Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-47655

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-07 May, 2025 | 14:20
Updated At-28 Apr, 2026 | 16:12
Rejected At-
Credits

WordPress theMarketer plugin <= 1.4.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 theMarketer themarketer allows Stored XSS.This issue affects theMarketer: from n/a through <= 1.4.7.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:07 May, 2025 | 14:20
Updated At:28 Apr, 2026 | 16:12
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress theMarketer plugin <= 1.4.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 theMarketer themarketer allows Stored XSS.This issue affects theMarketer: from n/a through <= 1.4.7.

Affected Products
Vendor
themarketer2023
Product
theMarketer
Collection URL
https://wordpress.org/plugins
Package Name
themarketer
Default Status
unaffected
Versions
Affected
  • From 0 through 1.4.7 (custom)
    • -> unaffectedfrom1.4.8
Problem Types
TypeCWE IDDescription
CWECWE-352Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-592Stored XSS
CAPEC ID: CAPEC-592
Description: Stored XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Nguyen Xuan Chien | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/themarketer/vulnerability/wordpress-themarketer-plugin-1-4-7-csrf-to-stored-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/themarketer/vulnerability/wordpress-themarketer-plugin-1-4-7-csrf-to-stored-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:07 May, 2025 | 15:16
Updated At:23 Apr, 2026 | 15:30

Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 theMarketer themarketer allows Stored XSS.This issue affects theMarketer: from n/a through <= 1.4.7.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Secondaryaudit@patchstack.com
CWE ID: CWE-352
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/themarketer/vulnerability/wordpress-themarketer-plugin-1-4-7-csrf-to-stored-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/themarketer/vulnerability/wordpress-themarketer-plugin-1-4-7-csrf-to-stored-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

708Records found
CVE-2024-32785
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.13% / 31.37%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 10:22
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Pack Elementor addons plugin <= 2.0.8.3 - Cross Site Request Forgery (CSRF) to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Webangon The Pack Elementor addons allows Cross-Site Scripting (XSS).This issue affects The Pack Elementor addons: from n/a through 2.0.8.3.

Action-Not Available
Vendor-webangonWebangon
Product-the_pack_elementor_addonsThe Pack Elementor addons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-32550
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.02%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 08:09
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BMI Adult & Kid Calculator plugin <= 1.2.1 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in BMI Adult & Kid Calculator allows Stored XSS.This issue affects BMI Adult & Kid Calculator: from n/a through 1.2.1.

Action-Not Available
Vendor-BMI Adult & Kid Calculator
Product-BMI Adult & Kid Calculator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31299
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 46.25%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 16:27
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ReDi Restaurant Reservation plugin <= 24.0128 - Cross Site Request Forgery (CSRF) to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation allows Cross-Site Scripting (XSS).This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.

Action-Not Available
Vendor-Reservation Diary
Product-ReDi Restaurant Reservation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31105
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 32.95%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 17:33
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tax Rate Upload plugin <= 2.4.5 - CSRF leading to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Adam Bowen Tax Rate Upload allows Reflected XSS.This issue affects Tax Rate Upload: from n/a through 2.4.5.

Action-Not Available
Vendor-Adam Bowen
Product-Tax Rate Upload
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-29773
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.00%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 13:21
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BizPrint plugin <= 4.5.5 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through 4.5.5.

Action-Not Available
Vendor-BizSwoop (CPF Concepts, LLC)
Product-BizPrint
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47182
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 20.14%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 09:52
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Login Screen Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS)

Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin <= 3.5.2 versions.

Action-Not Available
Vendor-nazmulhossainnihalNazmul Hossain Nihalnazmulhossainnihal
Product-login_screen_managerLogin Screen Managerlogin_screen_manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-27194
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.98%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 01:22
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fontific plugin <= 0.1.6 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Fontific | Google Fonts allows Stored XSS.This issue affects Fontific | Google Fonts: from n/a through 0.1.6.

Action-Not Available
Vendor-Andrei Ivasiuc
Product-Fontific | Google Fonts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47790
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 33.59%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 23:27
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pz-LinkCard Plugin <= 2.4.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in Poporon Pz-LinkCard plugin <= 2.4.8 versions.

