Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-32563

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-09 Apr, 2025 | 16:09
Updated At-09 Apr, 2025 | 18:02
Rejected At-
Credits

WordPress WP Calais Auto Tagger plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in dangrossman WP Calais Auto Tagger allows Cross Site Request Forgery. This issue affects WP Calais Auto Tagger: from n/a through 2.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:09 Apr, 2025 | 16:09
Updated At:09 Apr, 2025 | 18:02
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress WP Calais Auto Tagger plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in dangrossman WP Calais Auto Tagger allows Cross Site Request Forgery. This issue affects WP Calais Auto Tagger: from n/a through 2.0.

Affected Products
Vendor
dangrossman
Product
WP Calais Auto Tagger
Collection URL
https://wordpress.org/plugins
Package Name
calais-auto-tagger
Default Status
unaffected
Versions
Affected
  • From n/a through 2.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62CAPEC-62 Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: CAPEC-62 Cross Site Request Forgery
Solutions
Configurations
Workarounds
Exploits
Credits
finder
SOPROBRO (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/calais-auto-tagger/vulnerability/wordpress-wp-calais-auto-tagger-plugin-2-0-csrf-to-stored-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/calais-auto-tagger/vulnerability/wordpress-wp-calais-auto-tagger-plugin-2-0-csrf-to-stored-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:09 Apr, 2025 | 17:15
Updated At:09 Apr, 2025 | 20:02

Cross-Site Request Forgery (CSRF) vulnerability in dangrossman WP Calais Auto Tagger allows Cross Site Request Forgery. This issue affects WP Calais Auto Tagger: from n/a through 2.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Primaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/calais-auto-tagger/vulnerability/wordpress-wp-calais-auto-tagger-plugin-2-0-csrf-to-stored-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/calais-auto-tagger/vulnerability/wordpress-wp-calais-auto-tagger-plugin-2-0-csrf-to-stored-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

630Records found
CVE-2025-48320
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.79%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:36
Updated-28 Aug, 2025 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 百度分享按钮 plugin <= 1.0.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in cuckoohello 百度分享按钮 allows Stored XSS. This issue affects 百度分享按钮: from n/a through 1.0.6.

Action-Not Available
Vendor-cuckoohello
Product-百度分享按钮
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48308
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.79%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:36
Updated-28 Aug, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Newsletter subscription optin module plugin <= 1.2.9 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in nonletter Newsletter subscription optin module allows Stored XSS. This issue affects Newsletter subscription optin module: from n/a through 1.2.9.

Action-Not Available
Vendor-nonletter
Product-Newsletter subscription optin module
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39433
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:16
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bknewsticker plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in beke_ro Bknewsticker allows Stored XSS. This issue affects Bknewsticker: from n/a through 1.0.5.

Action-Not Available
Vendor-beke_ro
Product-Bknewsticker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48325
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.79%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:36
Updated-28 Aug, 2025 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Admin Theme plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in shmish111 WP Admin Theme allows Stored XSS. This issue affects WP Admin Theme: from n/a through 1.0.

Action-Not Available
Vendor-shmish111
Product-WP Admin Theme
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48351
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.79%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-28 Aug, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kento Splash Screen plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PluginsPoint Kento Splash Screen allows Stored XSS. This issue affects Kento Splash Screen: from n/a through 1.4.

Action-Not Available
Vendor-PluginsPoint
Product-Kento Splash Screen
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47546
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.40%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-12 May, 2025 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Compress <= 6.30.30 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress allows Cross Site Request Forgery. This issue affects WP Compress: from n/a through 6.30.30.

Action-Not Available
Vendor-wpcompressAresIT
Product-wp_compressWP Compress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47639
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Supertext Translation and Proofreading plugin <= 4.25 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Supertext Supertext Translation and Proofreading allows Stored XSS. This issue affects Supertext Translation and Proofreading: from n/a through 4.25.

