Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-27318

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-24 Feb, 2025 | 14:49
Updated At-24 Feb, 2025 | 15:48
Rejected At-
Credits

WordPress Simple Google Sitemap Plugin <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ixiter Simple Google Sitemap allows Cross Site Request Forgery. This issue affects Simple Google Sitemap: from n/a through 1.6.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:24 Feb, 2025 | 14:49
Updated At:24 Feb, 2025 | 15:48
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Simple Google Sitemap Plugin <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ixiter Simple Google Sitemap allows Cross Site Request Forgery. This issue affects Simple Google Sitemap: from n/a through 1.6.

Affected Products
Vendor
ixiter
Product
Simple Google Sitemap
Collection URL
https://wordpress.org/plugins
Package Name
simple-google-sitemap
Default Status
unaffected
Versions
Affected
  • From n/a through 1.6 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62CAPEC-62 Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: CAPEC-62 Cross Site Request Forgery
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Nguyen Xuan Chien (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/simple-google-sitemap/vulnerability/wordpress-simple-google-sitemap-plugin-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/simple-google-sitemap/vulnerability/wordpress-simple-google-sitemap-plugin-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:24 Feb, 2025 | 15:15
Updated At:24 Feb, 2025 | 15:15

Cross-Site Request Forgery (CSRF) vulnerability in ixiter Simple Google Sitemap allows Cross Site Request Forgery. This issue affects Simple Google Sitemap: from n/a through 1.6.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Primaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/simple-google-sitemap/vulnerability/wordpress-simple-google-sitemap-plugin-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/simple-google-sitemap/vulnerability/wordpress-simple-google-sitemap-plugin-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2088Records found
CVE-2025-47647
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sidebar Manager Light <= 1.18 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light allows Cross Site Request Forgery. This issue affects Sidebar Manager Light: from n/a through 1.18.

Action-Not Available
Vendor-OTWthemes
Product-Sidebar Manager Light
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47609
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EasyMe Connect <= 3.0.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in easymebiz EasyMe Connect allows Cross Site Request Forgery. This issue affects EasyMe Connect: from n/a through 3.0.3.

Action-Not Available
Vendor-easymebiz
Product-EasyMe Connect
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46513
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress All in One Time Clock Lite <= 1.3.324 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite allows Cross Site Request Forgery. This issue affects All in One Time Clock Lite: from n/a through 1.3.324.

Action-Not Available
Vendor-Codebangers
Product-All in One Time Clock Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47606
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Giveaways <= 2.48.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways allows Cross Site Request Forgery. This issue affects Simple Giveaways: from n/a through 2.48.2.

Action-Not Available
Vendor-Igor Benic
Product-Simple Giveaways
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-5885
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.41%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 15:00
Updated-30 Jan, 2026 | 00:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Konica Minolta bizhub cross-site request forgery

A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-konicaminoltaKonica Minolta
Product-bizhubbizhub
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2025-47597
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Podcasts Manager <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Maulik Vora WP Podcasts Manager allows Cross Site Request Forgery. This issue affects WP Podcasts Manager: from n/a through 1.2.

Action-Not Available
Vendor-Maulik Vora
Product-WP Podcasts Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-41176
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.02%
||
7 Day CHG~0.00%
Published-25 Oct, 2021 | 16:50
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
logout CSRF in Pterodactyl Panel

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted attack against a specific Panel instance, and serves only to sign a user out. **No user details are leaked, nor is any user data affected, this is simply an annoyance at worst.** This is fixed in version 1.6.3.

Action-Not Available
Vendor-Pterodactyl
Product-panelpanel
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-41273
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 30.68%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 19:30
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email and Generating a node auto-deployment token. At no point would any data be exposed to the malicious user, this would simply trigger email spam to an administrative user, or generate a single auto-deployment token unexpectedly. This token is not revealed to the malicious user, it is simply created unexpectedly in the system. This has been addressed in release `1.6.6`. Users may optionally manually apply the fixes released in v1.6.6 to patch their own systems.

