Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-24716

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-24 Jan, 2025 | 17:25
Updated At-24 Jan, 2025 | 18:28
Rejected At-
Credits

WordPress Herd Effects Plugin <= 6.2.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Herd Effects allows Cross Site Request Forgery. This issue affects Herd Effects: from n/a through 6.2.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:24 Jan, 2025 | 17:25
Updated At:24 Jan, 2025 | 18:28
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Herd Effects Plugin <= 6.2.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Herd Effects allows Cross Site Request Forgery. This issue affects Herd Effects: from n/a through 6.2.1.

Affected Products
Vendor
Wow-Company
Product
Herd Effects
Collection URL
https://wordpress.org/plugins
Package Name
mwp-herd-effect
Default Status
unaffected
Versions
Affected
  • From n/a through 6.2.1 (custom)
    • -> unaffectedfrom6.2.2
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62CAPEC-62 Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: CAPEC-62 Cross Site Request Forgery
Solutions

Update the WordPress Herd Effects wordpress plugin to the latest available version (at least 6.2.2).

Configurations
Workarounds
Exploits
Credits
finder
Khang Duong (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/mwp-herd-effect/vulnerability/wordpress-herd-effects-plugin-6-2-1-cross-site-request-forgery-csrf-to-settings-change-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/mwp-herd-effect/vulnerability/wordpress-herd-effects-plugin-6-2-1-cross-site-request-forgery-csrf-to-settings-change-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:24 Jan, 2025 | 18:15
Updated At:24 Jan, 2025 | 18:15

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Herd Effects allows Cross Site Request Forgery. This issue affects Herd Effects: from n/a through 6.2.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Primaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/mwp-herd-effect/vulnerability/wordpress-herd-effects-plugin-6-2-1-cross-site-request-forgery-csrf-to-settings-change-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/mwp-herd-effect/vulnerability/wordpress-herd-effects-plugin-6-2-1-cross-site-request-forgery-csrf-to-settings-change-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

500Records found
CVE-2025-30912
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 1.53%
||
7 Day CHG-0.02%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Float menu plugin <= 6.1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Float menu allows Cross Site Request Forgery. This issue affects Float menu: from n/a through 6.1.2.

Action-Not Available
Vendor-Wow-Company
Product-Float menu
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24711
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 5.46%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-12 Feb, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popup Box Plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Popup Box allows Cross Site Request Forgery. This issue affects Popup Box: from n/a through 3.2.4.

Action-Not Available
Vendor-Wow-Company
Product-Popup Box
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24715
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 5.46%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-09 Jun, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Counter Box Plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Counter Box allows Cross Site Request Forgery. This issue affects Counter Box: from n/a through 2.0.5.

Action-Not Available
Vendor-wow-companyWow-Company
Product-counter_boxCounter Box
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24713
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 5.46%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-24 Jan, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Button Generator – easily Button Builder Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder allows Cross Site Request Forgery. This issue affects Button Generator – easily Button Builder: from n/a through 3.1.1.

Action-Not Available
Vendor-Wow-Company
Product-Button Generator – easily Button Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24714
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 5.46%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-12 Feb, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bubble Menu Plugin <= 4.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu allows Cross Site Request Forgery. This issue affects Bubble Menu – circle floating menu: from n/a through 4.0.2.

Action-Not Available
Vendor-Wow-Company
Product-Bubble Menu – circle floating menu
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24717
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 8.28%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-03 Jul, 2025 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Modal Window Plugin <= 6.1.4 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery. This issue affects Modal Window: from n/a through 6.1.4.

Action-Not Available
Vendor-wow-companyWow-Company
Product-modal_windowModal Window
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24720
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 5.46%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-24 Jan, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sticky Buttons Plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons allows Cross Site Request Forgery. This issue affects Sticky Buttons: from n/a through 4.1.1.

Action-Not Available
Vendor-Wow-Company
Product-Sticky Buttons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24724
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 5.46%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-24 Jan, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Side Menu Lite Plugin <= 5.3.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite allows Cross Site Request Forgery. This issue affects Side Menu Lite: from n/a through 5.3.1.

Action-Not Available
Vendor-Wow-Company
Product-Side Menu Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52149
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.32%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 08:10
Updated-17 Jun, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Floating Button Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0.

