Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-28940

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-11 Mar, 2025 | 21:01
Updated At-12 Mar, 2025 | 13:48
Rejected At-
Credits

WordPress Back To Top Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top allows Cross Site Request Forgery. This issue affects Back To Top: from n/a through 2.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:11 Mar, 2025 | 21:01
Updated At:12 Mar, 2025 | 13:48
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Back To Top Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top allows Cross Site Request Forgery. This issue affects Back To Top: from n/a through 2.0.

Affected Products
Vendor
arkapravamajumder
Product
Back To Top
Collection URL
https://wordpress.org/plugins
Package Name
backtotop
Default Status
unaffected
Versions
Affected
  • From n/a through 2.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62CAPEC-62 Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: CAPEC-62 Cross Site Request Forgery
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Nguyen Xuan Chien (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/backtotop/vulnerability/wordpress-back-to-top-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/backtotop/vulnerability/wordpress-back-to-top-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:11 Mar, 2025 | 21:15
Updated At:11 Mar, 2025 | 21:15

Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top allows Cross Site Request Forgery. This issue affects Back To Top: from n/a through 2.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Primaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/backtotop/vulnerability/wordpress-back-to-top-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/backtotop/vulnerability/wordpress-back-to-top-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2088Records found
CVE-2023-46189
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.41%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 10:20
Updated-11 Sep, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Google Calendar Events Plugin <= 3.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar – Google Calendar Plugin <= 3.2.5 versions.

Action-Not Available
Vendor-xtendifySimple Calendar
Product-simple_calendarSimple Calendar – Google Calendar Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46618
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.30%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 00:46
Updated-29 Aug, 2024 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Category SEO Meta Tags Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5 versions.

Action-Not Available
Vendor-bala-krishnaBala Krishna, Sergey Yakovlev
Product-category_seo_meta_tagsCategory SEO Meta Tags
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46152
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.41%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 10:13
Updated-19 Feb, 2025 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WOLF Plugin <= 1.0.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-wolf_-_wordpress_posts_bulk_editor_and_products_manager_professionalWOLF – WordPress Posts Bulk Editor and Manager Professional
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-4731
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.65%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 09:33
Updated-15 Jan, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to modify a variety of settings, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. An attacker can directly modify the 'ladipage_key' which enables them to create new posts on the website and inject malicious web scripts,

Action-Not Available
Vendor-ladipagebinhnguyenplus
Product-ladipageLadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing…
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-10125
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.18%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 22:31
Updated-06 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Ultimate CSV Importer Plugin cross-site request forgery

A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability.

Action-Not Available
Vendor-smackcodersn/a
Product-import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csvWP Ultimate CSV Importer Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-10108
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.15%
||
7 Day CHG+0.02%
Published-31 May, 2023 | 19:00
Updated-06 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
meitar Inline Google Spreadsheet Viewer Plugin inline-gdocs-viewer.php displayShortcode cross-site request forgery

A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The patch is identified as 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VDB-230234 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-inline_google_spreadsheet_viewer_projectmeitar
Product-inline_google_spreadsheet_viewerInline Google Spreadsheet Viewer Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-10116
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.39%
||
7 Day CHG+0.02%
Published-06 Jun, 2023 | 00:31
Updated-06 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RealFaviconGenerator Favicon Plugin class-favicon-by-realfavicongenerator-admin.php install_new_favicon cross-site request forgery

A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. This affects the function install_new_favicon of the file admin/class-favicon-by-realfavicongenerator-admin.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.2.13 is able to address this issue. The identifier of the patch is 949a1ae7216216350458844f50a72f100b56d4e7. It is recommended to upgrade the affected component. The identifier VDB-230661 was assigned to this vulnerability.

Action-Not Available
Vendor-realfavicongeneratorRealFaviconGenerator
Product-favicon_by_realfavicongeneratorFavicon Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-4689
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.13%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 22:32
Updated-07 Jan, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_elements function. This makes it possible for unauthenticated attackers to enable/disable elementor addon elements via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-webtechstreetwebtechstreet
Product-elementor_addon_elementsElementor Addon Elements
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46193
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.41%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 10:43
Updated-10 Sep, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Internal Link Building Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions.

Action-Not Available
Vendor-internetmarketingninjasInternet Marketing Ninjas
Product-internal_link_buildingInternal Link Building
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46638
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.30%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 00:15
Updated-29 Aug, 2024 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WCP OpenWeather Plugin <= 2.5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Webcodin WCP OpenWeather plugin <= 2.5.0 versions.

Action-Not Available
Vendor-webcodinWebcodin
Product-wcp_openweatherWCP OpenWeather
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-10130
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.90%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 02:34
Updated-21 Mar, 2025 | 11:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the circle_thumbnail_slider_with_lightbox_image_management_func() function. This makes it possible for unauthenticated attackers to edit image data which can be used to inject malicious JavaScript, along with deleting images, and uploading malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-i13websolutionnik00726i13websolution
Product-team_circle_image_slider_with_lightboxTeam Circle Image Slider With Lightboxcontinuous_image_carosel_with_lightbox
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46151
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.41%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 10:09
Updated-11 Sep, 2024 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Category Tree Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions.

