Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-32247

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-04 Apr, 2025 | 15:59
Updated At-28 Apr, 2026 | 16:12
Rejected At-
Credits

WordPress AI Content Creator plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ABCdatos AI Content Creator ai-content-creator allows Cross Site Request Forgery.This issue affects AI Content Creator: from n/a through <= 1.2.6.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:04 Apr, 2025 | 15:59
Updated At:28 Apr, 2026 | 16:12
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress AI Content Creator plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ABCdatos AI Content Creator ai-content-creator allows Cross Site Request Forgery.This issue affects AI Content Creator: from n/a through <= 1.2.6.

Affected Products
Vendor
ABCdatos
Product
AI Content Creator
Collection URL
https://wordpress.org/plugins
Package Name
ai-content-creator
Default Status
unaffected
Versions
Affected
  • From 0 through 1.2.6 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: Cross Site Request Forgery
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Nguyen Xuan Chien | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/ai-content-creator/vulnerability/wordpress-ai-content-creator-plugin-1-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/ai-content-creator/vulnerability/wordpress-ai-content-creator-plugin-1-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:04 Apr, 2025 | 16:15
Updated At:23 Apr, 2026 | 15:28

Cross-Site Request Forgery (CSRF) vulnerability in ABCdatos AI Content Creator ai-content-creator allows Cross Site Request Forgery.This issue affects AI Content Creator: from n/a through <= 1.2.6.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Secondaryaudit@patchstack.com
CWE ID: CWE-352
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/ai-content-creator/vulnerability/wordpress-ai-content-creator-plugin-1-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/ai-content-creator/vulnerability/wordpress-ai-content-creator-plugin-1-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

585Records found
CVE-2023-6326
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 19.64%
||
7 Day CHG~0.00%
Published-02 Mar, 2024 | 11:15
Updated-08 Apr, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Master Slider - Responsive Touch Slider <= 3.9.10 - Cross-Site Request Forgery via process_bulk_action

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.10. This is due to missing or incorrect nonce validation on the 'process_bulk_action' function. This makes it possible for unauthenticated attackers to duplicate or delete arbitrary sliders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-50900 and CVE-2024-6490 may be a duplicate of this issue.

Action-Not Available
Vendor-Depicter (Averta)
Product-master_sliderMaster Slider – Responsive Touch Slider
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-6137
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 30.95%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 12:50
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Frontier Post Plugin <= 6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in finnj Frontier Post allows Cross Site Request Forgery.This issue affects Frontier Post: from n/a through 6.1.

Action-Not Available
Vendor-wpfrontierfinnj
Product-frontier_postFrontier Post
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-5756
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.75%
||
7 Day CHG~0.00%
Published-09 Dec, 2023 | 06:51
Updated-08 Apr, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Digital Publications by Supsystic <= 1.7.6 - Cross-Site Request Forgery via AJAX action

The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-supsysticsupsysticcom
Product-digital_publications_by_supsysticWordPress Flipbook by Supsystic
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-35689
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 25.89%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:39
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Analytify plugin <= 5.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.2.3.

Action-Not Available
Vendor-Analytify
Product-Analytify
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-5945
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.27%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 12:31
Updated-05 Feb, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func() function. This makes it possible for unauthenticated attackers to delete videos hosted from the video slider via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-i13websolutionnik00726
Product-video_carousel_slider_with_lightboxvideo carousel slider with lightbox
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2281
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 30.77%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 13:10
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources.

Action-Not Available
Vendor-Jenkins
Product-lockable_resourcesJenkins Lockable Resources Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-33638
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 30.44%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 07:12
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Smart Maintenance Mode plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Brijesh Kothari Smart Maintenance Mode.This issue affects Smart Maintenance Mode: from n/a through 1.4.4.

Action-Not Available
Vendor-Brijesh Kothari
Product-Smart Maintenance Mode
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-33680
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 29.96%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 10:37
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MainWP Child Reports plugin <= 2.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1.