Action-Not Available
Vendor-Pterodactyl
Product-panelpanel
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-5382
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.11%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 15:33
Updated-02 Aug, 2024 | 07:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_delete_posts function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-funnelformsfunnelforms
Product-funnelformsInteractive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-13629
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.29%
||
7 Day CHG~0.00%
Published-06 Dec, 2025 | 05:49
Updated-08 Dec, 2025 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Landing Page <= 0.9.3 - Cross-Site Request Forgery to Arbitrary Post Meta Update

The WP Landing Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the 'wplp_api_update_text' function. This makes it possible for unauthenticated attackers to update arbitrary post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-xbenx
Product-WP Landing Page
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47614
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LessButtons Social Sharing and Statistics plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Chris Clark LessButtons Social Sharing and Statistics allows Cross Site Request Forgery. This issue affects LessButtons Social Sharing and Statistics: from n/a through 1.6.1.

Action-Not Available
Vendor-Chris Clark
Product-LessButtons Social Sharing and Statistics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47543
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-09 Jun, 2025 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TrueBooker <= 1.0.7 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker allows Cross Site Request Forgery. This issue affects TrueBooker: from n/a through 1.0.7.

Action-Not Available
Vendor-themetechmountthemetechmount
Product-truebookerTrueBooker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-48038
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.53%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 12:12
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wp-Monalisa plugin <= 6.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Hans Matzen wp-Monalisa allows Cross Site Request Forgery.This issue affects wp-Monalisa: from n/a through 6.4.

Action-Not Available
Vendor-Hans Matzen
Product-wp-Monalisa
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47523
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Seznam Webmaster <= 1.4.7 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Lukáš Hartmann Seznam Webmaster allows Cross Site Request Forgery. This issue affects Seznam Webmaster: from n/a through 1.4.7.

Action-Not Available
Vendor-Lukáš Hartmann
Product-Seznam Webmaster
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-4092
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.16%
||
7 Day CHG~0.00%
Published-11 Dec, 2021 | 13:35
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm

yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-yetiforceyetiforcecompany
Product-yetiforce_customer_relationship_managementyetiforcecompany/yetiforcecrm
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47594
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Soccer Live Scores <= 1.0.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Soccer Live Scores allows Cross Site Request Forgery. This issue affects Soccer Live Scores: from n/a through 1.0.5.

Action-Not Available
Vendor-DAEXT
Product-Soccer Live Scores
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-4082
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 0.28%
||
7 Day CHG~0.00%
Published-10 Dec, 2021 | 10:20
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in pimcore/pimcore

pimcore is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-Pimcore
Product-pimcorepimcore/pimcore
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47624
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.02%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-12 May, 2025 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DoFollow Case by Case <= 3.5.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollow Case by Case allows Cross Site Request Forgery. This issue affects DoFollow Case by Case: from n/a through 3.5.1.

Action-Not Available
Vendor-apasionadosapasionados
Product-dofollow_case_by_caseDoFollow Case by Case
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47451
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Quantity Dropdown For Woocommerce plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Product Quantity Dropdown For Woocommerce allows Cross Site Request Forgery. This issue affects Product Quantity Dropdown For Woocommerce: from n/a through 1.2.

Action-Not Available
Vendor-silverplugins217
Product-Product Quantity Dropdown For Woocommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47468
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hash Form <= 1.2.8 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in hashthemes Hash Form allows Cross Site Request Forgery. This issue affects Hash Form: from n/a through 1.2.8.

Action-Not Available
Vendor-hashthemes
Product-Hash Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47470
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GPT3 AI Content Writer plugin <= 1.9.14 - Cross Site Request Forgery (CSRF) to Prompt Generation vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in senols GPT3 AI Content Writer allows Cross Site Request Forgery. This issue affects GPT3 AI Content Writer: from n/a through 1.9.14.

Action-Not Available
Vendor-senols
Product-GPT3 AI Content Writer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47448
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Hotel Booking <= 2.1.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking allows Cross Site Request Forgery. This issue affects WP Hotel Booking: from n/a through 2.1.9.

