Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-23693

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-16 Jan, 2025 | 20:06
Updated At-17 Jan, 2025 | 19:15
Rejected At-
Credits

WordPress Secure CAPTCHA plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Stanisław Skonieczny Secure CAPTCHA allows Stored XSS.This issue affects Secure CAPTCHA: from n/a through 1.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:16 Jan, 2025 | 20:06
Updated At:17 Jan, 2025 | 19:15
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Secure CAPTCHA plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Stanisław Skonieczny Secure CAPTCHA allows Stored XSS.This issue affects Secure CAPTCHA: from n/a through 1.2.

Affected Products
Vendor
Stanisław Skonieczny
Product
Secure CAPTCHA
Collection URL
https://wordpress.org/plugins
Package Name
secure-captcha
Default Status
unaffected
Versions
Affected
  • From n/a through 1.2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-592CAPEC-592 Stored XSS
CAPEC ID: CAPEC-592
Description: CAPEC-592 Stored XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
SOPROBRO (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/secure-captcha/vulnerability/wordpress-secure-captcha-plugin-1-2-csrf-to-stored-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/secure-captcha/vulnerability/wordpress-secure-captcha-plugin-1-2-csrf-to-stored-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:16 Jan, 2025 | 20:15
Updated At:16 Jan, 2025 | 20:15

Cross-Site Request Forgery (CSRF) vulnerability in Stanisław Skonieczny Secure CAPTCHA allows Stored XSS.This issue affects Secure CAPTCHA: from n/a through 1.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Primaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/secure-captcha/vulnerability/wordpress-secure-captcha-plugin-1-2-csrf-to-stored-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/secure-captcha/vulnerability/wordpress-secure-captcha-plugin-1-2-csrf-to-stored-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

687Records found
CVE-2025-28974
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 5.66%
||
7 Day CHG+0.01%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Free WP Mail SMTP plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP allows Stored XSS. This issue affects Free WP Mail SMTP: from n/a through 1.0.

Action-Not Available
Vendor-mail250
Product-Free WP Mail SMTP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46492
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG+0.05%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Call Now PHT Blog plugin <= 2.4.1 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog allows Stored XSS. This issue affects Call Now PHT Blog: from n/a through 2.4.1.

Action-Not Available
Vendor-Pham Thanh
Product-Call Now PHT Blog
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28925
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.20%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:01
Updated-12 Mar, 2025 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WATI Chat and Notification plugin <= 1.1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Hieu Nguyen WATI Chat and Notification allows Stored XSS. This issue affects WATI Chat and Notification: from n/a through 1.1.2.

Action-Not Available
Vendor-Hieu Nguyen
Product-WATI Chat and Notification
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46092
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 18.93%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 09:35
Updated-28 Aug, 2024 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Webmaster Tools Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Webmaster Tools allows Stored XSS.This issue affects Webmaster Tools: from n/a through 2.0.

Action-Not Available
Vendor-lionscriptsLionScripts.com
Product-webmaster_toolsWebmaster Tools
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26545
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.20%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:52
Updated-18 Feb, 2025 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Related Posts Line-up-Exactly by Milliard plugin <= 0.0.22 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in shisuh Related Posts Line-up-Exactly by Milliard allows Stored XSS. This issue affects Related Posts Line-up-Exactly by Milliard: from n/a through 0.0.22.

Action-Not Available
Vendor-shisuh
Product-Related Posts Line-up-Exactly by Milliard
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26580
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.20%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:53
Updated-18 Feb, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Page/Post Specific Social Share Buttons plugin <= 2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CompleteWebResources Page/Post Specific Social Share Buttons allows Stored XSS. This issue affects Page/Post Specific Social Share Buttons: from n/a through 2.1.

Action-Not Available
Vendor-CompleteWebResources
Product-Page/Post Specific Social Share Buttons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25153
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.20%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Auto Tag plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in djjmz Simple Auto Tag allows Stored XSS. This issue affects Simple Auto Tag: from n/a through 1.1.

Action-Not Available
Vendor-djjmz
Product-Simple Auto Tag
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23749
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.17%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-12 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress mybb Last Topics plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Mahdi Khaksar mybb Last Topics allows Stored XSS.This issue affects mybb Last Topics: from n/a through 1.0.

