Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-31438

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-28 Mar, 2025 | 11:54
Updated At-28 Mar, 2025 | 12:37
Rejected At-
Credits

WordPress WP Supersized <= 3.1.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Benoit De Boeck WP Supersized allows Cross Site Request Forgery. This issue affects WP Supersized: from n/a through 3.1.6.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:28 Mar, 2025 | 11:54
Updated At:28 Mar, 2025 | 12:37
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress WP Supersized <= 3.1.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Benoit De Boeck WP Supersized allows Cross Site Request Forgery. This issue affects WP Supersized: from n/a through 3.1.6.

Affected Products
Vendor
Benoit De Boeck
Product
WP Supersized
Collection URL
https://wordpress.org/plugins
Package Name
wp-supersized
Default Status
unaffected
Versions
Affected
  • From n/a through 3.1.6 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62CAPEC-62 Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: CAPEC-62 Cross Site Request Forgery
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Nguyen Xuan Chien (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/wp-supersized/vulnerability/wordpress-wp-supersized-3-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/wp-supersized/vulnerability/wordpress-wp-supersized-3-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:28 Mar, 2025 | 12:15
Updated At:28 Mar, 2025 | 18:11

Cross-Site Request Forgery (CSRF) vulnerability in Benoit De Boeck WP Supersized allows Cross Site Request Forgery. This issue affects WP Supersized: from n/a through 3.1.6.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Primaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/wp-supersized/vulnerability/wordpress-wp-supersized-3-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/wp-supersized/vulnerability/wordpress-wp-supersized-3-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2088Records found
CVE-2025-30601
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.79%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-25 Mar, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Flipdish Ordering System plugin <= 1.4.16 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in flipdish Flipdish Ordering System allows Cross Site Request Forgery. This issue affects Flipdish Ordering System: from n/a through 1.4.16.

Action-Not Available
Vendor-flipdish
Product-Flipdish Ordering System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30980
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Keyword to Link <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link allows Cross Site Request Forgery. This issue affects Simple Keyword to Link: from n/a through 1.5.

Action-Not Available
Vendor-Alessandro Piconi
Product-Simple Keyword to Link
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30862
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress reCAPTCHA for all plugin <= 2.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi reCAPTCHA for all allows Cross Site Request Forgery. This issue affects reCAPTCHA for all: from n/a through 2.22.

Action-Not Available
Vendor-Bill Minozzi
Product-reCAPTCHA for all
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30538
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:46
Updated-24 Mar, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Optimizer plugin <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ChrisHurst Simple Optimizer allows Cross Site Request Forgery. This issue affects Simple Optimizer: from n/a through 1.2.7.

Action-Not Available
Vendor-ChrisHurst
Product-Simple Optimizer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28866
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.59%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-19 Mar, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Login Logger plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in smerriman Login Logger allows Cross Site Request Forgery. This issue affects Login Logger: from n/a through 1.2.1.

Action-Not Available
Vendor-smerrimansmerriman
Product-login_loggerLogin Logger
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28886
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-12 Mar, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress REST API TO MiniProgram plugin <= 4.7.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in xjb REST API TO MiniProgram allows Cross Site Request Forgery. This issue affects REST API TO MiniProgram: from n/a through 4.7.1.

Action-Not Available
Vendor-xjb
Product-REST API TO MiniProgram
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-43930
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 40.82%
||
7 Day CHG~0.00%
Published-31 Oct, 2024 | 10:05
Updated-01 Nov, 2024 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.3 - Broken Access Control vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in eyecix JobSearch allows Cross Site Request Forgery.This issue affects JobSearch: from n/a through 2.5.3.

Action-Not Available
Vendor-eyecix
Product-JobSearch
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28862
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.59%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-19 Mar, 2025 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Comment Date and Gravatar remover plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Comment Date and Gravatar remover allows Cross Site Request Forgery. This issue affects Comment Date and Gravatar remover: from n/a through 1.0.