Action-Not Available
Vendor-popozurePoporon
Product-pz-linkcardPz-LinkCard
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-46634
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.72%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 04:02
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom My Account for Woocommerce Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in phoeniixx Custom My Account for Woocommerce allows Cross-Site Scripting (XSS).This issue affects Custom My Account for Woocommerce: from n/a through 2.1.

Action-Not Available
Vendor-phoeniixxphoeniixx
Product-custom_my_account_for_woocommerceCustom My Account for Woocommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-62934
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 3.41%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 01:34
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Business Hours plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through <= 1.4.

Action-Not Available
Vendor-Mejar
Product-WP Business Hours
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-62933
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 3.41%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 01:34
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Awesome Testimonials plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Prakash Awesome Testimonials awesome-testimonials allows Stored XSS.This issue affects Awesome Testimonials: from n/a through <= 2.2.1.

Action-Not Available
Vendor-Prakash
Product-Awesome Testimonials
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-62945
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 3.41%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 01:34
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Did Prestashop Display plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Eduard Pinuaga Linares Did Prestashop Display did-prestashop-display allows Stored XSS.This issue affects Did Prestashop Display: from n/a through <= 1.0.30.

Action-Not Available
Vendor-Eduard Pinuaga Linares
Product-Did Prestashop Display
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-62986
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 3.41%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 01:34
Updated-28 Apr, 2026 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FanBridge signup plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in FanBridge FanBridge signup fanbridge-signup allows Stored XSS.This issue affects FanBridge signup: from n/a through <= 0.6.

Action-Not Available
Vendor-FanBridge
Product-FanBridge signup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-63030
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.62%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 14:52
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress New User Approve plugin <= 3.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.3.

Action-Not Available
Vendor-Saad Iqbal
Product-New User Approve
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-62886
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 3.41%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 01:33
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pricing Table builder plugin <= 1.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Pricing Table builder wpdevart-pricing-table allows Stored XSS.This issue affects Pricing Table builder: from n/a through <= 1.5.3.

Action-Not Available
Vendor-WpDevArt
Product-Pricing Table builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-62962
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 3.41%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 01:34
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CloudSearch plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio CloudSearch cloud-search allows Stored XSS.This issue affects CloudSearch: from n/a through <= 3.0.0.

Action-Not Available
Vendor-Andrea Landonio
Product-CloudSearch
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-62956
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 01:34
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Reloadly plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in iseremet Reloadly reloadly-topup-widget allows Stored XSS.This issue affects Reloadly: from n/a through <= 2.0.1.

Action-Not Available
Vendor-iseremet
Product-Reloadly
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-62005
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.99%
||
7 Day CHG~0.00%
Published-22 Oct, 2025 | 14:32
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SUMO Memberships for WooCommerce plugin < 7.8.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Cross Site Request Forgery.This issue affects SUMO Memberships for WooCommerce: from n/a through < 7.8.0.

Action-Not Available
Vendor-FantasticPlugins
Product-SUMO Memberships for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46201
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.17%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 04:09
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration allows Stored XSS.This issue affects Auto Login New User After Registration: from n/a through 1.9.6.

Action-Not Available
Vendor-auto_login_new_user_after_registration_projectJeff Sherk
Product-auto_login_new_user_after_registrationAuto Login New User After Registration
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-60171
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-26 Sep, 2025 | 08:32
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Conditional Cart Messages for WooCommerce – YourPlugins.com Plugin <= 1.2.10 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com yourplugins-wc-conditional-cart-notices allows Stored XSS.This issue affects Conditional Cart Messages for WooCommerce – YourPlugins.com: from n/a through <= 1.2.10.

Action-Not Available
Vendor-yourplugins
Product-Conditional Cart Messages for WooCommerce – YourPlugins.com
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-60075
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 3.41%
||
7 Day CHG~0.00%
Published-29 Oct, 2025 | 08:38
Updated-28 Apr, 2026 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress hpb seo plugin for WordPress plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Allegro Marketing hpb seo plugin for WordPress hpbseo allows Reflected XSS.This issue affects hpb seo plugin for WordPress: from n/a through <= 3.0.1.