Action-Not Available
Vendor-ThimPress (PhysCode)
Product-WP Hotel Booking
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47519
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy PayPal Events <= 1.2.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal Events allows Cross Site Request Forgery. This issue affects Easy PayPal Events: from n/a through 1.2.2.

Action-Not Available
Vendor-Scott Paterson
Product-Easy PayPal Events
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47459
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Fundraising Donation and Crowdfunding Platform <= 1.7.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in XpeedStudio WP Fundraising Donation and Crowdfunding Platform allows Cross Site Request Forgery. This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through 1.7.3.

Action-Not Available
Vendor-XpeedStudio
Product-WP Fundraising Donation and Crowdfunding Platform
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47590
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPSpeed <= 2.6.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in John Dagelmore WPSpeed allows Cross Site Request Forgery. This issue affects WPSpeed: from n/a through 2.6.5.

Action-Not Available
Vendor-John Dagelmore
Product-WPSpeed
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47633
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.02%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-12 May, 2025 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Awin – Advertiser Tracking for WooCommerce plugin <= 2.0.0 - CSRF to Product Feed Regeneration vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Awin Awin – Advertiser Tracking for WooCommerce allows Cross Site Request Forgery. This issue affects Awin – Advertiser Tracking for WooCommerce: from n/a through 2.0.0.

Action-Not Available
Vendor-awinAwin
Product-awin_-_advertiser_tracking_for_woocommerceAwin – Advertiser Tracking for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47542
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-09 Jun, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple calendar for Elementor <= 1.6.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.5.

Action-Not Available
Vendor-migawebMichael
Product-simple_calendar_for_elementorSimple calendar for Elementor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47447
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cool Author Box <= 3.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak Cool Author Box allows Cross Site Request Forgery. This issue affects Cool Author Box: from n/a through 3.0.0.

Action-Not Available
Vendor-Hossni Mubarak
Product-Cool Author Box
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-4162
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.14%
||
7 Day CHG~0.00%
Published-25 Dec, 2021 | 11:20
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in archivy/archivy

archivy is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-archivy_projectarchivy
Product-archivyarchivy/archivy
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47551
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wiki Embed plugin <= 1.4.6 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ctltwp Wiki Embed allows Cross Site Request Forgery. This issue affects Wiki Embed: from n/a through 1.4.6.

Action-Not Available
Vendor-ctltwp
Product-Wiki Embed
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47596
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Beacon Lead Magnets and Lead Capture <= 1.5.8 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Beacon Lead Magnets and Lead Capture allows Cross Site Request Forgery. This issue affects Beacon Lead Magnets and Lead Capture: from n/a through 1.5.8.

Action-Not Available
Vendor-Awesome Motive Inc.
Product-Beacon Lead Magnets and Lead Capture
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47446
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Listamester <= 2.3.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in listamester Listamester allows Cross Site Request Forgery. This issue affects Listamester: from n/a through 2.3.6.

Action-Not Available
Vendor-listamester
Product-Listamester
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-4580
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 10.35%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 06:00
Updated-04 Jun, 2025 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Provider <= 1.2.3 - Item Deletion via CSRF

The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-dimdavidUnknown
Product-file_providerFile Provider
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-1644
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 5.77%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 01:31
Updated-25 Feb, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Benner ModernaNet SG_Gravar cross-site request forgery

A vulnerability classified as problematic has been found in Benner ModernaNet up to 1.2.0. Affected is an unknown function of the file /DadosPessoais/SG_Gravar. The manipulation of the argument idItAg leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 1.2.1 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-Benner
Product-ModernaNet
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2025-1926
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.62%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 04:21
Updated-26 May, 2025 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayer_save_post function. This makes it possible for unauthenticated attackers to modify post contents via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-pagelayersoftaculous
Product-pagelayerPage Builder: Pagelayer – Drag and Drop website builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46257
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.88%
||
7 Day CHG~0.00%
Published-05 Jun, 2025 | 17:35
Updated-05 Jun, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Element Pack Pro Plugin < 8.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0.