Action-Not Available
Vendor-Mahdi Khaksar
Product-mybb Last Topics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23870
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.57%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Copyright Safeguard Footer Notice plugin <= 3.0 - CSRF to Stored Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Robert Nicholson Copyright Safeguard Footer Notice allows Stored XSS.This issue affects Copyright Safeguard Footer Notice: from n/a through 3.0.

Action-Not Available
Vendor-Robert Nicholson
Product-Copyright Safeguard Footer Notice
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-22814
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 33.37%
||
7 Day CHG+0.09%
Published-09 Jan, 2025 | 15:39
Updated-10 Jan, 2025 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Zephyr Admin Theme Plugin <= 1.4.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Admin Theme allows Cross Site Request Forgery.This issue affects Zephyr Admin Theme: from n/a through 1.4.1.

Action-Not Available
Vendor-Dylan James
Product-Zephyr Admin Theme
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-21752
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.74%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 05:17
Updated-22 Apr, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ajax Search Lite Plugin <= 4.11.4 is vulnerable to Cross Site Scripting (XSS)

Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4.

Action-Not Available
Vendor-wp-dreamsErnest Marcinko
Product-ajax_searchAjax Search Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-40335
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 18.93%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 09:48
Updated-28 Aug, 2024 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cleverwise Daily Quotes Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS)

Cross-Site Request Forgery (CSRF) vulnerability in Jeremy O'Connell Cleverwise Daily Quotes allows Stored XSS.This issue affects Cleverwise Daily Quotes: from n/a through 3.2.

Action-Not Available
Vendor-cyberwsJeremy O'Connell
Product-cleverwise_daily_quotesCleverwise Daily Quotes
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-39166
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 18.93%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 16:58
Updated-02 Aug, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress tagDiv Composer Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before 4.4.

Action-Not Available
Vendor-tagdivtagDiv
Product-tagdiv_composertagDiv Composer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-56232
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.27%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 10:05
Updated-31 Dec, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Nice Loader plugin <= 0.1.0.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Alexander Volkov WP Nice Loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through 0.1.0.4.

Action-Not Available
Vendor-Alexander Volkov
Product-WP Nice Loader
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-7174
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.12%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:09
Updated-11 Jun, 2025 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
aBitGone CommentSafe <= 1.0.0 - Settings Update to Stored XSS via CSRF

The aBitGone CommentSafe WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

Action-Not Available
Vendor-abitgoneUnknown
Product-abitgone_commentsafeaBitGone CommentSafe
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-7197
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.12%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:09
Updated-11 Jun, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Marketing Twitter Bot <= 1.11 - Settings Update to Stored XSS via CSRF

The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

Action-Not Available
Vendor-corbyboyUnknown
Product-marketing_twitter_botMarketing Twitter Bot
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26759
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.20%
||
7 Day CHG~0.00%
Published-16 Feb, 2025 | 22:17
Updated-18 Feb, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Content Snippet Manager plugin <= 1.1.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager allows Stored XSS. This issue affects Content Snippet Manager: from n/a through 1.1.5.

Action-Not Available
Vendor-alexvtn
Product-Content Snippet Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47790
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.07%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 23:27
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pz-LinkCard Plugin <= 2.4.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in Poporon Pz-LinkCard plugin <= 2.4.8 versions.

Action-Not Available
Vendor-popozurePoporon
Product-pz-linkcardPz-LinkCard
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46201
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.46%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 04:09
Updated-28 Aug, 2024 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration allows Stored XSS.This issue affects Auto Login New User After Registration: from n/a through 1.9.6.

Action-Not Available
Vendor-auto_login_new_user_after_registration_projectJeff Sherk
Product-auto_login_new_user_after_registrationAuto Login New User After Registration
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-51636
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 28.84%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 16:32
Updated-02 Dec, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Plugin Name: GMO Social Connection plugin <= 1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Z.com by GMO GMO Social Connection allows Cross-Site Scripting (XSS). This issue affects GMO Social Connection: from n/a through 1.2.

Action-Not Available
Vendor-Z.com by GMO
Product-GMO Social Connection
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-51658
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.71%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 21:37
Updated-15 Nov, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Course Manager plugin <= 1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Henrik Hoff WP Course Manager allows Stored XSS.This issue affects WP Course Manager: from n/a through 1.3.