Action-Not Available
Vendor-AWESOME TOGI
Product-product_category_treeProduct Category Tree
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46089
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-22 Oct, 2023 | 21:14
Updated-11 Sep, 2024 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Userback Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback Userback plugin <= 1.0.13 versions.

Action-Not Available
Vendor-userbackLee Le @ Userback
Product-userbackUserback
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-63040
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.95%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 16:08
Updated-20 Jan, 2026 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Snippets plugin <= 4.0.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11.

Action-Not Available
Vendor-Saad Iqbal
Product-Post Snippets
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46191
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.41%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 10:32
Updated-10 Sep, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Open Graph Metabox Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar Open Graph Metabox plugin <= 1.4.4 versions.

Action-Not Available
Vendor-underdockNiels van Renselaar
Product-open_graph_metaboxOpen Graph Metabox
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46190
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.41%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 10:23
Updated-11 Sep, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Novo-Map : your WP posts on custom google maps Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin <= 1.1.2 versions.

Action-Not Available
Vendor-novo-mediaNovo-media
Product-novo-map\Novo-Map : your WP posts on custom google maps
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-4690
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.13%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 22:32
Updated-07 Jan, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_config function. This makes it possible for unauthenticated attackers to change configuration settings for the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-webtechstreetwebtechstreet
Product-elementor_addon_elementsElementor Addon Elements
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-4729
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.46%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 09:33
Updated-15 Jan, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to change the LadiPage key (a key fully controlled by the attacker), enabling them to freely create new pages, including web pages that trigger stored XSS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-ladipagebinhnguyenplus
Product-ladipageLadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing…
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45268
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.94%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 14:53
Updated-16 Sep, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hitsteps Web Analytics Plugin <= 5.86 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps Web Analytics plugin <= 5.86 versions.

Action-Not Available
Vendor-hitstepsHitsteps
Product-hitsteps_web_analyticsHitsteps Web Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45752
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.18%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 10:06
Updated-16 Sep, 2024 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Gallery Plugin <= 2.3.12 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gallery plugin <= 2.3.12 versions.

Action-Not Available
Vendor-10quality10 Quality
Product-post_galleryPost Gallery
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-62866
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 5.00%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 14:52
Updated-20 Jan, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Auto Alt Text plugin <= 2.5.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Valerio Monti Auto Alt Text auto-alt-text allows Cross Site Request Forgery.This issue affects Auto Alt Text: from n/a through <= 2.5.2.

Action-Not Available
Vendor-Valerio Monti
Product-Auto Alt Text
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45273
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.96%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:18
Updated-16 Sep, 2024 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stout Google Calendar Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Matt McKenny Stout Google Calendar plugin <= 1.2.3 versions.

Action-Not Available
Vendor-mattmckennyMatt McKenny
Product-stout_google_calendarStout Google Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45103
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 14:33
Updated-17 Sep, 2024 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions.

Action-Not Available
Vendor-yasglobalizerYAS Global Team
Product-permalinks_customizerPermalinks Customizer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45063
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 12:41
Updated-17 Sep, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin <= 1.1.5 versions.

Action-Not Available
Vendor-rayhan1ReCorp
Product-ai_content_writing_assistantAI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44476
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.18%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 14:28
Updated-18 Sep, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CopyRightPro Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. CopyRightPro plugin <= 2.1 versions.

Action-Not Available
Vendor-wp-copyrightproAndres Felipe Perea V.
Product-wp-copyrightproCopyRightPro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45058
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.49%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 12:34
Updated-17 Sep, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Short URL Plugin <= 1.6.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short URL plugin <= 1.6.8 versions.

Action-Not Available
Vendor-kaizencodersKaizenCoders
Product-short_urlShort URL
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45639
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.18%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 09:32
Updated-16 Sep, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sort SearchResult By Title Plugin <= 10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Codex-m Sort SearchResult By Title plugin <= 10.0 versions.

Action-Not Available
Vendor-phpdeveloperCodex-m
Product-sort_searchresult_by_titleSort SearchResult By Title
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1625
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.29%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:57
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF

The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites.

Action-Not Available
Vendor-wpexpertsUnknown
Product-new_user_approveNew User Approve
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45749
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.18%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 10:04
Updated-16 Sep, 2024 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AGP Font Awesome Collection Plugin <= 3.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions.

Action-Not Available
Vendor-profosboxAlexey Golubnichenko
Product-agp_font_awesome_collectionAGP Font Awesome Collection
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44471
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.18%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 14:22
Updated-18 Sep, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Backend Localization Plugin <= 2.1.10 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backend Localization plugin <= 2.1.10 versions.

Action-Not Available
Vendor-kau-boysBernhard Kau
Product-backend_localizationBackend Localization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44998
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 12:10
Updated-17 Sep, 2024 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Category Meta Plugin <= 1.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy Hoyt, steveclarkcouk, Vitaliy Kukin, Eric Le Bail, Tom Ransom Category Meta plugin plugin <= 1.2.8 versions.

