Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-22301

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-07 Jan, 2025 | 10:49
Updated At-28 Apr, 2026 | 16:10
Rejected At-
Credits

WordPress MyBookTable Bookstore by Stormhill Media plugin <= 3.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in zookatron MyBookTable Bookstore mybooktable allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore: from n/a through <= 3.5.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:07 Jan, 2025 | 10:49
Updated At:28 Apr, 2026 | 16:10
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress MyBookTable Bookstore by Stormhill Media plugin <= 3.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in zookatron MyBookTable Bookstore mybooktable allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore: from n/a through <= 3.5.3.

Affected Products
Vendor
zookatron
Product
MyBookTable Bookstore
Collection URL
https://wordpress.org/plugins
Package Name
mybooktable
Default Status
unaffected
Versions
Affected
  • From 0 through 3.5.3 (custom)
    • -> unaffectedfrom3.5.4
Problem Types
TypeCWE IDDescription
CWECWE-352Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: Cross Site Request Forgery
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Dhabaleshwar Das | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/mybooktable/vulnerability/wordpress-mybooktable-bookstore-by-stormhill-media-plugin-3-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/mybooktable/vulnerability/wordpress-mybooktable-bookstore-by-stormhill-media-plugin-3-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:07 Jan, 2025 | 11:15
Updated At:23 Apr, 2026 | 15:22

Cross-Site Request Forgery (CSRF) vulnerability in zookatron MyBookTable Bookstore mybooktable allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore: from n/a through <= 3.5.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-352Secondaryaudit@patchstack.com
CWE ID: CWE-352
Type: Secondary
Source: audit@patchstack.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/mybooktable/vulnerability/wordpress-mybooktable-bookstore-by-stormhill-media-plugin-3-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/mybooktable/vulnerability/wordpress-mybooktable-bookstore-by-stormhill-media-plugin-3-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

588Records found

CVE-2024-43255
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.15% / 4.82%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 20:25
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MyBookTable Bookstore by Stormhill Media plugin <= 3.3.9 - CSRF to XSS vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable.This issue affects MyBookTable Bookstore: from n/a through <= 3.3.9.

Action-Not Available
Vendor-stormhillmediazookatron
Product-mybook_table_bookstoreMyBookTable Bookstore
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-68601
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 0.93%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 13:10
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Five Star Restaurant Reservations plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Cross Site Request Forgery.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.8.

Action-Not Available
Vendor-Rustaurius
Product-Five Star Restaurant Reservations
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24716
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 9.92%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Herd Effects Plugin <= 6.2.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Herd Effects mwp-herd-effect allows Cross Site Request Forgery.This issue affects Herd Effects: from n/a through <= 6.2.1.

Action-Not Available
Vendor-Wow-Company
Product-Herd Effects
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24717
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 11.78%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Modal Window Plugin <= 6.1.4 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window modal-window allows Cross Site Request Forgery.This issue affects Modal Window: from n/a through <= 6.1.4.

Action-Not Available
Vendor-wow-companyWow-Company
Product-modal_windowModal Window
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24538
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 4.66%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 14:22
Updated-11 May, 2026 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from n/a through <= 3.6.10.

Action-Not Available
Vendor-Slava Abakumov
Product-BuddyPress Groups Extras
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24712
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 9.92%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Radius Blocks – WordPress Gutenberg Blocks Plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Radius Blocks radius-blocks allows Cross Site Request Forgery.This issue affects Radius Blocks: from n/a through <= 2.1.2.

Action-Not Available
Vendor-RadiusTheme
Product-Radius Blocks
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24711
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 9.92%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popup Box Plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Popup Box popup-box allows Cross Site Request Forgery.This issue affects Popup Box: from n/a through <= 3.2.4.

Action-Not Available
Vendor-Wow-Company
Product-Popup Box
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24724
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 7.99%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Side Menu Lite Plugin <= 5.3.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite side-menu-lite allows Cross Site Request Forgery.This issue affects Side Menu Lite: from n/a through <= 5.3.1.

Action-Not Available
Vendor-Wow-Company
Product-Side Menu Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24546
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 10.20%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-11 May, 2026 | 23:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance ultimate-coming-soon allows Cross Site Request Forgery.This issue affects Ultimate Coming Soon & Maintenance: from n/a through <= 1.0.9.