Action-Not Available
Vendor-venugopalVenugopal
Product-comment_date_and_gravatar_removerComment Date and Gravatar remover
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28902
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-12 Mar, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form 7 Select Box Editor Button plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button allows Cross Site Request Forgery. This issue affects Contact Form 7 Select Box Editor Button: from n/a through 0.6.

Action-Not Available
Vendor-Benjamin Pick
Product-Contact Form 7 Select Box Editor Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28913
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-12 Mar, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Add Active Class To Menu Item plugin <=1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Aftab Ali Muni WP Add Active Class To Menu Item allows Cross Site Request Forgery. This issue affects WP Add Active Class To Menu Item: from n/a through 1.0.

Action-Not Available
Vendor-Aftab Ali Muni
Product-WP Add Active Class To Menu Item
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28881
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-12 Mar, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mobile Themes plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in mg12 Mobile Themes allows Cross Site Request Forgery. This issue affects Mobile Themes: from n/a through 1.1.1.

Action-Not Available
Vendor-mg12
Product-Mobile Themes
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28867
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.59%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-18 Mar, 2025 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Frontpage category filter plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter allows Cross Site Request Forgery. This issue affects Frontpage category filter: from n/a through 1.0.2.

Action-Not Available
Vendor-stesvisstesvis
Product-frontpage_category_filterFrontpage category filter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28856
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.59%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-09 Apr, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress W3Counter Free Real-Time Web Stats plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in dangrossman W3Counter Free Real-Time Web Stats allows Cross Site Request Forgery. This issue affects W3Counter Free Real-Time Web Stats: from n/a through 4.1.

Action-Not Available
Vendor-w3counterdangrossman
Product-w3counterW3Counter Free Real-Time Web Stats
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28927
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:01
Updated-12 Mar, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Display Template Name plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in A. Chappard Display Template Name allows Cross Site Request Forgery. This issue affects Display Template Name: from n/a through 1.7.1.

Action-Not Available
Vendor-A. Chappard
Product-Display Template Name
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28912
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-12 Mar, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Dashboard Page plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Muntasir Rahman Custom Dashboard Page allows Cross Site Request Forgery. This issue affects Custom Dashboard Page: from n/a through 1.0.

Action-Not Available
Vendor-Muntasir Rahman
Product-Custom Dashboard Page
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-43265
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.23%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 20:49
Updated-12 Sep, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Analytify plugin <= 5.3.1 - CSRF Leading to Optout Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.3.1.

Action-Not Available
Vendor-analytifyAnalytify
Product-analytify_-_google_analytics_dashboardAnalytify
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28863
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.59%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-19 Mar, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Delete Original Image plugin <= 0.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Carlos Minatti Delete Original Image allows Cross Site Request Forgery. This issue affects Delete Original Image: from n/a through 0.4.

Action-Not Available
Vendor-carlosminattiCarlos Minatti
Product-delete_original_imageDelete Original Image
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28910
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-12 Mar, 2025 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Hide Admin Bar plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ravinder Khurana WP Hide Admin Bar allows Cross Site Request Forgery. This issue affects WP Hide Admin Bar: from n/a through 2.0.

Action-Not Available
Vendor-Ravinder Khurana
Product-WP Hide Admin Bar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-28940
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:01
Updated-12 Mar, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Back To Top Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top allows Cross Site Request Forgery. This issue affects Back To Top: from n/a through 2.0.

Action-Not Available
Vendor-arkapravamajumder
Product-Back To Top
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27290
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 14:48
Updated-24 Feb, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Select Erima Zarinpal Donate Plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in seyyed-amir Erima Zarinpal Donate allows Cross Site Request Forgery. This issue affects Erima Zarinpal Donate: from n/a through 1.0.

Action-Not Available
Vendor-seyyed-amir
Product-Erima Zarinpal Donate
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27336
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 14:49
Updated-03 Mar, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Just Variables Plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Alex Prokopenko / JustCoded Just Variables allows Cross Site Request Forgery. This issue affects Just Variables: from n/a through 1.2.3.

