 2026 | 04:36
Updated At-19 Feb, 2026 | 04:36
Rejected At-
Credits

Remove Post Type Slug <= 1.0.2 - Cross-Site Request Forgery to Settings Update

The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to incorrect nonce validation logic that uses OR (||) instead of AND (&&), causing the validation to fail when the nonce field is not empty OR when verification fails, rather than when it's empty AND verification fails. This makes it possible for unauthenticated attackers to modify the plugin's post type slug removal settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:19 Feb, 2026 | 04:36
Updated At:19 Feb, 2026 | 04:36
Rejected At:
▼CVE Numbering Authority (CNA)
Remove Post Type Slug <= 1.0.2 - Cross-Site Request Forgery to Settings Update

The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to incorrect nonce validation logic that uses OR (||) instead of AND (&&), causing the validation to fail when the nonce field is not empty OR when verification fails, rather than when it's empty AND verification fails. This makes it possible for unauthenticated attackers to modify the plugin's post type slug removal settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affected Products
Vendor
akshayshah5189
Product
Remove Post Type Slug
Default Status
unaffected
Versions
Affected
  • From * through 1.0.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Muhammad Nur Ibnu Hubab
Timeline
EventDate
Disclosed2026-02-18 15:59:41
Event: Disclosed
Date: 2026-02-18 15:59:41
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/c463a1d4-14c8-460a-ad83-6f3b38f1e4e8?source=cve
N/A
https://plugins.trac.wordpress.org/browser/remove-post-type-slug/trunk/admin/class-remove-post-type-slug-admin.php#L127
N/A
https://plugins.trac.wordpress.org/browser/remove-post-type-slug/tags/1.0.2/admin/class-remove-post-type-slug-admin.php#L127
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/c463a1d4-14c8-460a-ad83-6f3b38f1e4e8?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/remove-post-type-slug/trunk/admin/class-remove-post-type-slug-admin.php#L127
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/remove-post-type-slug/tags/1.0.2/admin/class-remove-post-type-slug-admin.php#L127
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:19 Feb, 2026 | 07:17
Updated At:19 Feb, 2026 | 15:53

The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to incorrect nonce validation logic that uses OR (||) instead of AND (&&), causing the validation to fail when the nonce field is not empty OR when verification fails, rather than when it's empty AND verification fails. This makes it possible for unauthenticated attackers to modify the plugin's post type slug removal settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Primarysecurity@wordfence.com
CWE ID: CWE-352
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/browser/remove-post-type-slug/tags/1.0.2/admin/class-remove-post-type-slug-admin.php#L127security@wordfence.com
N/A
https://plugins.trac.wordpress.org/browser/remove-post-type-slug/trunk/admin/class-remove-post-type-slug-admin.php#L127security@wordfence.com
N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/c463a1d4-14c8-460a-ad83-6f3b38f1e4e8?source=cvesecurity@wordfence.com
N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/remove-post-type-slug/tags/1.0.2/admin/class-remove-post-type-slug-admin.php#L127
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/remove-post-type-slug/trunk/admin/class-remove-post-type-slug-admin.php#L127
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/c463a1d4-14c8-460a-ad83-6f3b38f1e4e8?source=cve
Source: security@wordfence.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2075Records found
CVE-2024-4588
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.43%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 13:00
Updated-15 Jan, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS mytag_add.php cross-site request forgery

A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/mytag_add.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263310 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-29093
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.59%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 16:40
Updated-02 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.3.

Action-Not Available
Vendor-Tobias Conrad
Product-Builder for WooCommerce reviews shortcodes – ReviewShort
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-4594
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 26.87%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 14:31
Updated-15 Jan, 2025 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS sys_safe.php cross-site request forgery

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Affected is an unknown function of the file /src/dede/sys_safe.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49968
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.89%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-23 Jun, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress XML Travel Portal Widget plugin <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Oganro XML Travel Portal Widget allows Cross Site Request Forgery. This issue affects XML Travel Portal Widget: from n/a through 2.0.