Action-Not Available
Vendor-Supertext
Product-Supertext Translation and Proofreading
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47655
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress theMarketer plugin <= 1.4.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 theMarketer allows Stored XSS. This issue affects theMarketer: from n/a through 1.4.7.

Action-Not Available
Vendor-themarketer2023
Product-theMarketer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48114
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShayanWeb Admin FontChanger plugin <= 1.8.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger allows Stored XSS. This issue affects ShayanWeb Admin FontChanger: from n/a through 1.8.1.

Action-Not Available
Vendor-Shayan Farhang Pazhooh
Product-ShayanWeb Admin FontChanger
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47514
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ELI's Related Posts Footer Links and Widget plugin <= 1.2.04.20 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Eli ELI's Related Posts Footer Links and Widget allows Stored XSS. This issue affects ELI's Related Posts Footer Links and Widget: from n/a through 1.2.04.20.

Action-Not Available
Vendor-Eli
Product-ELI's Related Posts Footer Links and Widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47685
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contribuinte Checkout plugin <= 2.0.02 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Moloni Contribuinte Checkout allows Stored XSS. This issue affects Contribuinte Checkout: from n/a through 2.0.02.

Action-Not Available
Vendor-Moloni
Product-Contribuinte Checkout
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48109
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.79%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:36
Updated-28 Aug, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress XM-Backup plugin <= 0.9.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Xavier Media XM-Backup allows Stored XSS. This issue affects XM-Backup: from n/a through 0.9.1.

Action-Not Available
Vendor-Xavier Media
Product-XM-Backup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46450
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress occupancyplan plugin <= 1.0.3.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan allows Stored XSS. This issue affects occupancyplan: from n/a through 1.0.3.0.

Action-Not Available
Vendor-x000x
Product-occupancyplan
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46251
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.55%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 09:53
Updated-30 Apr, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VikRestaurants Table Reservations and Take-Away plugin <= 1.3.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Cross Site Request Forgery. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.3.3.

Action-Not Available
Vendor-e4jconnecte4jvikwp
Product-vikrestaurants_table_reservations_and_take-awayVikRestaurants Table Reservations and Take-Away
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46492
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Call Now PHT Blog plugin <= 2.4.1 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog allows Stored XSS. This issue affects Call Now PHT Blog: from n/a through 2.4.1.

Action-Not Available
Vendor-Pham Thanh
Product-Call Now PHT Blog
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46497
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Navegg Analytics plugin <= 3.3.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics allows Stored XSS. This issue affects Navegg Analytics: from n/a through 3.3.3.

Action-Not Available
Vendor-Navegg
Product-Navegg Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46504
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Vasaio QR Code plugin <= 1.2.5 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Olar Marius Vasaio QR Code allows Stored XSS. This issue affects Vasaio QR Code: from n/a through 1.2.5.

Action-Not Available
Vendor-Olar Marius
Product-Vasaio QR Code
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46520
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Related Posts via Taxonomies plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in alphasis Related Posts via Taxonomies allows Stored XSS. This issue affects Related Posts via Taxonomies: from n/a through 1.0.1.

Action-Not Available
Vendor-alphasis
Product-Related Posts via Taxonomies
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46516
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Twitter Card Generator plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in silencecm Twitter Card Generator allows Stored XSS. This issue affects Twitter Card Generator: from n/a through 1.0.5.

Action-Not Available
Vendor-silencecm
Product-Twitter Card Generator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46514
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Milat jQuery Automatic Popup plugin <= 1.3.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery Automatic Popup allows Stored XSS. This issue affects Milat jQuery Automatic Popup: from n/a through 1.3.1.

Action-Not Available
Vendor-milat
Product-Milat jQuery Automatic Popup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46512
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Functions Plugin plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shamim Hasan Custom Functions Plugin allows Stored XSS. This issue affects Custom Functions Plugin: from n/a through 1.1.