Action-Not Available
Vendor-Allegro Marketing
Product-hpb seo plugin for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-60170
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-26 Sep, 2025 | 08:32
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HTACCESS IP Blocker Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Taraprasad Swain HTACCESS IP Blocker htaccess-ip-blocker allows Stored XSS.This issue affects HTACCESS IP Blocker: from n/a through <= 1.0.

Action-Not Available
Vendor-Taraprasad Swain
Product-HTACCESS IP Blocker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-60169
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-26 Sep, 2025 | 08:32
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress W3SCloud Contact Form 7 to Zoho CRM plugin <= 3.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technology W3SCloud Contact Form 7 to Zoho CRM w3s-cf7-zoho allows Stored XSS.This issue affects W3SCloud Contact Form 7 to Zoho CRM: from n/a through <= 3.2.

Action-Not Available
Vendor-W3S Cloud Technology
Product-W3SCloud Contact Form 7 to Zoho CRM
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58670
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:22
Updated-12 May, 2026 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Content Protection Plugin <= 1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shankaranand Maurya WP Content Protection wp-content-protection allows Stored XSS.This issue affects WP Content Protection: from n/a through <= 1.3.

Action-Not Available
Vendor-Shankaranand Maurya
Product-WP Content Protection
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58844
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.32%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 13:45
Updated-12 May, 2026 | 00:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Database to Excel Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Subhash Kumar Database to Excel database-to-excel allows Stored XSS.This issue affects Database to Excel: from n/a through <= 1.0.

Action-Not Available
Vendor-Subhash Kumar
Product-Database to Excel
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58860
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.32%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 13:45
Updated-12 May, 2026 | 00:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Enable Latex Plugin <= 1.2.16 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Enable Latex enable-latex allows Stored XSS.This issue affects Enable Latex: from n/a through <= 1.2.16.

Action-Not Available
Vendor-KaizenCoders
Product-Enable Latex
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-52789
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:03
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Lewe ChordPress plugin <= 4.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in George Lewe Lewe ChordPress chordpress allows Stored XSS.This issue affects Lewe ChordPress: from n/a through <= 4.0.1.

Action-Not Available
Vendor-George Lewe
Product-Lewe ChordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58806
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.32%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 13:45
Updated-12 May, 2026 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress Error Monitoring by Bugsnag Plugin <= 1.6.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tom Longridge WordPress Error Monitoring by Bugsnag bugsnag allows Stored XSS.This issue affects WordPress Error Monitoring by Bugsnag: from n/a through <= 1.6.3.

Action-Not Available
Vendor-Tom Longridge
Product-WordPress Error Monitoring by Bugsnag
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58847
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.32%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 13:45
Updated-13 May, 2026 | 00:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WN Flipbox Pro Plugin <= 2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Yaidier WN Flipbox Pro wn-flipbox-pro allows Reflected XSS.This issue affects WN Flipbox Pro: from n/a through <= 2.1.

Action-Not Available
Vendor-Yaidier
Product-WN Flipbox Pro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58848
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.32%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 13:45
Updated-13 May, 2026 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP likes Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in aakash1911 WP likes wp-likes allows Reflected XSS.This issue affects WP likes: from n/a through <= 3.1.1.

Action-Not Available
Vendor-aakash1911
Product-WP likes
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58853
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.32%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 13:45
Updated-12 May, 2026 | 00:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popping Sidebars and Widgets Light Plugin <= 1.27 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Reflected XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through <= 1.27.

Action-Not Available
Vendor-OTWthemes
Product-Popping Sidebars and Widgets Light
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58690
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:22
Updated-12 May, 2026 | 00:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Doliconnect Plugin <= 9.5.7 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ptibogxiv Doliconnect doliconnect allows Stored XSS.This issue affects Doliconnect: from n/a through <= 9.5.7.

Action-Not Available
Vendor-ptibogxiv
Product-Doliconnect
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53331
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RSS Digest plugin <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in samcharrington RSS Digest rss-digest allows Stored XSS.This issue affects RSS Digest: from n/a through <= 1.5.