Action-Not Available
Vendor-rsthemeRSTheme
Product-ultimate_coming_soon_\&_maintenanceUltimate Coming Soon & Maintenance
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25111
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 5.72%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Spell Check plugin <= 9.21 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP Spell Check wp-spell-check allows Cross Site Request Forgery.This issue affects WP Spell Check: from n/a through <= 9.21.

Action-Not Available
Vendor-WP Spell Check
Product-WP Spell Check
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24647
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 8.58%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Cloak Affiliate Links plugin <= 1.0.35 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in datafeedr WooCommerce Cloak Affiliate Links woocommerce-cloak-affiliate-links allows Cross Site Request Forgery.This issue affects WooCommerce Cloak Affiliate Links: from n/a through <= 1.0.35.

Action-Not Available
Vendor-datafeedr
Product-WooCommerce Cloak Affiliate Links
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24715
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 10.20%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-11 May, 2026 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Counter Box Plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Counter Box counter-box allows Cross Site Request Forgery.This issue affects Counter Box: from n/a through <= 2.0.5.

Action-Not Available
Vendor-wow-companyWow-Company
Product-counter_boxCounter Box
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24713
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 9.92%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-12 May, 2026 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Button Generator – easily Button Builder Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder button-generation allows Cross Site Request Forgery.This issue affects Button Generator – easily Button Builder: from n/a through <= 3.1.1.

Action-Not Available
Vendor-Wow-Company
Product-Button Generator – easily Button Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24720
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 7.99%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sticky Buttons Plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons sticky-buttons allows Cross Site Request Forgery.This issue affects Sticky Buttons: from n/a through <= 4.1.1.

Action-Not Available
Vendor-Wow-Company
Product-Sticky Buttons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24537
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 4.66%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 14:22
Updated-11 May, 2026 | 23:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Events Calendar plugin <= 6.7.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in StellarWP The Events Calendar the-events-calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through <= 6.7.0.

Action-Not Available
Vendor-The Events Calendar (StellarWP)
Product-The Events Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24533
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 3.55%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 13:59
Updated-11 May, 2026 | 23:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MetaSlider plugin <= 3.92.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider Responsive Slider by MetaSlider ml-slider allows Cross Site Request Forgery.This issue affects Responsive Slider by MetaSlider: from n/a through <= 3.92.0.

Action-Not Available
Vendor-MetaSlider LLC
Product-Responsive Slider by MetaSlider
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25145
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 4.11%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Infusionsoft Analytics Plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics infusionsoft-web-tracker allows Cross Site Request Forgery.This issue affects Infusionsoft Analytics: from n/a through <= 2.0.

Action-Not Available
Vendor-jordan.hatch
Product-Infusionsoft Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24714
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 9.92%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bubble Menu Plugin <= 4.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu bubble-menu allows Cross Site Request Forgery.This issue affects Bubble Menu – circle floating menu: from n/a through <= 4.0.2.

Action-Not Available
Vendor-Wow-Company
Product-Bubble Menu – circle floating menu
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24772
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 3.39%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pay with Contact Form 7 plugin <= 1.0.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in cmsMinds Pay with Contact Form 7 pay-with-contact-form-7 allows Cross Site Request Forgery.This issue affects Pay with Contact Form 7: from n/a through <= 1.0.4.

Action-Not Available
Vendor-cmsMinds
Product-Pay with Contact Form 7
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24622
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 8.58%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-12 May, 2026 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Job Board Manager plugin <= 2.1.59 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Job Board Manager job-board-manager allows Cross Site Request Forgery.This issue affects Job Board Manager: from n/a through <= 2.1.59.

Action-Not Available
Vendor-PickPlugins
Product-Job Board Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23985
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 3.55%
||
7 Day CHG+0.01%
Published-31 Jan, 2025 | 08:23
Updated-11 May, 2026 | 23:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dynamic URL SEO plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in brainvireinfo Dynamic URL SEO dynamic-url-seo allows Cross Site Request Forgery.This issue affects Dynamic URL SEO: from n/a through <= 1.0.

