Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-25086

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-27 Mar, 2025 | 14:08
Updated At-27 Mar, 2025 | 15:45
Rejected At-
Credits

WordPress Secret Meta plugin <= 1.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Secret Meta allows Reflected XSS.This issue affects Secret Meta: from n/a through 1.2.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:27 Mar, 2025 | 14:08
Updated At:27 Mar, 2025 | 15:45
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Secret Meta plugin <= 1.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Secret Meta allows Reflected XSS.This issue affects Secret Meta: from n/a through 1.2.1.

Affected Products
Vendor
WPDeveloperWPDeveloper
Product
Secret Meta
Collection URL
https://wordpress.org/plugins
Package Name
facebook-secret-meta
Default Status
unaffected
Versions
Affected
  • From n/a through 1.2.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-591CAPEC-591 Reflected XSS
CAPEC ID: CAPEC-591
Description: CAPEC-591 Reflected XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
SOPROBRO (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/facebook-secret-meta/vulnerability/wordpress-secret-meta-plugin-1-2-1-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/facebook-secret-meta/vulnerability/wordpress-secret-meta-plugin-1-2-1-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:27 Mar, 2025 | 14:15
Updated At:27 Mar, 2025 | 16:45

Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Secret Meta allows Reflected XSS.This issue affects Secret Meta: from n/a through 1.2.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Primaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/facebook-secret-meta/vulnerability/wordpress-secret-meta-plugin-1-2-1-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/facebook-secret-meta/vulnerability/wordpress-secret-meta-plugin-1-2-1-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

690Records found
CVE-2025-24752
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-2.41% / 84.76%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:48
Updated-26 Jan, 2026 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Addons for Elementor plugin <= 6.0.14 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Reflected XSS. This issue affects Essential Addons for Elementor: from n/a through 6.0.14.

Action-Not Available
Vendor-WPDeveloper
Product-essential_addons_for_elementorEssential Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-32241
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.27%
||
7 Day CHG~0.00%
Published-29 Aug, 2023 | 20:11
Updated-24 Sep, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin <= 5.4.8 versions.

Action-Not Available
Vendor-WPDeveloper
Product-essential_addons_for_elementorEssential Addons for Elementor Pro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-32245
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.05%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 22:32
Updated-01 Oct, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Server Side Request Forgery (SSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a through 5.4.8.

Action-Not Available
Vendor-WPDeveloper
Product-essential_addons_for_elementorEssential Addons for Elementor Pro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25123
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 13.94%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Related Posts plugin <= 2.0.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy Related Posts allows Stored XSS. This issue affects Easy Related Posts: from n/a through 2.0.2.

Action-Not Available
Vendor-xdark
Product-Easy Related Posts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25140
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 13.94%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple User Profile plugin <= 1.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile allows Stored XSS. This issue affects Simple User Profile: from n/a through 1.9.

Action-Not Available
Vendor-Scriptonite
Product-Simple User Profile
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25166
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 13.96%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:12
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress InLocation plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation allows Stored XSS. This issue affects InLocation: from n/a through 1.8.

Action-Not Available
Vendor-gabrieldarezzogabrieldarezzo
Product-inlocationInLocation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25135
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 13.94%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Links On Admin Dashboard Toolbar plugin <= 3.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar allows Stored XSS. This issue affects Custom Links On Admin Dashboard Toolbar: from n/a through 3.3.

Action-Not Available
Vendor-Victor Barkalov
Product-Custom Links On Admin Dashboard Toolbar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24636
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 13.94%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MachForm Shortcode plugin <= 1.4.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Laymance Technologies LLC MachForm Shortcode allows Stored XSS. This issue affects MachForm Shortcode: from n/a through 1.4.1.

Action-Not Available
Vendor-Laymance Technologies LLC
Product-MachForm Shortcode
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54397
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 22.53%
||
7 Day CHG+0.01%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Go Animate plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Antonio Gocaj Go Animate allows Stored XSS.This issue affects Go Animate: from n/a through 1.0.