Action-Not Available
Vendor-mainwpMainWP
Product-mainwp_child_reportsMainWP Child Reports
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-0811
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 2.76%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 17:25
Updated-24 Apr, 2026 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advanced CF7 DB <= 2.0.9 - Cross-Site Request Forgery to Form Entry Deletion

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the 'vsz_cf7_save_setting_callback' function. This makes it possible for unauthenticated attackers to delete form entry via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-vsourz1td
Product-Advanced Contact form 7 DB
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32249
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.21%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-12 May, 2026 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DirectoryPress Plugin <= 3.6.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Designinvento DirectoryPress directorypress allows Cross Site Request Forgery.This issue affects DirectoryPress: from n/a through <= 3.6.22.

Action-Not Available
Vendor-Designinvento
Product-DirectoryPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52212
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 32.90%
||
7 Day CHG+0.03%
Published-05 Jan, 2026 | 13:32
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Job Manager plugin <= 2.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager allows Cross Site Request Forgery.This issue affects WP Job Manager: from n/a through 2.0.0.

Action-Not Available
Vendor-Automattic Inc.
Product-WP Job Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51531
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 30.95%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 04:59
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Thrive Automator Plugin <= 1.17 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Automator.This issue affects Thrive Automator: from n/a through 1.17.

Action-Not Available
Vendor-Thrive Themes LLC (Thrive Themes)
Product-Thrive Automator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52121
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 09:22
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NitroPack Plugin <= 1.10.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a through 1.10.2.

Action-Not Available
Vendor-nitropackNitroPack Inc.
Product-nitropackNitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52120
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 13.16%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 09:25
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2.

Action-Not Available
Vendor-basixonlineBasix
Product-nex-formsNEX-Forms – Ultimate Form Builder – Contact forms and much more
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52223
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.23%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 16:37
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MailerLite – WooCommerce integration Plugin <= 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8.

Action-Not Available
Vendor-mailerliteMailerLite
Product-mailerliteMailerLite – WooCommerce integration
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51378
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.11%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 12:08
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rise Blocks Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Blocks – A Complete Gutenberg Page Builder.This issue affects Rise Blocks – A Complete Gutenberg Page Builder: from n/a through 3.1.

Action-Not Available
Vendor-eaglevisionitRise Themes
Product-rise_blocksRise Blocks – A Complete Gutenberg Page Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51489
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 01:01
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Crowdsignal Polls & Ratings plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11.

Action-Not Available
Vendor-Automattic Inc.
Product-crowdsignal_dashboardCrowdsignal Dashboard – Polls, Surveys & more
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51539
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 13.16%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 09:44
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Apollo13 Framework Extensions Plugin <= 1.9.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.1.

Action-Not Available
Vendor-apollo13themesApollo13Themes
Product-apollo13_framework_extensionsApollo13 Framework Extensions
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51487
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 01:03
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.2.32 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream Quiz.This issue affects ARI Stream Quiz: from n/a through 1.2.32.

Action-Not Available
Vendor-ARI Soft
Product-ari_stream_quizARI Stream Quiz
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51491
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.05%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 00:59
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Depicter Slider plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Slider.This issue affects Depicter Slider: from n/a through 2.0.6.

Action-Not Available
Vendor-Depicter (Averta)
Product-depicterDepicter Slider
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51486
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 01:05
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <= 1.2.101 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce PDF Invoice Builder.This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.101.

Action-Not Available
Vendor-rednaoRedNao
Product-woocommerce_pdf_invoice_builderWooCommerce PDF Invoice Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51683
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.10%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 16:45
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy PayPal Buy Now Button Plugin <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through 1.8.1.

Action-Not Available
Vendor-wppluginScott Paterson
Product-easy_paypal_\&_stripe_buy_now_buttonEasy PayPal & Stripe Buy Now Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51521
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.87%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 00:44
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quiz And Survey Master plugin <= 8.1.18 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.18.

Action-Not Available
Vendor-ExpressTech
Product-Quiz And Survey Master
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51358
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.23%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 12:11
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Block IPs for Gravity Forms Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms.This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1.