Action-Not Available
Vendor-Shamim Hasan
Product-Custom Functions Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46466
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Modern Polls plugin <= 1.0.10 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in felixtz Modern Polls allows Stored XSS. This issue affects Modern Polls: from n/a through 1.0.10.

Action-Not Available
Vendor-felixtz
Product-Modern Polls
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46524
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Filter Post Category plugin <= 2.1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in stesvis WP Filter Post Category allows Stored XSS. This issue affects WP Filter Post Category: from n/a through 2.1.4.

Action-Not Available
Vendor-stesvis
Product-WP Filter Post Category
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46530
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hacklog Remote Attachment <= 1.3.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Attachment allows Stored XSS. This issue affects Hacklog Remote Attachment: from n/a through 1.3.2.

Action-Not Available
Vendor-HuangYe WuDeng
Product-Hacklog Remote Attachment
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46528
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Availability Calendar <= 0.2.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Steve Availability Calendar allows Stored XSS. This issue affects Availability Calendar: from n/a through 0.2.4.

Action-Not Available
Vendor-Steve
Product-Availability Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46435
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Time Based Greeting plugin <= 2.2.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting allows Stored XSS. This issue affects Time Based Greeting: from n/a through 2.2.2.

Action-Not Available
Vendor-Yash Binani
Product-Time Based Greeting
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46465
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Print Science Designer plugin <= 1.3.155 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in John Weissberg Print Science Designer allows Stored XSS. This issue affects Print Science Designer: from n/a through 1.3.155.

Action-Not Available
Vendor-John Weissberg
Product-Print Science Designer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46457
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wp Custom CMS Block plugin <= 2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in digontoahsan Wp Custom CMS Block allows Stored XSS. This issue affects Wp Custom CMS Block: from n/a through 2.1.

Action-Not Available
Vendor-digontoahsan
Product-Wp Custom CMS Block
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46507
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Unsafe Mimetypes plugin <= 0.1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimetypes allows Stored XSS. This issue affects Unsafe Mimetypes: from n/a through 0.1.4.

Action-Not Available
Vendor-ldrumm
Product-Unsafe Mimetypes
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46452
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Google News plugin <= 2.5.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News allows Stored XSS. This issue affects Google News: from n/a through 2.5.1.

Action-Not Available
Vendor-Olav Kolbu
Product-Google News
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46506
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WpZon – Amazon Affiliate Plugin plugin <= 1.3 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Lora77 WpZon – Amazon Affiliate Plugin allows Reflected XSS. This issue affects WpZon – Amazon Affiliate Plugin: from n/a through 1.3.

Action-Not Available
Vendor-Lora77
Product-WpZon – Amazon Affiliate Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46510
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form 7 Calendar plugin <= 3.0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in harrysudana Contact Form 7 Calendar allows Stored XSS. This issue affects Contact Form 7 Calendar: from n/a through 3.0.1.

Action-Not Available
Vendor-harrysudana
Product-Contact Form 7 Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-43840
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 17:07
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CheckBot plugin <= 1.05 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ref CheckBot allows Stored XSS.This issue affects CheckBot: from n/a through 1.05.

Action-Not Available
Vendor-Ref
Product-CheckBot
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39417
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:17
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Redirect wordpress to welcome or landing page plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Eslam Mahmoud Redirect wordpress to welcome or landing page allows Stored XSS. This issue affects Redirect wordpress to welcome or landing page: from n/a through 2.0.

Action-Not Available
Vendor-Eslam Mahmoud
Product-Redirect wordpress to welcome or landing page
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39421
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:17
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Sticky Side Buttons plugin <= 2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Mustafa KUCUK WP Sticky Side Buttons allows Stored XSS. This issue affects WP Sticky Side Buttons: from n/a through 2.1.

