Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-39443

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-17 Apr, 2025 | 15:15
Updated At-17 Apr, 2025 | 17:11
Rejected At-
Credits

WordPress Verge3D plugin <= 4.9.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.9.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:17 Apr, 2025 | 15:15
Updated At:17 Apr, 2025 | 17:11
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Verge3D plugin <= 4.9.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.9.0.

Affected Products
Vendor
Soft8Soft LLC
Product
Verge3D
Collection URL
https://wordpress.org/plugins
Package Name
verge3d
Default Status
unaffected
Versions
Affected
  • From n/a through 4.9.0 (custom)
    • -> unaffectedfrom4.9.3
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62CAPEC-62 Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: CAPEC-62 Cross Site Request Forgery
Solutions

Update the WordPress Verge3D plugin to the latest available version (at least 4.9.3).

Configurations
Workarounds
Exploits
Credits
finder
Nabil Irawan (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/verge3d/vulnerability/wordpress-verge3d-plugin-4-9-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/verge3d/vulnerability/wordpress-verge3d-plugin-4-9-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:17 Apr, 2025 | 16:15
Updated At:17 Apr, 2025 | 20:21

Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.9.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Primaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/verge3d/vulnerability/wordpress-verge3d-plugin-4-9-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/verge3d/vulnerability/wordpress-verge3d-plugin-4-9-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1791Records found
CVE-2024-37413
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.26%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Preschool and Kindergarten theme <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Preschool and Kindergarten allows Cross Site Request Forgery.This issue affects Preschool and Kindergarten: from n/a through 1.2.1.

Action-Not Available
Vendor-Rara Theme
Product-Preschool and Kindergarten
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37251
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.86%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 15:03
Updated-16 Dec, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2.

Action-Not Available
Vendor-WPENGINE, INC.
Product-Advanced Custom Fields PRO
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37272
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.26%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Travel Monster theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP Travel Engine Travel Monster allows Cross Site Request Forgery.This issue affects Travel Monster: from n/a through 1.1.2.

Action-Not Available
Vendor-WP Travel Engine
Product-Travel Monster
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37451
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.26%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-03 Jan, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Travel Agency theme <= 1.4.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Travel Agency allows Cross Site Request Forgery.This issue affects Travel Agency: from n/a through 1.4.9.

Action-Not Available
Vendor-Rara Theme
Product-Travel Agency
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37435
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.24%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Perfect Portfolio theme <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Perfect Portfolio allows Cross Site Request Forgery.This issue affects Perfect Portfolio: from n/a through 1.2.0.

Action-Not Available
Vendor-Rara Theme
Product-Perfect Portfolio
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37242
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.26%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Newspack Newsletters plugin <= 2.13.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Automattic Newspack Newsletters allows Cross Site Request Forgery.This issue affects Newspack Newsletters: from n/a through 2.13.2.

Action-Not Available
Vendor-Automattic Inc.
Product-Newspack Newsletters
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37518
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.24%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:01
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Events Calendar plugin <= 6.5.1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through 6.5.1.4.

Action-Not Available
Vendor-The Events Calendar
Product-The Events Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-4827
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.43%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:55
Updated-17 Sep, 2024 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37198
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.23%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 13:46
Updated-02 Aug, 2024 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Digital Newspaper theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through 1.1.5.

Action-Not Available
Vendor-blazethemesblazethemes
Product-digital_newspaperDigital Newspaper
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28930
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.03%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 21:32
Updated-03 Sep, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mobile Banner Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Robin Phillips Mobile Banner plugin <= 1.5 versions.

Action-Not Available
Vendor-robinphillipsRobin Phillips
Product-mobile_bannerMobile Banner
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37473
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.26%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Trendy News theme <= 1.0.15 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in BlazeThemes Trendy News allows Cross Site Request Forgery.This issue affects Trendy News: from n/a through 1.0.15.

Action-Not Available
Vendor-BlazeThemes
Product-Trendy News
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37431
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.24%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mesmerize theme <= 1.6.120 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Horea Radu Mesmerize allows Cross Site Request Forgery.This issue affects Mesmerize: from n/a through 1.6.120.

Action-Not Available
Vendor-Horea Radu
Product-Mesmerize
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37417
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 10.45%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Coachify theme <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Coachify Coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through 1.0.7.

