Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-23871

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-16 Jan, 2025 | 20:07
Updated At-17 Jan, 2025 | 19:04
Rejected At-
Credits

WordPress LSD Google Maps Embedder plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Bas Matthee LSD Google Maps Embedder allows Cross Site Request Forgery.This issue affects LSD Google Maps Embedder: from n/a through 1.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:16 Jan, 2025 | 20:07
Updated At:17 Jan, 2025 | 19:04
Rejected At:
â–¼CVE Numbering Authority (CNA)
WordPress LSD Google Maps Embedder plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Bas Matthee LSD Google Maps Embedder allows Cross Site Request Forgery.This issue affects LSD Google Maps Embedder: from n/a through 1.1.

Affected Products
Vendor
Bas Matthee
Product
LSD Google Maps Embedder
Collection URL
https://wordpress.org/plugins
Package Name
lsd-google-maps-embedder
Default Status
unaffected
Versions
Affected
  • From n/a through 1.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62CAPEC-62 Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: CAPEC-62 Cross Site Request Forgery
Solutions
Configurations
Workarounds
Exploits
Credits
finder
SOPROBRO (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/lsd-google-maps-embedder/vulnerability/wordpress-lsd-google-maps-embedder-plugin-1-1-csrf-to-stored-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/lsd-google-maps-embedder/vulnerability/wordpress-lsd-google-maps-embedder-plugin-1-1-csrf-to-stored-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:16 Jan, 2025 | 21:15
Updated At:16 Jan, 2025 | 21:15

Cross-Site Request Forgery (CSRF) vulnerability in Bas Matthee LSD Google Maps Embedder allows Cross Site Request Forgery.This issue affects LSD Google Maps Embedder: from n/a through 1.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Primaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/lsd-google-maps-embedder/vulnerability/wordpress-lsd-google-maps-embedder-plugin-1-1-csrf-to-stored-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/lsd-google-maps-embedder/vulnerability/wordpress-lsd-google-maps-embedder-plugin-1-1-csrf-to-stored-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

688Records found
CVE-2025-23715
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post & Page Notes plugin <= 0.1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in RaymondDesign Post & Page Notes allows Stored XSS.This issue affects Post & Page Notes: from n/a through 0.1.1.

Action-Not Available
Vendor-RaymondDesign
Product-Post & Page Notes
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23639
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.25%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-30 Sep, 2025 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MDC YouTube Downloader plugin <= 3.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC YouTube Downloader allows Stored XSS.This issue affects MDC YouTube Downloader: from n/a through 3.0.0.

Action-Not Available
Vendor-mdc_youtube_downloader_projectNazmul Ahsan
Product-mdc_youtube_downloaderMDC YouTube Downloader
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23483
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:05
Updated-17 Jan, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Universal Analytics Injector plugin <= 1.0.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Niklas Olsson Universal Analytics Injector allows Stored XSS.This issue affects Universal Analytics Injector: from n/a through 1.0.3.

Action-Not Available
Vendor-Niklas Olsson
Product-Universal Analytics Injector
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23649
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Auphonic Importer plugin <= 1.5.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Kreg Steppe Auphonic Importer allows Stored XSS.This issue affects Auphonic Importer: from n/a through 1.5.1.

Action-Not Available
Vendor-Kreg Steppe
Product-Auphonic Importer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23823
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CNZZ&51LA for WordPress plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in jprintf CNZZ&51LA for WordPress allows Cross Site Request Forgery.This issue affects CNZZ&51LA for WordPress: from n/a through 1.0.1.

Action-Not Available
Vendor-jprintf
Product-CNZZ&51LA for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23808
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.60%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom List Table Example Plugin <=1.4.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Matt van Andel Custom List Table Example allows Reflected XSS.This issue affects Custom List Table Example: from n/a through 1.4.1.

Action-Not Available
Vendor-Matt van Andel
Product-Custom List Table Example
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53313
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.25%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Twitch TV Embed Suite plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in plumwd Twitch TV Embed Suite allows Stored XSS. This issue affects Twitch TV Embed Suite: from n/a through 2.1.0.