Action-Not Available
Vendor-wow-companyWow-Company
Product-floating_buttonFloating Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23984
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.40%
||
7 Day CHG~0.00%
Published-01 Mar, 2023 | 12:27
Updated-13 Jan, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bubble Menu – circle floating menu Plugin <= 3.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu plugin <= 3.0.1 leading to form deletion.

Action-Not Available
Vendor-wow-companyWow-Company
Product-bubble_menuBubble Menu – circle floating menu
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24699
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.47%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 12:44
Updated-14 Feb, 2025 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Coder Plugin <= 3.6 - CSRF to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder allows Cross-Site Scripting (XSS). This issue affects WP Coder: from n/a through 3.6.

Action-Not Available
Vendor-Wow-Company
Product-WP Coder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-25443
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.43%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 12:29
Updated-07 Oct, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Button Generator – easily Button Builder Plugin <= 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.5 versions.

Action-Not Available
Vendor-wow-companyWow-Company
Product-button_generatorButton Generator – easily Button Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27418
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.96%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 22:53
Updated-30 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Side Menu Lite Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite – add sticky fixed buttons plugin <= 4.0 versions.

Action-Not Available
Vendor-wow-companyWow-Company
Product-side_menu_liteSide Menu Lite – add sticky fixed buttons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49155
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.64%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 22:13
Updated-20 Nov, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8.

Action-Not Available
Vendor-wow-companyWow-Company
Product-button_generatorButton Generator – easily Button Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-27948
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.89%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 18:17
Updated-14 Feb, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Atahualpa Theme <= 3.7.24 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahualpa.This issue affects Atahualpa: from n/a through 3.7.24.

Action-Not Available
Vendor-bytesforallbytesforall
Product-atahualpaAtahualpa
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-39198
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.11% / 29.37%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 21:30
Updated-04 Aug, 2024 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The disqualify lead action may be executed without CSRF token check

OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and all users are advised to update their package.

Action-Not Available
Vendor-oroincoroinc
Product-client_relationship_managementcrm
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-8102
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 1.57%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 11:26
Updated-20 Aug, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Easy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the edd_sendwp_disconnect() and edd_sendwp_remote_install() functions. This makes it possible for unauthenticated attackers to deactivate or download and activate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-Awesome Motive Inc.
Product-Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-25905
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.24%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 06:47
Updated-15 Apr, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi Step Form Plugin <= 1.7.18 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18.

Action-Not Available
Vendor-mondulaMondula GmbH
Product-multi_step_formMulti Step Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28618
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.32%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 21:51
Updated-30 Aug, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Enhanced Plugin Admin Plugin <= 1.16 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin <= 1.16 versions.

Action-Not Available
Vendor-infolificMarios Alexandrou
Product-enhanced_plugin_adminEnhanced Plugin Admin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24887
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.32%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 08:43
Updated-08 Oct, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4.

Action-Not Available
Vendor-contest-galleryContest Gallery
Product-contest_galleryPhotos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24705
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 22.88%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 14:26
Updated-01 Aug, 2024 | 23:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Accessibility Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.This issue affects Accessibility: from n/a through 1.0.6.

Action-Not Available
Vendor-Octa Code
Product-Accessibility
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24706
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 34.91%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 16:50
Updated-01 Aug, 2024 | 23:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-CFM Plugin <= 1.7.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8.

Action-Not Available
Vendor-forumoneForum One
Product-wp-cfmWP-CFM
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-23737
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 40.62%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 00:00
Updated-18 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email.

Action-Not Available
Vendor-savignanon/a
Product-s-notifyn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-23515
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.27%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 13:41
Updated-01 Aug, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cincopa video and media plugin <= 1.159 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video Players.This issue affects Post Video Players: from n/a through 1.159.

Action-Not Available
Vendor-Cincopa
Product-Post Video Players
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47139
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.07%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 08:10
Updated-08 Jan, 2025 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Basic Elements Plugin <= 5.2.15 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Basic Elements plugin <= 5.2.15 versions.

Action-Not Available
Vendor-wp_basic_elements_projectDamir Calusic
Product-wp_basic_elementsWP Basic Elements
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-48320
Matching Score-4
Assigner-Checkmk GmbH
ShareView Details
Matching Score-4
Assigner-Checkmk GmbH
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.32%
||
7 Day CHG~0.00%
Published-20 Feb, 2023 | 16:56
Updated-12 Mar, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSRF in add-visual endpoint

Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk <= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an attacker to add new visual elements to multiple pages.