Action-Not Available
Vendor-Antonio Gocaj
Product-Go Animate
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54413
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 24.93%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Display Future Posts plugin <= 0.2.3 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Stefan Brandt Display Future Posts allows Stored XSS.This issue affects Display Future Posts: from n/a through 0.2.3.

Action-Not Available
Vendor-Stefan Brandt
Product-Display Future Posts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54400
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.48%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AppMaps plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in MELONIQ.NET AppMaps allows Stored XSS.This issue affects AppMaps: from n/a through 1.1.

Action-Not Available
Vendor-MELONIQ.NET
Product-AppMaps
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54429
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.40%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Aphorismus plugin <= 1.2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ivan Ovsyannikov Aphorismus allows Stored XSS.This issue affects Aphorismus: from n/a through 1.2.0.

Action-Not Available
Vendor-Ivan Ovsyannikov
Product-Aphorismus
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54428
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.39%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Add image to Post plugin <= 0.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Add image to Post allows Stored XSS.This issue affects Add image to Post: from n/a through 0.6.

Action-Not Available
Vendor-onigetoc
Product-Add image to Post
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54411
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 24.93%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Controller plugin <= 3.2.0 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in hosting.io, campaigns.io WP Controller allows Stored XSS.This issue affects WP Controller: from n/a through 3.2.0.

Action-Not Available
Vendor-hosting.io, campaigns.io
Product-WP Controller
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54337
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.35%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:25
Updated-13 Dec, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DX Dark Site plugin <= 1.0.1 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in DevriX DX Dark Site allows Stored XSS.This issue affects DX Dark Site: from n/a through 1.0.1.

Action-Not Available
Vendor-DevriX
Product-DX Dark Site
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54205
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.10%
||
7 Day CHG~0.00%
Published-06 Dec, 2024 | 13:07
Updated-06 Dec, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Paloma Widget plugin <= 1.14 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Paloma Paloma Widget allows Cross Site Request Forgery.This issue affects Paloma Widget: from n/a through 1.14.

Action-Not Available
Vendor-Paloma
Product-Paloma Widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54353
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 22.69%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hack-Info plugin <= 3.17 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WPGear Hack-Info allows Stored XSS.This issue affects Hack-Info: from n/a through 3.17.

Action-Not Available
Vendor-WPGear
Product-Hack-Info
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54404
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.48%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MDC Comment Toolbar plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC Comment Toolbar allows Stored XSS.This issue affects MDC Comment Toolbar: from n/a through 1.1.

Action-Not Available
Vendor-Nazmul Ahsan
Product-MDC Comment Toolbar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54420
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.14%
||
7 Day CHG+0.01%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Metrika plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Aleksander Novikov Metrika allows Cross Site Request Forgery.This issue affects Metrika: from n/a through 1.2.

Action-Not Available
Vendor-Aleksander Novikov
Product-Metrika
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54410
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.48%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SOPA Blackout plugin <= 1.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Toby Cox SOPA Blackout allows Stored XSS.This issue affects SOPA Blackout: from n/a through 1.4.

Action-Not Available
Vendor-Toby Cox
Product-SOPA Blackout
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54414
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.42%
||
7 Day CHG+0.01%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Geoportail Shortcode plugin <= 2.4.4 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in geoWP Geoportail Shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through 2.4.4.

Action-Not Available
Vendor-geoWP
Product-Geoportail Shortcode
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54386
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.14%
||
7 Day CHG+0.01%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Get Push Monkey LLC Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart: from n/a through 3.9.

Action-Not Available
Vendor-Get Push Monkey LLC
Product-Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54405
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.42%
||
7 Day CHG+0.01%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ECT Social Share plugin <= 1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Andy Chapman ECT Social Share allows Stored XSS.This issue affects ECT Social Share: from n/a through 1.3.

Action-Not Available
Vendor-Andy Chapman
Product-ECT Social Share
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54398
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.48%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Flaming Forms plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Project Caruso Flaming Forms allows Stored XSS.This issue affects Flaming Forms: from n/a through 1.0.1.