Action-Not Available
Vendor-plumwd
Product-Twitch TV Embed Suite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23703
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Free MailClient FMC plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CS : ABS-Hosting.nl / Walchum.net Free MailClient FMC allows Stored XSS.This issue affects Free MailClient FMC: from n/a through 1.0.

Action-Not Available
Vendor-CS : ABS-Hosting.nl / Walchum.net
Product-Free MailClient FMC
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23446
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.23%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-03 Mar, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP SpaceContent plugin <= 0.4.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in NotFound WP SpaceContent allows Stored XSS. This issue affects WP SpaceContent: from n/a through 0.4.5.

Action-Not Available
Vendor-NotFound
Product-WP SpaceContent
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23694
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Shabbos and Yom Tov plugin <= 1.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shabbos Commerce Shabbos and Yom Tov allows Stored XSS.This issue affects Shabbos and Yom Tov: from n/a through 1.9.

Action-Not Available
Vendor-Shabbos Commerce
Product-Shabbos and Yom Tov
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23884
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 21:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Annie plugin <= 2.1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Chris Roberts Annie allows Cross Site Request Forgery.This issue affects Annie: from n/a through 2.1.1.

Action-Not Available
Vendor-Chris Roberts
Product-Annie
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23426
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.23%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:05
Updated-17 Jan, 2025 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress go Social plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wizcrew Technologies go Social allows Stored XSS.This issue affects go Social: from n/a through 1.0.

Action-Not Available
Vendor-Wizcrew Technologies
Product-go Social
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23508
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Extra Options – Favicons plugin <= 1.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in EdesaC Extra Options – Favicons allows Stored XSS.This issue affects Extra Options – Favicons: from n/a through 1.1.0.

Action-Not Available
Vendor-EdesaC
Product-Extra Options – Favicons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23661
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NV Slider plugin <= 1.6 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana NV Slider allows Stored XSS.This issue affects NV Slider: from n/a through 1.6.

Action-Not Available
Vendor-Ryan Sutana
Product-NV Slider
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23822
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Category Custom Fields plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Cornea Alexandru Category Custom Fields allows Cross Site Request Forgery.This issue affects Category Custom Fields: from n/a through 1.0.

Action-Not Available
Vendor-Cornea Alexandru
Product-Category Custom Fields
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23708
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.23%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DF Draggable plugin <= 1.13.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Dominic Fallows DF Draggable allows Stored XSS.This issue affects DF Draggable: from n/a through 1.13.2.

Action-Not Available
Vendor-Dominic Fallows
Product-DF Draggable
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23848
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hotspots Analytics plugin <= 4.0.12 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Hotspots Analytics allows Stored XSS.This issue affects Hotspots Analytics: from n/a through 4.0.12.

Action-Not Available
Vendor-Daniel Powney
Product-Hotspots Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23501
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cookie Consent & Autoblock for GDPR/CCPA plugin <= 1.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SpruceJoy Cookie Consent & Autoblock for GDPR/CCPA allows Stored XSS.This issue affects Cookie Consent & Autoblock for GDPR/CCPA: from n/a through 1.0.1.

Action-Not Available
Vendor-SpruceJoy
Product-Cookie Consent & Autoblock for GDPR/CCPA
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23618
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Twitter Shortcode plugin <= 0.9 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Brandi Twitter Shortcode allows Stored XSS.This issue affects Twitter Shortcode: from n/a through 0.9.

Action-Not Available
Vendor-Andrea Brandi
Product-Twitter Shortcode
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23815
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.60%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:08
Updated-17 Jan, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress root Cookie plugin <= 1.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in linickx root Cookie allows Cross Site Request Forgery. This issue affects root Cookie: from n/a through 1.6.

Action-Not Available
Vendor-linickx
Product-root Cookie
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23980
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.23%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 08:23
Updated-31 Jan, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Full Circle plugin <= 0.5.7.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in James Andrews Full Circle allows Stored XSS. This issue affects Full Circle: from n/a through 0.5.7.8.

Action-Not Available
Vendor-James Andrews
Product-Full Circle
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23499
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Board Election plugin <= 1.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier Board Election allows Stored XSS.This issue affects Board Election: from n/a through 1.0.1.