Action-Not Available
Vendor-Coachify
Product-Coachify
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37491
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.24%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rife Free theme <= 2.4.18 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Rife Free allows Cross Site Request Forgery.This issue affects Rife Free: from n/a through 2.4.18.

Action-Not Available
Vendor-Apollo13Themes
Product-Rife Free
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37441
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.26%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NewsMash theme <= 1.0.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in DesertThemes NewsMash allows Cross Site Request Forgery.This issue affects NewsMash: from n/a through 1.0.34.

Action-Not Available
Vendor-DesertThemes
Product-NewsMash
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37490
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.26%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bard theme <= 2.210 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Bard allows Cross Site Request Forgery.This issue affects Bard: from n/a through 2.210.

Action-Not Available
Vendor-Royal Elementor Addons
Product-Bard
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37230
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.23%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 13:38
Updated-02 Aug, 2024 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Book Landing Page theme <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through 1.2.3.

Action-Not Available
Vendor-rarathemesRara Theme
Product-book_landing_pageBook Landing Page
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-20612
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.37%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 19:05
Updated-03 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

Action-Not Available
Vendor-Oracle CorporationJenkins
Product-communications_cloud_native_core_automated_test_suitejenkinsJenkins
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-35771
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.83%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 13:08
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Customizr theme <= 4.4.21 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through 4.4.21.

Action-Not Available
Vendor-presscustomizrpresscustomizr
Product-customizrCustomizr
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28696
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.03%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 21:40
Updated-02 Aug, 2024 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress I Recommend This Plugin <= 3.9.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend This allows Cross Site Request Forgery.This issue affects I Recommend This: from n/a through 3.9.0.

Action-Not Available
Vendor-themeistHarish Chouhan, Themeist
Product-i_recommend_thisI Recommend This
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-21179
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.99%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 09:50
Updated-03 Aug, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series) allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted page, and Mail Magazine Templates and/or transmitted history information may be deleted unintendedly.

Action-Not Available
Vendor-ec-cubeEC-CUBE CO.,LTD.
Product-e-mail_newsletter_managementEC-CUBE plugin 'Mail Magazine Management Plugin'
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28498
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.03%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 21:57
Updated-30 Aug, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hotel Booking Lite Plugin <= 4.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in MotoPress Hotel Booking Lite plugin <= 4.6.0 versions.

Action-Not Available
Vendor-motopressMotoPress
Product-hotel_booking_liteHotel Booking Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1625
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:57
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF

The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites.

Action-Not Available
Vendor-wpexpertsUnknown
Product-new_user_approveNew User Approve
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3631
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 51.02%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 06:00
Updated-15 May, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack

Action-Not Available
Vendor-dachande663Unknown
Product-hl_twitterHL Twitter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1846
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF

The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-tiny_contact_form_projectUnknown
Product-tiny_contact_formTiny Contact Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1712
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-06 Jun, 2022 | 08:51
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LiveSync for WordPress <= 1.0 - Arbitrary Settings Update via CSRF

The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-livesync_projectUnknown
Product-livesyncLiveSync for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1591
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.26%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 14:00
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ping Optimizer < 2.35.1.3.0 - Arbitrary Settings Update via CSRF

The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-wordpress_ping_optimizer_projectUnknown
Product-wordpress_ping_optimizerWordPress Ping Optimizer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1845
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.42%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:57
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Post Styling < 1.3.1 - Multiple CSRF

The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks

Action-Not Available
Vendor-wp_post_styling_projectUnknown
Product-wp_post_stylingWP Post Styling
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34806
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.14%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 09:48
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Clearfy Cache plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Clearfy Cache.This issue affects Clearfy Cache: from n/a through 2.2.1.

Action-Not Available
Vendor-Creative Motion
Product-Clearfy Cache
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34828
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.93%
||
7 Day CHG~0.00%
Published-10 May, 2024 | 08:16
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Church Admin plugin <= 4.1.32 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.32.

Action-Not Available
Vendor-Andy Moyle
Product-Church Admin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34817
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.61%
||
7 Day CHG~0.00%
Published-10 May, 2024 | 08:35
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.0.

Action-Not Available
Vendor-CRM Perks
Product-Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1760
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.15%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 15:52
Updated-02 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Core Control <= 1.2.1 - Arbitrary Settings Update via CSRF

The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-dd32Unknown
Product-core_controlCore Control
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34807
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.15%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 09:44
Updated-11 Mar, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fast Custom Social Share by CodeBard plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CodeBard Fast Custom Social Share by CodeBard.This issue affects Fast Custom Social Share by CodeBard: from n/a through 1.1.2.