Action-Not Available
Vendor-Project Caruso
Product-Flaming Forms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54427
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.39%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Category of Posts plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Linda MacPhee-Cobb Category of Posts allows Stored XSS.This issue affects Category of Posts: from n/a through 1.0.

Action-Not Available
Vendor-Linda MacPhee-Cobb
Product-Category of Posts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54332
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 22.69%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Currency Exchange Rates plugin <= 1.2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WPFactory WP Currency Exchange Rates allows Stored XSS.This issue affects WP Currency Exchange Rates: from n/a through 1.2.0.

Action-Not Available
Vendor-WPFactory
Product-WP Currency Exchange Rates
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54226
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 24.94%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:32
Updated-09 Dec, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Country Blocker plugin <= 3.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Karl Kiesinger Country Blocker allows Stored XSS.This issue affects Country Blocker: from n/a through 3.2.

Action-Not Available
Vendor-Karl Kiesinger
Product-Country Blocker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54415
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.42%
||
7 Day CHG+0.01%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-HideThat plugin <= 1.2 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-HideThat allows Stored XSS.This issue affects WP-HideThat: from n/a through 1.2.

Action-Not Available
Vendor-Cyle Conoly
Product-WP-HideThat
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54401
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.48%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Fancybox plugin <= 1.1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Advanced Fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through 1.1.1.

Action-Not Available
Vendor-Turcu Ciprian
Product-Advanced Fancybox
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54432
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.39%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Flipkart Importer plugin <= 1.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Prasad Patnaik WP Flipkart Importer allows Stored XSS.This issue affects WP Flipkart Importer: from n/a through 1.4.

Action-Not Available
Vendor-Shambhu Prasad Patnaik
Product-WP Flipkart Importer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54434
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.40%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress phZoom plugin <= 1.2.92 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Phoetry phZoom allows Stored XSS.This issue affects phZoom: from n/a through 1.2.92.

Action-Not Available
Vendor-Phoetry
Product-phZoom
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53724
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.42%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress IceStats plugin <= 1.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ronny L. Bull IceStats allows Stored XSS.This issue affects IceStats: from n/a through 1.3.

Action-Not Available
Vendor-Ronny L. Bull
Product-IceStats
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53781
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.35%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SpatialMatch IDX plugin <= 3.0.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Home Junction SpatialMatch IDX allows Stored XSS.This issue affects SpatialMatch IDX: from n/a through 3.0.9.

Action-Not Available
Vendor-Home Junction
Product-SpatialMatch IDX
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53753
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.35%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CultBooking Hotel Booking Engine plugin <= 2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CultBooking CultBooking Hotel Booking Engine allows Stored XSS.This issue affects CultBooking Hotel Booking Engine: from n/a through 2.1.

Action-Not Available
Vendor-CultBooking
Product-CultBooking Hotel Booking Engine
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-25074
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 13.94%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-07 Feb, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Social Stream plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP Social Stream allows Stored XSS. This issue affects WP Social Stream: from n/a through 1.1.

Action-Not Available
Vendor-Nirmal Kumar Ram
Product-WP Social Stream
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53780
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.35%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Load More Posts plugin <= 1.4.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rajeev Chauhan Load More Posts allows Stored XSS.This issue affects Load More Posts: from n/a through 1.4.0.

Action-Not Available
Vendor-Rajeev Chauhan
Product-Load More Posts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53718
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.42%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi Feed Reader plugin <= 2.2.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi Feed Reader allows Stored XSS.This issue affects Multi Feed Reader: from n/a through 2.2.4.

Action-Not Available
Vendor-Eric Teubert
Product-Multi Feed Reader
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53789
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.35%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced What should we write next about plugin <=1.0.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ritesh Sanap Advanced What should we write next about allows Stored XSS.This issue affects Advanced What should we write next about: from n/a through 1.0.3.