Action-Not Available
Vendor-Alex Prokopenko / JustCoded
Product-Just Variables
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-43337
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.52%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 20:34
Updated-27 Aug, 2024 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Brave plugin <= 0.7.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.7.0.

Action-Not Available
Vendor-getbraveBrave
Product-braveBrave Popup Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53272
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.58%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Cleanup plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in opicron Image Cleanup allows Cross Site Request Forgery. This issue affects Image Cleanup: from n/a through 1.9.2.

Action-Not Available
Vendor-opicron
Product-Image Cleanup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27328
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 14:49
Updated-24 Feb, 2025 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-PostRatings Cheater Plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in queeez WP-PostRatings Cheater allows Cross Site Request Forgery. This issue affects WP-PostRatings Cheater: from n/a through 1.5.

Action-Not Available
Vendor-queeez
Product-WP-PostRatings Cheater
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27316
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 14:49
Updated-24 Feb, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JPG, PNG Compression and Optimization Plugin <= 1.7.35 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in hosting.io JPG, PNG Compression and Optimization allows Cross Site Request Forgery. This issue affects JPG, PNG Compression and Optimization: from n/a through 1.7.35.

Action-Not Available
Vendor-hosting.io
Product-JPG, PNG Compression and Optimization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-43116
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.52%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 20:52
Updated-18 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Local Avatars plugin <= 2.7.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10.

Action-Not Available
Vendor-10up10up
Product-simple_local_avatarsSimple Local Avatars
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27335
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 14:49
Updated-24 Feb, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Auto Tag Links Plugin <= 1.0.13 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Free plug in by SEO Roma Auto Tag Links allows Cross Site Request Forgery. This issue affects Auto Tag Links: from n/a through 1.0.13.

Action-Not Available
Vendor-Free plug in by SEO Roma
Product-Auto Tag Links
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53273
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.58%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slickstream plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Slickstream Slickstream allows Cross Site Request Forgery. This issue affects Slickstream: from n/a through 2.0.3.

Action-Not Available
Vendor-Slickstream
Product-Slickstream
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-43338
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.13%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 16:32
Updated-19 Nov, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Crowdsignal Polls & Ratings plugin <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Cross Site Request Forgery.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.1.2.

Action-Not Available
Vendor-Automattic Inc.
Product-Crowdsignal Dashboard – Polls, Surveys & more
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27353
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 14:49
Updated-24 Feb, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Namaste! LMS Plugin <= 2.6.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Bob Namaste! LMS allows Cross Site Request Forgery. This issue affects Namaste! LMS: from n/a through 2.6.5.

Action-Not Available
Vendor-Bob
Product-Namaste! LMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27342
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 14:49
Updated-24 Feb, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Recargo de Equivalencia Plugin <= 1.6.24 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in josesan WooCommerce Recargo de Equivalencia allows Cross Site Request Forgery. This issue affects WooCommerce Recargo de Equivalencia: from n/a through 1.6.24.

Action-Not Available
Vendor-josesan
Product-WooCommerce Recargo de Equivalencia
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53344
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.97%
||
7 Day CHG~0.00%
Published-05 Jan, 2026 | 16:42
Updated-20 Jan, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Thim Core Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core allows Cross Site Request Forgery.This issue affects Thim Core: from n/a through 2.3.3.

Action-Not Available
Vendor-ThimPress (PhysCode)
Product-Thim Core
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-2832
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.17%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 03:31
Updated-11 Apr, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 cross-site request forgery

A vulnerability was found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mingyuefusumingyuefusu 明月复苏
Product-library_management_systemtushuguanlixitong 图书管理系统
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2025-27359
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Media File Type Manager plugin <= 2.3.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager allows Cross Site Request Forgery. This issue affects WP Media File Type Manager: from n/a through 2.3.0.

Action-Not Available
Vendor-Seerox
Product-WP Media File Type Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-43269
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.52%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 20:48
Updated-12 Sep, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Backup and Restore WordPress plugin <= 1.50 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WPBackItUp Backup and Restore WordPress.This issue affects Backup and Restore WordPress: from n/a through 1.50.