Action-Not Available
Vendor-Pascal Casier
Product-Board Election
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23895
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Add RSS plugin <= 1.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Dan Cameron Add RSS allows Stored XSS.This issue affects Add RSS: from n/a through 1.5.

Action-Not Available
Vendor-Dan Cameron
Product-Add RSS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23502
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.23%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-05 Mar, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Curated Search plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in NotFound Curated Search allows Stored XSS. This issue affects Curated Search: from n/a through 1.2.

Action-Not Available
Vendor-NotFound
Product-Curated Search
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23442
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:05
Updated-17 Jan, 2025 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Shockingly Big IE6 Warning plugin <= 1.6.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in matias s Shockingly Big IE6 Warning allows Stored XSS.This issue affects Shockingly Big IE6 Warning: from n/a through 1.6.3.

Action-Not Available
Vendor-matias s
Product-Shockingly Big IE6 Warning
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34367
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 33.45%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 18:16
Updated-02 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popup Box plugin <= 4.1.2 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popup box allows Cross-Site Scripting (XSS).This issue affects Popup box: from n/a through 4.1.2.

Action-Not Available
Vendor-WordPress.orgAYS Pro Extensions
Product-Popup boxpopup_box
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23869
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.60%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CJ Custom Content plugin <= 2.0 - CSRF to Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shibu Lijack a.k.a CyberJack CJ Custom Content allows Stored XSS.This issue affects CJ Custom Content: from n/a through 2.0.

Action-Not Available
Vendor-Shibu Lijack a.k.a CyberJack
Product-CJ Custom Content
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23805
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SEOReseller Partner plugin <= 1.3.15 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SEOReseller Team SEOReseller Partner allows Cross Site Request Forgery.This issue affects SEOReseller Partner: from n/a through 1.3.15.

Action-Not Available
Vendor-SEOReseller Team
Product-SEOReseller Partner
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23690
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Book a Place plugin <= 0.7.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ArtkanMedia Book a Place allows Stored XSS.This issue affects Book a Place: from n/a through 0.7.1.

Action-Not Available
Vendor-ArtkanMedia
Product-Book a Place
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23573
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Background Tile plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Sam Burdge WP Background Tile allows Stored XSS.This issue affects WP Background Tile: from n/a through 1.0.

Action-Not Available
Vendor-Sam Burdge
Product-WP Background Tile
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23664
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Real Seguro Viagem plugin <= 2.0.5 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Real Seguro Viagem Real Seguro Viagem allows Stored XSS.This issue affects Real Seguro Viagem: from n/a through 2.0.5.

Action-Not Available
Vendor-Real Seguro Viagem
Product-Real Seguro Viagem
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23749
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-12 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress mybb Last Topics plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Mahdi Khaksar mybb Last Topics allows Stored XSS.This issue affects mybb Last Topics: from n/a through 1.0.

Action-Not Available
Vendor-Mahdi Khaksar
Product-mybb Last Topics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-33681
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.76%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 06:01
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Regenerate post permalink plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) leading to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Regenerate post permalink allows Cross-Site Scripting (XSS).This issue affects Regenerate post permalink: from n/a through 1.0.3.

Action-Not Available
Vendor-Sandor KovacsSandor_Kovacs
Product-Regenerate post permalinkregenerate_post_permalink
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23467
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:05
Updated-17 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RSS News Scroller plugin <= 2.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Vimal Ghorecha RSS News Scroller allows Stored XSS.This issue affects RSS News Scroller: from n/a through 2.0.0.

Action-Not Available
Vendor-Vimal Ghorecha
Product-RSS News Scroller
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23900
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Genki Announcement plugin <= 1.4.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Genkisan Genki Announcement allows Cross Site Request Forgery.This issue affects Genki Announcement: from n/a through 1.4.1.

Action-Not Available
Vendor-Genkisan
Product-Genki Announcement
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23470
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:05
Updated-17 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Visit Site Link enhanced plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in X Villamuera Visit Site Link enhanced allows Stored XSS.This issue affects Visit Site Link enhanced: from n/a through 1.0.