Action-Not Available
Vendor-brainvireinfo
Product-Dynamic URL SEO
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-43481
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 17.10%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 18:14
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal.

Action-Not Available
Vendor-rymeraRymera Web Co
Product-advanced_couponsAdvanced Coupons (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-43491
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 19.46%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 18:12
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import.

Action-Not Available
Vendor-AlgolPlus
Product-advanced_dynamic_pricing_for_woocommerceAdvanced Dynamic Pricing for WooCommerce (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-68083
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 0.93%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 08:13
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Meks Quick Plugin Disabler plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Meks Meks Quick Plugin Disabler meks-quick-plugin-disabler allows Cross Site Request Forgery.This issue affects Meks Quick Plugin Disabler: from n/a through <= 1.0.

Action-Not Available
Vendor-Meks
Product-Meks Quick Plugin Disabler
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-41620
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 17.75%
||
7 Day CHG~0.00%
Published-08 Feb, 2023 | 13:09
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SeoSamba for WordPress Webmasters Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPress Webmasters plugin <= 1.0.5 versions.

Action-Not Available
Vendor-seosambaSeoSamba
Product-seosambaSeoSamba for WordPress Webmasters
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-41633
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 16.04%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 11:12
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Community by PeepSo Plugin <= 6.0.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.2.0 versions.

Action-Not Available
Vendor-peepsoPeepSo
Product-peepsoCommunity by PeepSo – Social Network, Membership, Registration, User Profiles
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-41805
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 13.91%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 18:44
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Booster for WooCommerce plugin <= 5.6.6 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress.

Action-Not Available
Vendor-boosterPluggabl LLC
Product-booster_for_woocommerceBooster for WooCommerce (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-41634
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 19.36%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 22:27
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Media Library Folders plugin <= 7.1.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress.

Action-Not Available
Vendor-maxfoundryMax Foundry
Product-media_library_foldersMedia Library Folders (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-4219
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.40% / 31.67%
||
7 Day CHG~0.00%
Published-02 Dec, 2022 | 20:10
Updated-08 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Submitted Response Deletion

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-kibokolabsprasunsen
Product-chained_quizChained Quiz
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-4218
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.42% / 34.02%
||
7 Day CHG~0.00%
Published-02 Dec, 2022 | 20:10
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Arbitrary Quiz Deletion and Copying

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-kibokolabsprasunsen
Product-chained_quizChained Quiz
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-40695
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 19.36%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 22:16
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SEO Redirection Plugin plugin <= 8.9 - Multiple Cross-Site Scripting (CSRF) vulnerabilities

Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress.

Action-Not Available
Vendor-clogicaWP-buy
Product-seo_redirectionSEO Redirection Plugin – 301 Redirect Manager (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-35689
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 10.23%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:39
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Analytify plugin <= 5.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.2.3.

Action-Not Available
Vendor-Analytify
Product-Analytify
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-14734
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 1.11%
||
7 Day CHG~0.00%
Published-20 Dec, 2025 | 03:20
Updated-08 Apr, 2026 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Amazon affiliate lite Plugin <= 1.0.0 - Cross-Site Request Forgery to Plugin Settings Update

The Amazon affiliate lite Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'ADAL_settings_page' function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-nestornoe
Product-Amazon affiliate lite Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-14976
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 2.42%
||
7 Day CHG~0.00%
Published-10 Jan, 2026 | 08:22
Updated-08 Apr, 2026 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce validation on the 'process_row_actions' function with the 'delete' action. This makes it possible for unauthenticated attackers to delete arbitrary post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-wpeverest
Product-User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-40692
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 17.75%
||
7 Day CHG~0.00%
Published-02 Feb, 2023 | 15:58
Updated-28 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sunshine Photo Cart Plugin <= 2.9.13 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions.

Action-Not Available
Vendor-sunshinephotocartWP Sunshine
Product-sunshine_photo_cartSunshine Photo Cart
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-41134
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 19.79%
||
7 Day CHG~0.00%
Published-13 Feb, 2023 | 16:52
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Optinly Plugin <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) in OptinlyHQ Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms plugin <= 1.0.15 versions.

Action-Not Available
Vendor-optinlyOptinlyHQ
Product-optinlyOptinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-40686
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 17.75%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 18:38
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.