Action-Not Available
Vendor-Henrik Hoff
Product-WP Course Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-35877
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.81%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 17:06
Updated-28 Aug, 2024 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Extra User Details Plugin <= 0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User Details allows Stored XSS.This issue affects Extra User Details: from n/a through 0.5.

Action-Not Available
Vendor-vadimkVadym K.
Product-extra_user_detailsExtra User Details
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-47644
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.37%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 12:55
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Copyscape Premium plugin <= 1.3.6 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Copyscape / Indigo Stream Technologies Copyscape Premium allows Stored XSS.This issue affects Copyscape Premium: from n/a through 1.3.6.

Action-Not Available
Vendor-Copyscape / Indigo Stream Technologies
Product-Copyscape Premium
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-44064
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.55%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 22:35
Updated-24 Sep, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Like Button Rating LikeBtn plugin <= 2.6.54 - Reflected Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button Rating allows Cross-Site Scripting (XSS).This issue affects Like Button Rating: from n/a through 2.6.54.

Action-Not Available
Vendor-likebtnLikeBtn
Product-like_button_ratingLike Button Rating
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39418
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:17
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RSS Manager plugin <= 0.06 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ajayver RSS Manager allows Stored XSS. This issue affects RSS Manager: from n/a through 0.06.

Action-Not Available
Vendor-ajayver
Product-RSS Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32497
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spoiler Block plugin <= 1.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in squiter Spoiler Block allows Stored XSS. This issue affects Spoiler Block: from n/a through 1.7.

Action-Not Available
Vendor-squiter
Product-Spoiler Block
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32664
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Nepali Date Utilities plugin <= 1.0.13 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ashokbasnet Nepali Date Utilities allows Stored XSS. This issue affects Nepali Date Utilities: from n/a through 1.0.13.

Action-Not Available
Vendor-ashokbasnet
Product-Nepali Date Utilities
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32502
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ePaper Lister for Yumpu plugin <= 1.4.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in lemmentwickler ePaper Lister for Yumpu allows Stored XSS. This issue affects ePaper Lister for Yumpu: from n/a through 1.4.0.

Action-Not Available
Vendor-lemmentwickler
Product-ePaper Lister for Yumpu
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32575
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP w3all phpBB Plugin <= 2.9.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB allows Reflected XSS. This issue affects WP w3all phpBB: from n/a through 2.9.2.

Action-Not Available
Vendor-axew3
Product-WP w3all phpBB
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32505
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MultiMailer plugin <= 1.0.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SCAND MultiMailer allows Stored XSS. This issue affects MultiMailer: from n/a through 1.0.3.

Action-Not Available
Vendor-SCAND
Product-MultiMailer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32659
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FraudLabs Pro for WooCommerce plugin <= 2.22.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in fraudlabspro FraudLabs Pro for WooCommerce allows Stored XSS. This issue affects FraudLabs Pro for WooCommerce: from n/a through 2.22.7.

Action-Not Available
Vendor-fraudlabspro
Product-FraudLabs Pro for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32480
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Windows Live Writer plugin <= 0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in dalziel Windows Live Writer allows Stored XSS. This issue affects Windows Live Writer: from n/a through 0.1.

Action-Not Available
Vendor-dalziel
Product-Windows Live Writer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32619
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress KeyCAPTCHA plugin <= 2.5.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in KeyCAPTCHA KeyCAPTCHA allows Stored XSS. This issue affects KeyCAPTCHA: from n/a through 2.5.1.

Action-Not Available
Vendor-KeyCAPTCHA
Product-KeyCAPTCHA
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31382
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Language Field plugin <= 0.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in theode Language Field allows Stored XSS. This issue affects Language Field: from n/a through 0.9.

Action-Not Available
Vendor-theode
Product-Language Field
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31392
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Smart Product Gallery Slider plugin <= 1.0.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shameem Reza Smart Product Gallery Slider allows Cross Site Request Forgery. This issue affects Smart Product Gallery Slider: from n/a through 1.0.4.

Action-Not Available
Vendor-Shameem Reza
Product-Smart Product Gallery Slider
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32112
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 37.55%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sidebar Manager Light plugin <= 1.1.8 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light allows Cross Site Request Forgery. This issue affects Sidebar Manager Light: from n/a through 1.1.8.