Action-Not Available
Vendor-brightpluginsBright Plugins
Product-block_ips_for_gravity_formsBlock IPs for Gravity Forms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51533
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 21.13%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 18:38
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ecwid Shopping Cart Plugin <= 6.12.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4.

Action-Not Available
Vendor-lightspeedhqEcwid Ecommerce
Product-ecwid_ecommerce_shopping_cartEcwid Ecommerce Shopping Cart
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52149
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 08:10
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Floating Button Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0.

Action-Not Available
Vendor-wow-companyWow-Company
Product-floating_buttonFloating Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51673
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.79%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 09:54
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stylish Price List Plugin <= 7.0.17 is vulnerable to Broken Access Control

Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List – Price Table Builder & QR Code Restaurant Menu: from n/a through 7.0.17.

Action-Not Available
Vendor-stylishpricelistDesignful
Product-stylish_price_listStylish Price List – Price Table Builder & QR Code Restaurant Menu
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49853
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 14:33
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PayTR Taksit Tablosu Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. PayTR Taksit Tablosu – WooCommerce.This issue affects PayTR Taksit Tablosu – WooCommerce: from n/a through 1.3.1.

Action-Not Available
Vendor-paytrPayTR Ödeme ve Elektronik Para Kuruluşu A.Ş.
Product-paytr_taksit_tablosu_-_woocommercePayTR Taksit Tablosu – WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-50835
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.30%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 21:45
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Category Template Plugin <= 0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Praveen Goswami Advanced Category Template.This issue affects Advanced Category Template: from n/a through 0.1.

Action-Not Available
Vendor-praveengoswamiPraveen Goswami
Product-advanced_category_templateAdvanced Category Template
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49744
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.11%
||
7 Day CHG~0.00%
Published-15 Dec, 2023 | 15:42
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gift Up Gift Cards for WordPress and WooCommerce Plugin <= 2.21.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3.

Action-Not Available
Vendor-giftupGift Up
Product-gift_up_gift_cards_for_wordpress_and_woocommerceGift Up Gift Cards for WordPress and WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-8102
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 7.31%
||
7 Day CHG+0.01%
Published-20 Aug, 2025 | 11:26
Updated-08 Apr, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Easy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the edd_sendwp_disconnect() and edd_sendwp_remote_install() functions. This makes it possible for unauthenticated attackers to deactivate or download and activate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-Awesome Motive Inc.
Product-Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49843
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 14:43
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress First Order Discount Woocommerce Plugin <= 1.21 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in QuanticEdge First Order Discount Woocommerce.This issue affects First Order Discount Woocommerce: from n/a through 1.21.

Action-Not Available
Vendor-quanticedgeQuanticEdge
Product-first_order_discount_woocommerceFirst Order Discount Woocommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-68573
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 8.26%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 13:10
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Keyword to Link plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link simple-keyword-to-link allows Cross Site Request Forgery.This issue affects Simple Keyword to Link: from n/a through <= 1.5.

Action-Not Available
Vendor-Alessandro Piconi
Product-Simple Keyword to Link
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-68998
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 8.26%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 10:47
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Heateor Support Heateor Social Login heateor-social-login allows Cross Site Request Forgery.This issue affects Heateor Social Login: from n/a through <= 1.1.39.

Action-Not Available
Vendor-Heateor
Product-Heateor Social Login
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-68601
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 8.26%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 13:10
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Five Star Restaurant Reservations plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Cross Site Request Forgery.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.8.

Action-Not Available
Vendor-Rustaurius
Product-Five Star Restaurant Reservations
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-69021
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 8.26%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 10:47
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popup box plugin <= 6.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 6.0.7.

Action-Not Available
Vendor-AYS Pro Extensions
Product-Popup box
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49821
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.30%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 22:31
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress.This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15.

Action-Not Available
Vendor-livechatLiveChat
Product-livechatLiveChat – WP live chat plugin for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49834
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-17 Dec, 2023 | 10:38
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-fox_-_currency_switcher_professional_for_woocommerceFOX – Currency Switcher Professional for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49759
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.30%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 22:19
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooDiscuz – WooCommerce Comments Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDiscuz – WooCommerce Comments.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.3.0.