Action-Not Available
Vendor-constantcontactConstant Contact
Product-creative_mailCreative Mail (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-12413
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 1.99%
||
7 Day CHG+0.01%
Published-04 Nov, 2025 | 04:27
Updated-08 Apr, 2026 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Social Media WPCF7 Stop Words <= 1.1.3 - Cross-Site Request Forgery to Settings Update

The Social Media WPCF7 Stop Words plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.3. This is due to missing or incorrect nonce validation on the smWpCfSwOptions() function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-socialmedialtd
Product-WPCF7 Stop words
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-40132
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 21.86%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:34
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Seriously Simple Podcasting plugin <= 2.16.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change.

Action-Not Available
Vendor-castosCastos
Product-seriously_simple_podcastingSeriously Simple Podcasting (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-43490
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 17.75%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 10:17
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stream Plugin <= 3.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin <= 3.9.2 versions.

Action-Not Available
Vendor-xwpXWP
Product-streamStream
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38454
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.29% / 20.28%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:36
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kraken.io Image Optimizer plugin <= 2.6.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress.

Action-Not Available
Vendor-krakenKarim Salman
Product-kraken.io_image_optimizerKraken.io Image Optimizer (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-25024
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 0.84%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 14:08
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ThirstyAffiliates plugin <= 3.11.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Cross Site Request Forgery.This issue affects ThirstyAffiliates: from n/a through <= 3.11.9.

Action-Not Available
Vendor-Blair Williams
Product-ThirstyAffiliates
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38704
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 16.33%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:32
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SEO Redirection plugin <= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.

Action-Not Available
Vendor-clogicaWP-buy
Product-seo_redirectionSEO Redirection Plugin – 301 Redirect Manager (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-11166
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 7.89%
||
7 Day CHG~0.00%
Published-09 Oct, 2025 | 01:48
Updated-08 Apr, 2026 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Go Maps (formerly WP Google Maps) <= 9.0.46 - Cross-Site Request Forgery to Plugin Settings Update

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to, and including, 9.0.46. This is due to the plugin exposing state-changing REST actions through an AJAX bridge without proper CSRF token validation, and having destructive logic reachable via GET requests with no permission_callback. This makes it possible for unauthenticated attackers to force logged-in administrators to create, update, or delete markers and geometry features via CSRF attacks, and allows anonymous users to trigger mass deletion of markers via unsafe GET requests.

Action-Not Available
Vendor-wpgmaps
Product-WP Go Maps (formerly WP Google Maps)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38063
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 16.87%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 08:39
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Login WP Plugin <= 5.0.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plugin <= 5.0.0.0 versions.

Action-Not Available
Vendor-social_login_wp_projectSocial Login WP
Product-social_login_wpSocial Login WP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-29414
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.37% / 29.17%
||
7 Day CHG~0.00%
Published-29 Apr, 2022 | 16:41
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Subscribe To Comments Reloaded plugin <= 211130 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription.

Action-Not Available
Vendor-wpkubeWPKube
Product-subscribe_to_comments_reloadedSubscribe To Comments Reloaded (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38139
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 18.73%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 13:59
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RD Station plugin <= 5.2.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.2.0 at WordPress.

Action-Not Available
Vendor-rdstationRD Station
Product-rd_stationRD Station (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-37411
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.29% / 21.03%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:39
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Captcha Code plugin <= 2.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Captcha Code plugin <= 2.7 at WordPress.

Action-Not Available
Vendor-captcha_code_projectVinoj Cardoza
Product-captcha_codeCaptcha Code (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-10498
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 4.65%
||
7 Day CHG~0.00%
Published-27 Sep, 2025 | 02:25
Updated-08 Apr, 2026 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Limited File Deletion

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated attackers to delete those files granted they can trick an administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-Saturday Drive, INC
Product-ninja_formsNinja Forms – The Contact Form Builder That Grows With You
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38716
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 16.03%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 10:28
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.4 versions.

Action-Not Available
Vendor-stylemixthemesStylemixThemes
Product-motors_-_car_dealer\,_classifieds_\&_listingMotors – Car Dealer, Classifieds & Listing
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 11
  • 12
  • Next
Details not found