Action-Not Available
Vendor-OTWthemes
Product-Sidebar Manager Light
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31570
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Related Posts Widget with Thumbnails plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in wp-buy Related Posts Widget with Thumbnails allows Stored XSS. This issue affects Related Posts Widget with Thumbnails: from n/a through 1.2.

Action-Not Available
Vendor-wp-buy
Product-Related Posts Widget with Thumbnails
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31449
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 11:54
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Visitor Counter plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in EricH The Visitor Counter allows Stored XSS. This issue affects The Visitor Counter: from n/a through 1.4.3.

Action-Not Available
Vendor-EricH
Product-The Visitor Counter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31390
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Crowd plugin <= 0.9.6.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in bdoga Social Crowd allows Stored XSS. This issue affects Social Crowd: from n/a through 0.9.6.1.

Action-Not Available
Vendor-bdoga
Product-Social Crowd
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31458
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 11:54
Updated-28 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video Embedder plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in forsgren Video Embedder allows Stored XSS. This issue affects Video Embedder: from n/a through 1.7.1.

Action-Not Available
Vendor-forsgren
Product-Video Embedder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31391
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Script Compressor plugin <= 1.7.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in regen Script Compressor allows Stored XSS. This issue affects Script Compressor: from n/a through 1.7.1.

Action-Not Available
Vendor-regen
Product-Script Compressor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30578
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-25 Mar, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AdSense Privacy Policy plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) to Stored XSS Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in hotvanrod AdSense Privacy Policy allows Stored XSS. This issue affects AdSense Privacy Policy: from n/a through 1.1.1.

Action-Not Available
Vendor-hotvanrod
Product-AdSense Privacy Policy
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30620
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.42%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-24 Mar, 2025 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Odoo Form Integrator plugin <=1.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in coderscom WP Odoo Form Integrator allows Stored XSS. This issue affects WP Odoo Form Integrator: from n/a through 1.1.0.

Action-Not Available
Vendor-coderscom
Product-WP Odoo Form Integrator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30608
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.42%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-24 Mar, 2025 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress SQL Backup - <= <= 3.5.2 Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress SQL Backup allows Stored XSS. This issue affects WordPress SQL Backup: from n/a through 3.5.2.

Action-Not Available
Vendor-Anthony
Product-WordPress SQL Backup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31032
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pagopar – WooCommerce Gateway plugin <= 2.7.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Pagopar - Grupo M S.A. Pagopar &#8211; WooCommerce Gateway allows Stored XSS. This issue affects Pagopar &#8211; WooCommerce Gateway: from n/a through 2.7.1.

Action-Not Available
Vendor-Pagopar - Grupo M S.A.
Product-Pagopar &#8211; WooCommerce Gateway
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30612
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.42%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-24 Mar, 2025 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Replace Default Words plugin <= 1.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in mandegarweb Replace Default Words allows Stored XSS. This issue affects Replace Default Words: from n/a through 1.3.

Action-Not Available
Vendor-mandegarweb
Product-Replace Default Words
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30995
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 5.66%
||
7 Day CHG+0.01%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Widgetize Pages Light plugin <= 3.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Widgetize Pages Light allows Stored XSS. This issue affects Widgetize Pages Light: from n/a through 3.0.

Action-Not Available
Vendor-OTWthemes
Product-Widgetize Pages Light
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30572
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.76%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-31 Mar, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Rating plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Igor Yavych Simple Rating allows Stored XSS. This issue affects Simple Rating: from n/a through 1.4.

Action-Not Available
Vendor-Igor Yavych
Product-Simple Rating
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28932
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.20%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:01
Updated-12 Mar, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Insert Code plugin <= 2.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in BCS Website Solutions Insert Code allows Stored XSS. This issue affects Insert Code: from n/a through 2.4.

Action-Not Available
Vendor-BCS Website Solutions
Product-Insert Code
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28948
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 5.66%
||
7 Day CHG+0.01%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mediabay - WordPress Media Library Folders plugin <= 1.4 - CSRF to Reflected XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in codedraft Mediabay - WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4.

Action-Not Available
Vendor-codedraft
Product-Mediabay - WordPress Media Library Folders
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 10
  • 11
  • 12
  • 13
  • 14
  • Next
Details not found