Action-Not Available
Vendor-gvectorsgVectors Team
Product-woodiscuz_-_woocommerce_commentsWooDiscuz – WooCommerce Comments
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-67467
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 3.47%
||
7 Day CHG-0.01%
Published-09 Dec, 2025 | 15:03
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GiveWP plugin <= 4.13.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give allows Cross Site Request Forgery.This issue affects GiveWP: from n/a through <= 4.13.1.

Action-Not Available
Vendor-The Events Calendar (StellarWP)
Product-GiveWP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49760
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.30%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 22:21
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPsoonOnlinePage Plugin <= 1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas WPsoonOnlinePage.This issue affects WPsoonOnlinePage: from n/a through 1.9.

Action-Not Available
Vendor-giannopouloskostasGiannopoulos Kostas
Product-wpsoononlinepageWPsoonOnlinePage
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49854
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.61%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 10:48
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Caddy Plugin <= 1.9.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive Caddy – Smart Side Cart for WooCommerce.This issue affects Caddy – Smart Side Cart for WooCommerce: from n/a through 1.9.7.

Action-Not Available
Vendor-madebytribeTribe Interactive
Product-caddyCaddy – Smart Side Cart for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-50858
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 17.16%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 10:31
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Anti Hacker Plugin <= 4.34 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34.

Action-Not Available
Vendor-billminozziBill Minozzi
Product-anti_hackerDisable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-64499
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.01% / 2.83%
||
7 Day CHG-0.01%
Published-08 Dec, 2025 | 22:44
Updated-10 Dec, 2025 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tuleap is missing CSRF protections for its planning management API

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API. Attackers have access to create, edit or remove plans. This issue is fixed in Tuleap Community Edition version 17.0.99.1762456922 and Tuleap Enterprise Edtion versions 17.0-2, 16.13-7 and 16.12-10.

Action-Not Available
Vendor-Enalean SAS
Product-tuleaptuleap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-50878
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.10%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 12:32
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MStore API Plugin <= 4.10.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1.

Action-Not Available
Vendor-inspireuiInspireUI
Product-mstore_apiMStore API
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-64368
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 3.75%
||
7 Day CHG~0.00%
Published-31 Oct, 2025 | 11:42
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bard theme <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes Bard bardwp allows Cross Site Request Forgery.This issue affects Bard: from n/a through <= 1.6.

Action-Not Available
Vendor-qodeinteractiveMikado-Themes
Product-bardBard
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49761
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.30%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 22:24
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Enquiry for WooCommerce Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Gravity Master Product Enquiry for WooCommerce.This issue affects Product Enquiry for WooCommerce: from n/a through 3.0.

Action-Not Available
Vendor-gravitymasterGravity Master
Product-product_enquiry_for_woocommerceProduct Enquiry for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49824
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 17.16%
||
7 Day CHG~0.00%
Published-17 Dec, 2023 | 10:35
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Catalog Feed by PixelYourSite Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite.This issue affects Product Catalog Feed by PixelYourSite: from n/a through 2.1.1.

Action-Not Available
Vendor-pixelyoursitePixelYourSite
Product-product_catalog_feedProduct Catalog Feed by PixelYourSite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-62117
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 8.26%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 13:56
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EasyIndex plugin <= 1.1.1704 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Jayce53 EasyIndex easyindex allows Cross Site Request Forgery.This issue affects EasyIndex: from n/a through <= 1.1.1704.

Action-Not Available
Vendor-Jayce53
Product-EasyIndex
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-9588
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 31.67%
||
7 Day CHG~0.00%
Published-22 Oct, 2024 | 07:36
Updated-08 Apr, 2026 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Category and Taxonomy Meta Fields <= 1.0.0 - Cross-Site Request Forgery to Taxonomy Meta Add/Delete

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'wpaft_option_page' function. This makes it possible for unauthenticated attackers to add and delete taxonomy meta, granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-aftabhusainamu02aftab
Product-category_and_taxonomy_meta_fieldsCategory and Taxonomy Meta Fields
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 11
  • 12
  • Next
Details not found