Action-Not Available
Vendor-tribe29 GmbHCheckmk GmbH
Product-checkmkCheckmk
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46842
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.32%
||
7 Day CHG~0.00%
Published-02 Feb, 2023 | 16:32
Updated-07 Nov, 2023 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JS Help Desk plugin <= 2.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions.

Action-Not Available
Vendor-wiselyhubJS Help Desk
Product-js_help_deskJS Help Desk
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22304
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.32%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 12:15
Updated-23 May, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FreshMail For WordPress Plugin <= 2.3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Borbis Media FreshMail For WordPress.This issue affects FreshMail For WordPress: from n/a through 2.3.2.

Action-Not Available
Vendor-borbisBorbis Media
Product-freshmail_for_wordpressFreshMail For WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47141
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.32%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 08:55
Updated-13 Jan, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Dynamic Keywords Injector Plugin <= 2.3.15 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dynamic Keywords Injector plugin <= 2.3.15 versions.

Action-Not Available
Vendor-seeroxSeerox
Product-wp_dynamic_keywords_injectorWP Dynamic Keywords Injector
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46806
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 10.88%
||
7 Day CHG~0.00%
Published-01 Mar, 2023 | 14:16
Updated-13 Jan, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cart All In One For WooCommerce Plugin <= 1.1.10 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All In One For WooCommerce plugin <= 1.1.10 leading to cart modification.

Action-Not Available
Vendor-VillaTheme
Product-cart_all_in_one_for_woocommerceCart All In One For WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46854
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.07%
||
7 Day CHG~0.00%
Published-17 Mar, 2023 | 15:24
Updated-13 Jan, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Launchpad – Coming Soon & Maintenance Mode Plugin Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes Launchpad – Coming Soon & Maintenance Mode plugin <= 1.0.13 versions.

Action-Not Available
Vendor-oboxObox Themes
Product-launchpad_-_coming_soon_\&_maintenance_mode_pluginLaunchpad – Coming Soon & Maintenance Mode Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53265
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.77%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Virusdie plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Elena Yamshikova Virusdie allows Cross Site Request Forgery. This issue affects Virusdie: from n/a through 1.1.3.

Action-Not Available
Vendor-Elena Yamshikova
Product-Virusdie
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47427
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.32%
||
7 Day CHG~0.00%
Published-15 Mar, 2023 | 10:35
Updated-13 Jan, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress My Calendar Plugin <= 3.3.24.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions.

Action-Not Available
Vendor-my_calendar_projectJoseph C Dolson
Product-my_calendarMy Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-21749
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.91%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 16:31
Updated-08 Jan, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 1 click disable all Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au 1 click disable all.This issue affects 1 click disable all: from n/a through 1.0.1.

Action-Not Available
Vendor-atakanauAtakan Au
Product-click_disable_all1 click disable all
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46841
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.36%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 10:10
Updated-20 Sep, 2024 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Oxygen Builder Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <= 4.4 versions.

Action-Not Available
Vendor-Soflyy
Product-oxygenOxygen Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47446
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.07%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 16:05
Updated-08 Jan, 2025 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Store Locator Plugin <= 3.98.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations Store Locator for WordPress with Google Maps – LotsOfLocales plugin <= 3.98.7 versions.

Action-Not Available
Vendor-viadatViadat Creations
Product-store_locator_for_wordpress_with_google_mapsStore Locator for WordPress with Google Maps – LotsOfLocales
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-54674
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.28%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-14 Aug, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Configurator for WooCommerce Plugin plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce allows Cross Site Request Forgery. This issue affects Product Configurator for WooCommerce: from n/a through 1.4.4.

Action-Not Available
Vendor-mklacroix
Product-Product Configurator for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-54038
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.77%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Restaurant Menu by MotoPress plugin <= 2.4.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in jetmonsters Restaurant Menu by MotoPress allows Cross Site Request Forgery. This issue affects Restaurant Menu by MotoPress: from n/a through 2.4.6.