Action-Not Available
Vendor-Ritesh Sanap
Product-Advanced What should we write next about
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53728
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.42%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Protect Your Content plugin <= 1.0.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SEO-Küche Internet Marketing GmbH & Co. KG Protect Your Content allows Stored XSS.This issue affects Protect Your Content: from n/a through 1.0.2.

Action-Not Available
Vendor-SEO-Küche Internet Marketing GmbH & Co. KG
Product-Protect Your Content
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53723
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.42%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Google Plus Share and +1 Button plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in A.Cihangir BALTACI Google Plus Share and +1 Button allows Stored XSS.This issue affects Google Plus Share and +1 Button: from n/a through 1.0.

Action-Not Available
Vendor-A.Cihangir BALTACI
Product-Google Plus Share and +1 Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53710
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.24%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ITERAS plugin <= 1.7.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ITERAS ITERAS allows Stored XSS.This issue affects ITERAS: from n/a through 1.7.0.

Action-Not Available
Vendor-ITERAS
Product-ITERAS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53762
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.35%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FastBook plugin <= 1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Faster Themes FastBook – Responsive Appointment Booking and Scheduling System allows Stored XSS.This issue affects FastBook – Responsive Appointment Booking and Scheduling System: from n/a through 1.1.

Action-Not Available
Vendor-Faster Themes
Product-FastBook – Responsive Appointment Booking and Scheduling System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53729
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.96%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blizzard Quotes plugin <= 1.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Plumeria Web Design Blizzard Quotes allows Stored XSS.This issue affects Blizzard Quotes: from n/a through 1.3.

Action-Not Available
Vendor-Plumeria Web Design
Product-Blizzard Quotes
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53712
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.24%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kevin's plugin <= 2.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Kevin McCabe Kevin's allows Stored XSS.This issue affects Kevin's: from n/a through 2.0.0.

Action-Not Available
Vendor-Kevin McCabe
Product-Kevin's
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53725
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.42%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Hits Counter plugin <= 2.8.23 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Script-Recipes Post Hits Counter allows Reflected XSS.This issue affects Post Hits Counter: from n/a through 2.8.23.

Action-Not Available
Vendor-Script-Recipes
Product-Post Hits Counter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53776
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.35%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Donate Me plugin <= 1.2.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Raphael Heide Donate Me allows Stored XSS.This issue affects Donate Me: from n/a through 1.2.5.

Action-Not Available
Vendor-Raphael Heide
Product-Donate Me
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-52477
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.42%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Document & Data Automation plugin <= 1.6.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in No-nonsense Labs Document & Data Automation allows Stored XSS.This issue affects Document & Data Automation: from n/a through 1.6.1.

Action-Not Available
Vendor-No-nonsense Labs
Product-Document & Data Automation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53734
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.25%
||
7 Day CHG+0.01%
Published-28 Nov, 2024 | 11:01
Updated-28 Nov, 2024 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Idealien Category Enhancements plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Idealien Studios Idealien Category Enhancements allows Stored XSS.This issue affects Idealien Category Enhancements: from n/a through 1.2.

Action-Not Available
Vendor-Idealien Studios
Product-Idealien Category Enhancements
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-5287
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.46%
||
7 Day CHG~0.00%
Published-13 Jul, 2024 | 06:00
Updated-19 May, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Affiliate Platform < 6.5.1 - Profile Update via CSRF

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack

Action-Not Available
Vendor-Unknownwp_affiliate_platform_projectTips and Tricks HQ
Product-wp_affiliate_platformwp-affiliate-platformwp_affiliate_platform
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-53713
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.24%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Silverlight Video Player plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Alain Diart for les-sushi-codeurs.fr & Eric Ambrosi for regart.net Silverlight Video Player allows Stored XSS.This issue affects Silverlight Video Player: from n/a through 1.0.

Action-Not Available
Vendor-Alain Diart for les-sushi-codeurs.fr & Eric Ambrosi for regart.net
Product-Silverlight Video Player
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 13
  • 14
  • Next
Details not found