Action-Not Available
Vendor-Oganro
Product-XML Travel Portal Widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-7051
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.10%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 22:00
Updated-02 Aug, 2024 | 08:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Notes Sharing System manage-notes.php cross-site request forgery

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/manage-notes.php of the component Notes Handler. The manipulation of the argument delid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248738 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_notes_sharing_systemOnline Notes Sharing System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48285
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.04%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:45
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Falang multilanguage <= 1.3.61 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in sbouey Falang multilanguage allows Cross Site Request Forgery. This issue affects Falang multilanguage: from n/a through 1.3.61.

Action-Not Available
Vendor-sbouey
Product-Falang multilanguage
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49269
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Market Exporter <= 2.0.22 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Anton Vanyukov Market Exporter allows Cross Site Request Forgery. This issue affects Market Exporter: from n/a through 2.0.22.

Action-Not Available
Vendor-Anton Vanyukov
Product-Market Exporter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48991
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 4.53%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 14:07
Updated-21 Aug, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tuleap missing CSRF protection on tracker canned responses administration

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into changing the canned responses. Tuleap Community Edition 16.8.99.1748845907, Tuleap Enterprise Edition 16.8-3, and Tuleap Enterprise Edition 16.7-5 contain a fix for the vulnerability.

Action-Not Available
Vendor-Enalean SAS
Product-tuleaptuleap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49510
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 12:36
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager for WooCommerce: from n/a through 5.1.0.

Action-Not Available
Vendor-WPFactory
Product-Min Max Step Quantity Limits Manager for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49449
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Interactive Regional Map of Africa <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive Regional Map of Africa allows Cross Site Request Forgery. This issue affects Interactive Regional Map of Africa: from n/a through 1.0.

Action-Not Available
Vendor-WP Map Plugins
Product-Interactive Regional Map of Africa
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49273
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Tools <= 5.24 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi WP Tools allows Cross Site Request Forgery. This issue affects WP Tools: from n/a through 5.24.

Action-Not Available
Vendor-Bill Minozzi
Product-WP Tools
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49283
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Matthias Nordwig Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant allows Cross Site Request Forgery. This issue affects Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant: from n/a through 4.1.1.

Action-Not Available
Vendor-Matthias Nordwig
Product-Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49077
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 11:18
Updated-06 Jun, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dynamic Pricing and Discount Rules plugin <= 2.2.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ThemeHigh Dynamic Pricing and Discount Rules allows Cross Site Request Forgery.This issue affects Dynamic Pricing and Discount Rules: from n/a through 2.2.9.

Action-Not Available
Vendor-ThemeHigh
Product-Dynamic Pricing and Discount Rules
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49286
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Table Builder <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP Table Builder WP Table Builder allows Cross Site Request Forgery. This issue affects WP Table Builder: from n/a through 2.0.6.

Action-Not Available
Vendor-WP Table Builder
Product-WP Table Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49317
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Page Loading <= 1.0.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in NTC WP Page Loading allows Cross Site Request Forgery. This issue affects WP Page Loading: from n/a through 1.0.6.

Action-Not Available
Vendor-NTC
Product-WP Page Loading
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-43947
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.52%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 18:15
Updated-16 Jan, 2026 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Armour Extended plugin <= 1.26 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.

Action-Not Available
Vendor-dineshkarkiDinesh Karki
Product-wp_armourWP Armour Extended
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-4426
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.37%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 08:30
Updated-12 Feb, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Comparison Slider <= 1.0.5 - Cross-Site Request Forgery

The Comparison Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on several functions hooked to AJAX actions. This makes it possible for unauthenticated attackers to change slider titles, delete sliders and modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-comparisonslidercomparisonslider
Product-comparison_sliderComparison Slider
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49069
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 6.05%
||
7 Day CHG+0.01%
Published-02 Jun, 2025 | 18:49
Updated-04 Jun, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Forms by Cimatti plugin <= 1.9.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Cross Site Request Forgery.This issue affects Contact Forms by Cimatti: from n/a through 1.9.8.

Action-Not Available
Vendor-Cimatti Consulting
Product-Contact Forms by Cimatti
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49285
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 3.8.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent allows Cross Site Request Forgery. This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through 3.8.0.

Action-Not Available
Vendor-WP Legal Pages
Product-WP Cookie Notice for GDPR, CCPA & ePrivacy Consent
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48303
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.75%
||
7 Day CHG~0.00%
Published-25 Aug, 2025 | 10:10
Updated-25 Aug, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Type Converter plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Kevin Langley Jr. Post Type Converter allows Cross-Site Request Forgery.This issue affects Post Type Converter: from n/a through 0.6.