Action-Not Available
Vendor-BdThemes
Product-Element Pack Pro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46436
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SCSS-Library <= 0.4.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Sebastian Echeverry SCSS-Library allows Cross Site Request Forgery. This issue affects SCSS-Library: from n/a through 0.4.1.

Action-Not Available
Vendor-Sebastian Echeverry
Product-SCSS-Library
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-3931
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.33%
||
7 Day CHG~0.00%
Published-13 Nov, 2021 | 08:50
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in snipe/snipe-it

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-snipeitappsnipe
Product-snipe-itsnipe/snipe-it
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-5602
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.53%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 07:29
Updated-05 Feb, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-ultimatelysocialsocialdude
Product-social_media_share_buttons_\&_social_sharing_iconsSocial Media Share Buttons & Social Sharing Icons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-3963
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.14%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 11:50
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-kimaikevinpapst
Product-kimai_2kevinpapst/kimai2
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-4592
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 5.97%
||
7 Day CHG+0.01%
Published-14 Jun, 2025 | 08:23
Updated-17 Jun, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AI Image Lab – Free AI Image Generator <= 1.0.6 - Cross-Site Request Forgery to API Key Update

The AI Image Lab – Free AI Image Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the 'wpz-ai-images' page. This makes it possible for unauthenticated attackers to update the plugin's API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-aspengrovestudios
Product-AI Image Lab – Free AI Image Generator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-3957
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.6||MEDIUM
EPSS-0.09% / 25.40%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 12:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-kimaikevinpapst
Product-kimai_2kevinpapst/kimai2
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-13144
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.29%
||
7 Day CHG~0.00%
Published-05 Dec, 2025 | 05:31
Updated-08 Dec, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ContentStudio <= 1.3.7 - Cross-Site Request Forgery to Settings Update

The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.7. This is due to missing or insufficient nonce validation on the add_cstu_settings function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-contentstudio
Product-ContentStudio
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58975
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.75%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 16:33
Updated-11 Sep, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Settings Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.1.1.

Action-Not Available
Vendor-Helmut Wandl
Product-Advanced Settings
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46249
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.06%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 09:53
Updated-30 Apr, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple calendar for Elementor <= 1.6.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.4.

Action-Not Available
Vendor-migawebMichael
Product-simple_calendar_for_elementorSimple calendar for Elementor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-4015
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.10%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 10:20
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-firefly-iiifirefly-iii
Product-firefly_iiifirefly-iii/firefly-iii
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-3921
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 30.68%
||
7 Day CHG~0.00%
Published-13 Nov, 2021 | 08:55
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-firefly-iiifirefly-iii
Product-firefly_iiifirefly-iii/firefly-iii
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46243
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.06%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 09:53
Updated-29 Apr, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Recover abandoned cart for WooCommerce <= 2.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows Cross Site Request Forgery. This issue affects Recover abandoned cart for WooCommerce: from n/a through 2.2.

Action-Not Available
Vendor-sonalsinha21Sonl Sinha (SKT Web Themes LLC)
Product-recover_abandoned_cart_for_woocommerceRecover abandoned cart for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46246
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.06%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 09:53
Updated-29 Apr, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CM Answers <= 3.3.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers allows Cross Site Request Forgery. This issue affects CM Answers: from n/a through 3.3.3.

Action-Not Available
Vendor-cmindsCreativeMindsSolutions
Product-cm_answersCM Answers
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46245
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.06%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 09:53
Updated-29 Apr, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CM Ad Changer <= 2.0.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer allows Cross Site Request Forgery. This issue affects CM Ad Changer: from n/a through 2.0.5.

Action-Not Available
Vendor-cmindsCreativeMindsSolutions
Product-cm_ad_changerCM Ad Changer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 30
  • 31
  • 32
  • ...
  • 41
  • 42
  • Next
Details not found