Action-Not Available
Vendor-randyhoytjosecoelho, Randy Hoyt, steveclarkcouk, Vitaliy Kukin, Eric Le Bail, Tom Ransom
Product-category_metaCategory Meta plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45606
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.18%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:29
Updated-16 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple URLs Plugin <= 120 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs plugin <= 120 versions.

Action-Not Available
Vendor-getlassoLasso
Product-simple_urlsSimple URLs
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45011
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 12:12
Updated-17 Sep, 2024 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Power Stats Plugin <= 2.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Power Stats plugin <= 2.2.3 versions.

Action-Not Available
Vendor-websivuIgor Buyanov
Product-wp_power_statsWP Power Stats
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45106
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 14:57
Updated-17 Sep, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Urvanov Syntax Highlighter Plugin <= 2.8.33 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin <= 2.8.33 versions.

Action-Not Available
Vendor-urvanovFedor Urvanov, Aram Kocharyan
Product-urvanov_syntax_highlighterUrvanov Syntax Highlighter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45655
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 41.17%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:49
Updated-16 Sep, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PixFields Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions.

Action-Not Available
Vendor-pixelgradePixelGrade
Product-pixfieldsPixFields
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45107
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 12:00
Updated-16 Sep, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GoodBarber Plugin <= 1.0.22 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin <= 1.0.22 versions.

Action-Not Available
Vendor-goodbarberGoodBarber
Product-goodbarberGoodBarber
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44993
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 10:11
Updated-12 May, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ChatBot Plugin <= 4.7.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions.

Action-Not Available
Vendor-quantumcloudQuantumCloud
Product-wpbotAI ChatBot
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45274
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.96%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:21
Updated-16 Sep, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SendPulse Free Web Push Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <= 1.3.1 versions.

Action-Not Available
Vendor-sendpulseSendPulse
Product-free_web_pushSendPulse Free Web Push
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-4475
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.20%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 06:00
Updated-01 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Logs Book <= 1.0.1 - Log Clearing via CSRF

The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack

Action-Not Available
Vendor-onetarekUnknownonetarek
Product-wp_logs_bookWP Logs Bookwp-logs-book
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45270
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 15:13
Updated-16 Sep, 2024 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pinpoint Booking System Plugin <= 2.9.9.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions.

Action-Not Available
Vendor-pinpointPINPOINT.WORLD
Product-pinpoint_booking_systemPinpoint Booking System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45651
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.18%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:41
Updated-02 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Attachments Plugin <= 5.0.11 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11.

Action-Not Available
Vendor-marcomilesiMarco Milesi
Product-wp_attachmentsWP Attachments
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45654
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.18%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:46
Updated-16 Sep, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions.

Action-Not Available
Vendor-pixelgradePixelgrade
Product-comments_ratingComments Ratings
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45753
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.18%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 10:12
Updated-16 Sep, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress which template file Plugin <= 4.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Gilles Dumas which template file plugin <= 4.6.0 versions.

Action-Not Available
Vendor-gillesdumasGilles Dumas
Product-which_template_filewhich template file
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-62089
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.95%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 15:51
Updated-20 Jan, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mergado Pack plugin <= 4.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack allows Cross Site Request Forgery.This issue affects Mergado Pack: from n/a through 4.2.0.

Action-Not Available
Vendor-MERGADO
Product-Mergado Pack
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46085
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-22 Oct, 2023 | 21:11
Updated-11 Sep, 2024 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wp Ultimate Review Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions.

Action-Not Available
Vendor-wpmetWpmet
Product-wp_ultimate_reviewWp Ultimate Review
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45748
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.18%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 10:01
Updated-16 Sep, 2024 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MailChimp Forms by MailMunch Plugin <= 3.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch plugin <= 3.1.4 versions.

Action-Not Available
Vendor-mailmunchMailMunch
Product-mailchimp_formsMailChimp Forms by MailMunch
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46067
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.18%
||
7 Day CHG~0.00%
Published-21 Oct, 2023 | 20:28
Updated-11 Sep, 2024 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rocket Font Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions.

Action-Not Available
Vendor-qwerty23Qwerty23
Product-rocket_fontRocket Font
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45052
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 12:28
Updated-19 Feb, 2025 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Bing Map Pro Plugin < 5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map Pro plugin < 5.0 versions.

Action-Not Available
Vendor-dan009dan009
Product-wp_bing_map_proWP Bing Map Pro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44994
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.18%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 14:31
Updated-18 Sep, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShortCodes UI Plugin <= 1.9.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions.

Action-Not Available
Vendor-Bainternet (Ohad Raz)
Product-shortcodes_uiShortCodes UI
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45643
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.18%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 09:51
Updated-16 Sep, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin <= 1.0 versions.

Action-Not Available
Vendor-anuragdeshmukhAnurag Deshmukh
Product-cpt_shortcode_generatorCPT Shortcode Generator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 32
  • 33
  • 34
  • ...
  • 41
  • 42
  • Next
Details not found