Action-Not Available
Vendor-codebardCodeBard
Product-fast_custom_social_shareFast Custom Social Share by CodeBard
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-35636
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 40.14%
||
7 Day CHG~0.00%
Published-01 Jun, 2024 | 09:07
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uploadcare File Uploader and Adaptive Delivery plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery (beta) uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery (beta): from n/a through 3.0.11.

Action-Not Available
Vendor-Uploadcare
Product-Uploadcare File Uploader and Adaptive Delivery (beta)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-35560
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 41.18%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 13:38
Updated-25 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCN.

Action-Not Available
Vendor-n/aidccms_project
Product-n/aidccms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34809
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.15%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 09:43
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EmpowerWP theme <= 1.0.21 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes EmpowerWP.This issue affects EmpowerWP: from n/a through 1.0.21.

Action-Not Available
Vendor-Extend Themesextendthemes
Product-EmpowerWPempowerwp
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34825
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.77%
||
7 Day CHG~0.00%
Published-10 May, 2024 | 08:20
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Warfare plugin <= 4.4.5.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Warfare Plugins Social Warfare.This issue affects Social Warfare: from n/a through 4.4.5.1.

Action-Not Available
Vendor-Warfare Plugins
Product-Social Warfare
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1885
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cimy Header Image Rotator <= 6.1.1 - Arbitrary Settings Update via CSRF

The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-cimy_header_image_rotator_projectUnknown
Product-cimy_header_image_rotatorCimy Header Image Rotator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1844
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.42%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:57
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Sentry <= 1.0 - Arbitrary Settings Update to Stored XSS via CSRF

The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well

Action-Not Available
Vendor-wp-sentry_projectUnknown
Product-wp-sentryWP Sentry
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34755
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.15%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 09:52
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through 1.3.9.

Action-Not Available
Vendor-CRM Perks
Product-Integration for Contact Form 7 and Salesforce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34557
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.72%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 11:40
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.4.

Action-Not Available
Vendor-UkrSolution
Product-Barcode Scanner with Inventory & Order Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1960
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MyCSS <= 1.1 - Arbitrary Settings Update via CSRF

The MyCSS WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-mycss_projectUnknown
Product-mycssMyCSS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1695
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-06 Jun, 2022 | 08:51
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF

The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.

Action-Not Available
Vendor-UnknownTips and Tricks HQ
Product-wp_simple_adsense_insertionWP Simple Adsense Insertion
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1913
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF

The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping

Action-Not Available
Vendor-add_post_url_projectUnknown
Product-add_post_urlAdd Post URL
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34756
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.14%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 09:49
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Integration for HubSpot and Contact Form 7 plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 HubSpot.This issue affects Integration for Contact Form 7 HubSpot: from n/a through 1.3.1.

Action-Not Available
Vendor-CRM Perkscrmperks
Product-Integration for Contact Form 7 HubSpotintegration_for_constant_contact_and_contact_form_7\,_wpforms\,_elementor\,_ninja
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1847
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rotating Posts <= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF

The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-rotating_posts_projectUnknown
Product-rotating_postsRotating Posts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-33689
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.61%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 12:54
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Radio Station plugin <= 2.5.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli, Tony Hayes Radio Station.This issue affects Radio Station: from n/a through 2.5.7.

Action-Not Available
Vendor-Tony Zeoli, Tony Hayes
Product-Radio Station
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1709
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-06 Jun, 2022 | 08:51
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Throws SPAM Away < 3.3.1 - Comment Deletion via CSRF

The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attack

Action-Not Available
Vendor-gtiUnknown
Product-throws_spam_awayThrows SPAM Away
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1793
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 12:43
Updated-03 Aug, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Private Files <= 0.40 - Protection Disabling via CSRF

The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public

Action-Not Available
Vendor-private_files_projectUnknown
Product-private_filesPrivate Files
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-33677
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.67%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 10:43
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form 7 Extension For Mailchimp plugin <= 0.5.70 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70.

Action-Not Available
Vendor-Renzo Johnson
Product-Contact Form 7 Extension For Mailchimp
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 35
  • 36
  • Next
Details not found