Action-Not Available
Vendor-Kevin Langley Jr.
Product-Post Type Converter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49238
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Everest Backup <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup allows Cross Site Request Forgery. This issue affects Everest Backup: from n/a through 2.3.3.

Action-Not Available
Vendor-everestthemes
Product-Everest Backup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49435
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wp Easy Allopass <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Hasina77 Wp Easy Allopass allows Cross Site Request Forgery. This issue affects Wp Easy Allopass: from n/a through 4.1.1.

Action-Not Available
Vendor-Hasina77
Product-Wp Easy Allopass
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-4475
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.24%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 06:00
Updated-01 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Logs Book <= 1.0.1 - Log Clearing via CSRF

The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack

Action-Not Available
Vendor-onetarekUnknownonetarek
Product-wp_logs_bookWP Logs Bookwp-logs-book
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49291
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.76%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-02 Jul, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Calculated Fields Form <= 5.3.58 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form allows Cross Site Request Forgery. This issue affects Calculated Fields Form: from n/a through 5.3.58.

Action-Not Available
Vendor-CodePeople
Product-calculated_fields_formCalculated Fields Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48363
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.75%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-29 Aug, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popup for CF7 with Sweet Alert plugin <= 1.6.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Metin Saraç Popup for CF7 with Sweet Alert allows Cross Site Request Forgery. This issue affects Popup for CF7 with Sweet Alert: from n/a through 1.6.5.

Action-Not Available
Vendor-Metin Saraç
Product-Popup for CF7 with Sweet Alert
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49446
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Admin Notes <=1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in minhlaobao Admin Notes allows Cross Site Request Forgery. This issue affects Admin Notes: from n/a through 1.1.

Action-Not Available
Vendor-minhlaobao
Product-Admin Notes
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49445
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Interactive UK Regional Map plugin <= 2.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive UK Regional Map allows Cross Site Request Forgery. This issue affects Interactive UK Regional Map: from n/a through 2.0.

Action-Not Available
Vendor-WP Map Plugins
Product-Interactive UK Regional Map
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48310
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.75%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:36
Updated-28 Aug, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Table Editor plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in wptableeditor Table Editor allows Cross Site Request Forgery. This issue affects Table Editor: from n/a through 1.6.4.

Action-Not Available
Vendor-wptableeditor
Product-Table Editor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49440
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Security Master <= 1.0.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Vuong Nguyen WP Security Master allows Cross Site Request Forgery. This issue affects WP Security Master: from n/a through 1.0.2.

Action-Not Available
Vendor-Vuong Nguyen
Product-WP Security Master
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49439
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Atelier Create CV plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in mariusz88atelierweb Atelier Create CV allows Cross Site Request Forgery. This issue affects Atelier Create CV: from n/a through 1.1.2.

Action-Not Available
Vendor-mariusz88atelierweb
Product-Atelier Create CV
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-4887
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.92%
||
7 Day CHG~0.00%
Published-18 May, 2025 | 16:31
Updated-04 Jun, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Student Clearance System cross-site request forgery

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Student Clearance System 1.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesterSenior Walter
Product-online_student_clearance_systemOnline Student Clearance System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2024-4474
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-2.77% / 85.73%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 06:00
Updated-01 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Logs Book <= 1.0.1 - Disable Logging via CSRF

The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-onetarekUnknownonetarek
Product-wp_logs_bookWP Logs Bookwp-logs-book
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49040
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.75%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 03:24
Updated-27 Aug, 2025 | 13:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Backup Bolt plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through 1.4.1.

Action-Not Available
Vendor-Backup Bolt
Product-Backup Bolt
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49332
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Time Slots Booking Form <= 1.2.30 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in codepeople WP Time Slots Booking Form allows Cross Site Request Forgery. This issue affects WP Time Slots Booking Form: from n/a through 1.2.30.

Action-Not Available
Vendor-CodePeople
Product-WP Time Slots Booking Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49391
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.75%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:03
Updated-20 Aug, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sign-up Sheets Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets allows Cross Site Request Forgery. This issue affects Sign-up Sheets: from n/a through 2.3.3.