Action-Not Available
Vendor-jetmonsters
Product-Restaurant Menu by MotoPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-54682
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.28%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-14 Aug, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Connector for Gravity Forms and Google Sheets Plugin plugin <= 1.2.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Cross Site Request Forgery. This issue affects Connector for Gravity Forms and Google Sheets: from n/a through 1.2.4.

Action-Not Available
Vendor-CRM Perks
Product-Connector for Gravity Forms and Google Sheets
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-54020
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.77%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AntiSpam for Contact Form 7 plugin <= 0.6.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for Contact Form 7 allows Cross Site Request Forgery. This issue affects AntiSpam for Contact Form 7: from n/a through 0.6.3.

Action-Not Available
Vendor-Erik
Product-AntiSpam for Contact Form 7
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46798
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 11.13%
||
7 Day CHG~0.00%
Published-01 Mar, 2023 | 14:00
Updated-13 Jan, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooLentor Plugin <= 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.5.1 leading to plugin settings change.

Action-Not Available
Vendor-HasTech IT Limited (HasThemes)
Product-woolentor_-_woocommerce_elementor_addons_\+_builderShopLentor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-1446
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.80%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 06:50
Updated-07 Feb, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NextScripts: Social Networks Auto-Poster <= 4.4.3 - Cross-Site Request Forgery to Arbitrary Post Deletion

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to delete arbitrary posts or pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-nextscriptsnextscriptsnextscripts
Product-social_networks_auto_posterNextScripts: Social Networks Auto-Postersocial_networks_auto_poster
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-1407
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.14%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 06:55
Updated-17 Jan, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to subscribe to, modify, or cancel membership for a user via a forged request granted they can trick a user into performing an action such as clicking on a link.

Action-Not Available
Vendor-strangerstudiosstrangerstudios
Product-paid_memberships_proPaid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53263
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.77%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Address Autocomplete via Google for Gravity Forms plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PluginsCafe Address Autocomplete via Google for Gravity Forms allows Cross Site Request Forgery. This issue affects Address Autocomplete via Google for Gravity Forms: from n/a through 1.3.4.

Action-Not Available
Vendor-PluginsCafe
Product-Address Autocomplete via Google for Gravity Forms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-1213
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.19%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 23:33
Updated-29 Jan, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the esf_insta_save_access_token and efbl_save_facebook_access_token functions. This makes it possible for unauthenticated attackers to connect their facebook and instagram pages to the site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-easysocialfeedsjaved
Product-easy_social_feedEasy Social Feed – Social Photos Gallery – Post Feed – Like Box
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46793
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.07%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 12:44
Updated-10 Jan, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Feed PRO for WooCommerce Plugin <= 12.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io Product Feed PRO for WooCommerce plugin <= 12.4.4 versions.

Action-Not Available
Vendor-AdTribes
Product-product_feed_pro_for_woocommerceProduct Feed PRO for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-12170
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.20%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 04:22
Updated-07 Jan, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ViewMedica Embed <= 1.4.15 - Cross-Site Request Forgery to SQL Injection

The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-swarminteractive
Product-ViewMedica 9
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46797
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 10.88%
||
7 Day CHG~0.00%
Published-01 Mar, 2023 | 13:43
Updated-12 Mar, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Conversios.io Plugin <= 5.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin <= 5.2.3 leads to plugin settings change.

Action-Not Available
Vendor-conversiosConversios
Product-conversiosAll-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-12541
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.38%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 03:21
Updated-07 Jan, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Chative Live chat and Chatbot <= 1.1 - Cross-Site Request Forgery via add_chative_widget_action Function

The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the add_chative_widget_action() function. This makes it possible for unauthenticated attackers to change the channel ID or organization ID via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This could lead to redirecting the live chat widget to an attacker-controlled channel.

Action-Not Available
Vendor-chative
Product-Chative Live chat and Chatbot
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-12545
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 3.47%
||
7 Day CHG~0.00%
Published-04 Jan, 2025 | 07:24
Updated-05 Jun, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Scratch & Win – Giveaways and Contests <= 2.7.1 - Cross-Site Request Forgery via reset_installation Function

The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.1. This is due to missing nonce validation on the reset_installation() function. This makes it possible for unauthenticated attackers to reset the plugin’s installation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-appsmavakashmalik
Product-scratch_\&_winScratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found