Action-Not Available
Vendor-wpbackitupWPBackItUp
Product-backup_and_restore_wordpressBackup and Restore WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27360
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quick Event Calendar <= 1.4.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar allows Cross Site Request Forgery. This issue affects Quick Event Calendar: from n/a through 1.4.9.

Action-Not Available
Vendor-WP Corner
Product-Quick Event Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26925
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 13:21
Updated-26 Feb, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Admin Menu Manager plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager allows Cross Site Request Forgery.This issue affects Admin Menu Manager: from n/a through 1.0.3.

Action-Not Available
Vendor-Required
Product-Admin Menu Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-5132
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.76%
||
7 Day CHG~0.00%
Published-24 May, 2025 | 21:00
Updated-16 Jun, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tmall Demo logout cross-site request forgery

A vulnerability was found in Tmall Demo up to 20250505. It has been rated as problematic. This issue affects some unknown processing of the file tmall/admin/account/logout. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-project_teamTmall
Product-tmall_demoDemo
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2022-1846
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.27%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF

The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-tiny_contact_form_projectUnknown
Product-tiny_contact_formTiny Contact Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1895
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.85%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 10:26
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
underConstruction < 1.20 - Construction Mode Deactivation via CSRF

The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack

Action-Not Available
Vendor-underconstruction_projectUnknown
Product-underconstructionunderConstruction
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26926
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 14:17
Updated-25 Feb, 2025 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Booknetic plugin <= 4.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in NotFound Booknetic. This issue affects Booknetic: from n/a through 4.0.9.

Action-Not Available
Vendor-NotFound
Product-Booknetic
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1760
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.44%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 15:52
Updated-02 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Core Control <= 1.2.1 - Arbitrary Settings Update via CSRF

The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-dd32Unknown
Product-core_controlCore Control
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1914
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.27%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clean-Contact <= 1.6 - Arbitrary Settings Update to Stored XSS via CSRF

The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well

Action-Not Available
Vendor-clean-contact_projectUnknown
Product-clean-contactClean-Contact
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49446
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Admin Notes <=1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in minhlaobao Admin Notes allows Cross Site Request Forgery. This issue affects Admin Notes: from n/a through 1.1.

Action-Not Available
Vendor-minhlaobao
Product-Admin Notes
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24698
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-09 Jun, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Real Estate plugin <= 5.1.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in G5Theme Essential Real Estate allows Cross Site Request Forgery. This issue affects Essential Real Estate: from n/a through 5.1.8.

Action-Not Available
Vendor-g5plusG5Theme
Product-essential_real_estateEssential Real Estate
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24568
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Starter Templates plugin <= 4.4.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates allows Cross Site Request Forgery. This issue affects Starter Templates: from n/a through 4.4.9.

Action-Not Available
Vendor-Brainstorm Force
Product-Starter Templates
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-40603
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.88%
||
7 Day CHG~0.00%
Published-06 Jul, 2024 | 00:00
Updated-17 Mar, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-mediawikin/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49968
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.58%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-23 Jun, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress XML Travel Portal Widget plugin <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Oganro XML Travel Portal Widget allows Cross Site Request Forgery. This issue affects XML Travel Portal Widget: from n/a through 2.0.

Action-Not Available
Vendor-Oganro
Product-XML Travel Portal Widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49238
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Everest Backup <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup allows Cross Site Request Forgery. This issue affects Everest Backup: from n/a through 2.3.3.

Action-Not Available
Vendor-everestthemes
Product-Everest Backup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-24739
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:25
Updated-24 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FluentSMTP plugin <= 2.2.80 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in FluentSMTP & WPManageNinja Team FluentSMTP allows Cross Site Request Forgery. This issue affects FluentSMTP: from n/a through 2.2.80.

Action-Not Available
Vendor-FluentSMTP & WPManageNinja Team
Product-FluentSMTP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 38
  • 39
  • 40
  • 41
  • 42
  • Next
Details not found