Action-Not Available
Vendor-Fetch Designs
Product-Sign-up Sheets
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49426
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.75%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:03
Updated-20 Aug, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cookie Warning plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Dourou Cookie Warning allows Cross Site Request Forgery. This issue affects Cookie Warning: from n/a through 1.3.

Action-Not Available
Vendor-Dourou
Product-Cookie Warning
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48328
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 11:37
Updated-06 Jun, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Daman Jeet Real Time Validation for Gravity Forms allows Cross Site Request Forgery.This issue affects Real Time Validation for Gravity Forms: from n/a through 1.7.0.

Action-Not Available
Vendor-Daman Jeet
Product-Real Time Validation for Gravity Forms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47647
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.04%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sidebar Manager Light <= 1.18 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light allows Cross Site Request Forgery. This issue affects Sidebar Manager Light: from n/a through 1.18.

Action-Not Available
Vendor-OTWthemes
Product-Sidebar Manager Light
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47542
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.04%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-09 Jun, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple calendar for Elementor <= 1.6.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.5.

Action-Not Available
Vendor-migawebMichael
Product-simple_calendar_for_elementorSimple calendar for Elementor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47674
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.04%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Credova_Financial <= 2.5.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Credova Financial Credova_Financial allows Cross Site Request Forgery. This issue affects Credova_Financial: from n/a through 2.5.0.

Action-Not Available
Vendor-Credova Financial
Product-Credova_Financial
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47459
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.04%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Fundraising Donation and Crowdfunding Platform <= 1.7.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in XpeedStudio WP Fundraising Donation and Crowdfunding Platform allows Cross Site Request Forgery. This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through 1.7.3.

Action-Not Available
Vendor-XpeedStudio
Product-WP Fundraising Donation and Crowdfunding Platform
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47448
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.04%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Hotel Booking <= 2.1.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking allows Cross Site Request Forgery. This issue affects WP Hotel Booking: from n/a through 2.1.9.

Action-Not Available
Vendor-ThimPress (PhysCode)
Product-WP Hotel Booking
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48115
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.04%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ValidateCertify <= 1.6.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify allows Cross Site Request Forgery. This issue affects ValidateCertify: from n/a through 1.6.2.

Action-Not Available
Vendor-Javier Revilla
Product-ValidateCertify
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-43336
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.14%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 20:34
Updated-27 Aug, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager.This issue affects WP User Manager: from n/a through 2.9.10.

Action-Not Available
Vendor-wpusermanagerWP User Manager
Product-wp_user_managerWP User Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47590
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.04%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPSpeed <= 2.6.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in John Dagelmore WPSpeed allows Cross Site Request Forgery. This issue affects WPSpeed: from n/a through 2.6.5.

Action-Not Available
Vendor-John Dagelmore
Product-WPSpeed
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47446
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.04%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Listamester <= 2.3.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in listamester Listamester allows Cross Site Request Forgery. This issue affects Listamester: from n/a through 2.3.6.

Action-Not Available
Vendor-listamester
Product-Listamester
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47451
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.04%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Quantity Dropdown For Woocommerce plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Product Quantity Dropdown For Woocommerce allows Cross Site Request Forgery. This issue affects Product Quantity Dropdown For Woocommerce: from n/a through 1.2.

Action-Not Available
Vendor-silverplugins217
Product-Product Quantity Dropdown For Woocommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48259
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.04%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:45
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Mapa Politico España plugin <= 3.8.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Juan Carlos WP Mapa Politico España allows Cross Site Request Forgery. This issue affects WP Mapa Politico España: from n/a through 3.8.0.

Action-Not Available
Vendor-Juan Carlos
Product-WP Mapa Politico España
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47609
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.04%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EasyMe Connect <= 3.0.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in easymebiz EasyMe Connect allows Cross Site Request Forgery. This issue affects EasyMe Connect: from n/a through 3.0.3.

Action-Not Available
Vendor-easymebiz
Product-EasyMe Connect
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47606
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.04%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Giveaways <= 2.48.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways allows Cross Site Request Forgery. This issue affects Simple Giveaways: from n/a through 2.48.2.

Action-Not Available
Vendor-Igor Benic
Product-Simple Giveaways
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 13
  • 14
  • 15
  • ...
  • 41
  • 42
  • Next
Details not found