Action-Not Available
Vendor-Mustafa KUCUK
Product-WP Sticky Side Buttons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39455
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:15
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress IP2Location Variables plugin <= 2.9.5 - CSRF to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ip2location IP2Location Variables allows Reflected XSS. This issue affects IP2Location Variables: from n/a through 2.9.5.

Action-Not Available
Vendor-ip2location
Product-IP2Location Variables
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39424
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:17
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Maps plugin <= 0.98 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in simplemaps Simple Maps allows Stored XSS. This issue affects Simple Maps: from n/a through 0.98.

Action-Not Available
Vendor-simplemaps
Product-Simple Maps
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39431
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:16
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Amazon Showcase WordPress Plugin plugin <= 2.2 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Aaron Forgue Amazon Showcase WordPress Plugin allows Stored XSS. This issue affects Amazon Showcase WordPress Plugin: from n/a through 2.2.

Action-Not Available
Vendor-Aaron Forgue
Product-Amazon Showcase WordPress Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39430
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:17
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress mLanguage plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Alexander Rauscha mLanguage allows Stored XSS. This issue affects mLanguage: from n/a through 1.6.1.

Action-Not Available
Vendor-Alexander Rauscha
Product-mLanguage
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39530
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:45
Updated-16 Apr, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Site Search 360 plugin <= 2.1.7 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in dsky Site Search 360 allows Stored XSS. This issue affects Site Search 360: from n/a through 2.1.7.

Action-Not Available
Vendor-dsky
Product-Site Search 360
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39548
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-16 Apr, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Right Click Disable OR Ban plugin <= 1.1.17 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Right Click Disable OR Ban allows Stored XSS. This issue affects Right Click Disable OR Ban: from n/a through 1.1.17.

Action-Not Available
Vendor-A WP Life
Product-Right Click Disable OR Ban
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39418
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:17
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RSS Manager plugin <= 0.06 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ajayver RSS Manager allows Stored XSS. This issue affects RSS Manager: from n/a through 0.06.

Action-Not Available
Vendor-ajayver
Product-RSS Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39441
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:16
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dashboard Notepads plugin <= 1.2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Dashboard Notepads allows Stored XSS. This issue affects Dashboard Notepads: from n/a through 1.2.1.

Action-Not Available
Vendor-swedish boy
Product-Dashboard Notepads
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39374
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:44
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Best Posts Summary plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in aseem1234 Best Posts Summary allows Stored XSS.This issue affects Best Posts Summary: from n/a through 1.0.

Action-Not Available
Vendor-aseem1234
Product-Best Posts Summary
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39440
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:16
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Broken Links Remover plugin <= 1.2.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover allows Stored XSS. This issue affects Broken Links Remover: from n/a through 1.2.2.

Action-Not Available
Vendor-Rajesh
Product-Broken Links Remover
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39381
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress KiotViet Sync plugin <= 1.8.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This issue affects KiotViet Sync: from n/a through 1.8.4.

Action-Not Available
Vendor-Kiotviet
Product-KiotViet Sync
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39419
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:17
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Revision Diet plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in David Miller Revision Diet allows Stored XSS. This issue affects Revision Diet: from n/a through 1.0.1.

Action-Not Available
Vendor-David Miller
Product-Revision Diet
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39415
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:17
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Media Links plugin <= 1.0.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links allows Stored XSS. This issue affects Social Media Links: from n/a through 1.0.3.

Action-Not Available
Vendor-Jayesh Parejiya
Product-Social Media Links
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-39416
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:17
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress translit it! plugin <= 1.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ichi translit it! allows Stored XSS. This issue affects translit it!: from n/a through 1.6.

Action-Not Available
Vendor-Ichi
Product-translit it!
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-26577
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.56%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:53
Updated-18 Feb, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DX-auto-publish plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in daxiawp DX-auto-publish allows Stored XSS. This issue affects DX-auto-publish: from n/a through 1.2.

Action-Not Available
Vendor-daxiawp
Product-DX-auto-publish
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 12
  • 13
  • Next
Details not found