Action-Not Available
Vendor-X Villamuera
Product-Visit Site Link enhanced
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23424
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:05
Updated-17 Jan, 2025 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Marquee Style RSS News Ticker plugin <= 3.2.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Brian Novotny – Creative Software Design Solutions Marquee Style RSS News Ticker allows Cross Site Request Forgery.This issue affects Marquee Style RSS News Ticker: from n/a through 3.2.0.

Action-Not Available
Vendor-Brian Novotny – Creative Software Design Solutions
Product-Marquee Style RSS News Ticker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23558
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Geotagged Media plugin <= 0.3.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in digfish Geotagged Media allows Stored XSS.This issue affects Geotagged Media: from n/a through 0.3.0.

Action-Not Available
Vendor-digfish
Product-Geotagged Media
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23989
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 08:23
Updated-10 Feb, 2025 | 22:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Internal Link Builder plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi - SabLab Internal Link Builder allows Cross Site Request Forgery. This issue affects Internal Link Builder: from n/a through 1.0.

Action-Not Available
Vendor-Alessandro Piconi - SabLab
Product-Internal Link Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23691
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Send to Twitter plugin <= 1.7.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Braulio Aquino García Send to Twitter allows Stored XSS.This issue affects Send to Twitter: from n/a through 1.7.2.

Action-Not Available
Vendor-Braulio Aquino García
Product-Send to Twitter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23692
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slider for Writers plugin <= 1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Artem Anikeev Slider for Writers allows Stored XSS.This issue affects Slider for Writers: from n/a through 1.3.

Action-Not Available
Vendor-Artem Anikeev
Product-Slider for Writers
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23513
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bible Embed plugin <= 0.0.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Joshua Wieczorek Bible Embed allows Stored XSS.This issue affects Bible Embed: from n/a through 0.0.4.

Action-Not Available
Vendor-Joshua Wieczorek
Product-Bible Embed
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23901
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GravatarLocalCache plugin <= 1.1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Oliver Schaal GravatarLocalCache allows Cross Site Request Forgery.This issue affects GravatarLocalCache: from n/a through 1.1.2.

Action-Not Available
Vendor-Oliver Schaal
Product-GravatarLocalCache
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23861
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.60%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Debt Calculator plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Katz Web Services, Inc. Debt Calculator allows Cross Site Request Forgery.This issue affects Debt Calculator: from n/a through 1.0.1.

Action-Not Available
Vendor-Katz Web Services, Inc.
Product-Debt Calculator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23875
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Better Protected Pages plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tim Ridgway Better Protected Pages allows Stored XSS.This issue affects Better Protected Pages: from n/a through 1.0.

Action-Not Available
Vendor-Tim Ridgway
Product-Better Protected Pages
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23675
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Import Users to MailChimp plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SandyIN Import Users to MailChimp allows Stored XSS.This issue affects Import Users to MailChimp: from n/a through 1.0.

Action-Not Available
Vendor-SandyIN
Product-Import Users to MailChimp
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23510
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress Logging Service plugin <= 1.5.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Zaantar WordPress Logging Service allows Stored XSS.This issue affects WordPress Logging Service: from n/a through 1.5.4.

Action-Not Available
Vendor-Zaantar
Product-WordPress Logging Service
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23693
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Secure CAPTCHA plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Stanisław Skonieczny Secure CAPTCHA allows Stored XSS.This issue affects Secure CAPTCHA: from n/a through 1.2.

Action-Not Available
Vendor-Stanisław Skonieczny
Product-Secure CAPTCHA
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23712
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kapost plugin <= 2.2.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Kapost Kapost allows Stored XSS.This issue affects Kapost: from n/a through 2.2.9.

Action-Not Available
Vendor-Kapost
Product-Kapost
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23804
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Service Payment Form With Authorize.net Plugin <= 2.6.0 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shiv Prakash Tiwari WP Service Payment Form With Authorize.net allows Reflected XSS.This issue affects WP Service Payment Form With Authorize.net: from n/a through 2.6.0.

Action-Not Available
Vendor-Shiv Prakash Tiwari
Product-WP Service Payment Form With Authorize.net
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • Next
Details not found