Action-Not Available
Vendor-samcharrington
Product-RSS Digest
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58270
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:23
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NIX Anti-Spam Light Plugin <= 0.0.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in NIX Solutions Ltd NIX Anti-Spam Light nix-anti-spam-light allows Cross Site Request Forgery.This issue affects NIX Anti-Spam Light: from n/a through <= 0.0.4.

Action-Not Available
Vendor-NIX Solutions Ltd
Product-NIX Anti-Spam Light
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58217
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 6.33%
||
7 Day CHG+0.01%
Published-27 Aug, 2025 | 17:45
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Instant Breaking News Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov Instant Breaking News instant-breaking-news allows Stored XSS.This issue affects Instant Breaking News: from n/a through <= 1.0.

Action-Not Available
Vendor-GeroNikolov
Product-Instant Breaking News
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53316
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 3.41%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 15:54
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through <= 1.0.0.

Action-Not Available
Vendor-Shahjahan Jewel
Product-WP GDPR Cookie Consent
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-60132
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.99%
||
7 Day CHG~0.00%
Published-22 Oct, 2025 | 14:32
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video Blogster Lite Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Stored XSS.This issue affects Video Blogster Lite: from n/a through <= 1.2.

Action-Not Available
Vendor-johnh10
Product-Video Blogster Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-60168
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.99%
||
7 Day CHG~0.00%
Published-22 Oct, 2025 | 14:32
Updated-28 Apr, 2026 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HotelRunner Booking Widget Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in integrationshotelrunner HotelRunner Booking Widget hotelrunner allows Stored XSS.This issue affects HotelRunner Booking Widget: from n/a through <= 1.6.

Action-Not Available
Vendor-integrationshotelrunner
Product-HotelRunner Booking Widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-67622
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.91%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 13:10
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Evergreen Post Tweeter plugin <= 1.8.9 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in titopandub Evergreen Post Tweeter evergreen-post-tweeter allows Stored XSS.This issue affects Evergreen Post Tweeter: from n/a through <= 1.8.9.

Action-Not Available
Vendor-titopandub
Product-Evergreen Post Tweeter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53274
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Permalink Translator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Hossin Asaadi WP Permalink Translator wp-permalink-translator allows Stored XSS.This issue affects WP Permalink Translator: from n/a through <= 1.7.6.

Action-Not Available
Vendor-Hossin Asaadi
Product-WP Permalink Translator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53332
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Track Everything plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ethoseo Track Everything track-everything allows Stored XSS.This issue affects Track Everything: from n/a through <= 2.0.1.

Action-Not Available
Vendor-ethoseo
Product-Track Everything
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-52784
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:03
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bluff Post plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in hideoguchi Bluff Post bluff-post allows Stored XSS.This issue affects Bluff Post: from n/a through <= 1.1.1.

Action-Not Available
Vendor-hideoguchi
Product-Bluff Post
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53313
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Twitch TV Embed Suite plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in plumwd Twitch TV Embed Suite twitch-tv-embed-suite allows Stored XSS.This issue affects Twitch TV Embed Suite: from n/a through <= 2.1.0.

Action-Not Available
Vendor-plumwd
Product-Twitch TV Embed Suite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53305
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Forum Server plugin <= 1.8.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in lucidcrew WP Forum Server forum-server allows Stored XSS.This issue affects WP Forum Server: from n/a through <= 1.8.2.

Action-Not Available
Vendor-lucidcrew
Product-WP Forum Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-52783
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:03
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Change Cart button Colors WooCommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in themelocation Change Cart button Colors WooCommerce wc-style allows Stored XSS.This issue affects Change Cart button Colors WooCommerce: from n/a through <= 1.0.

Action-Not Available
Vendor-themelocation
Product-Change Cart button Colors WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-52780
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:03
Updated-12 May, 2026 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Logo Manager For Samandehi plugin <= 0.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Mohammad Parsa Logo Manager For Samandehi samandehi-logo-manager allows Stored XSS.This issue affects Logo Manager For Samandehi: from n/a through <= 0.5.

Action-Not Available
Vendor-Mohammad Parsa
Product-Logo Manager For Samandehi
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53338
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress re.place plugin <= 0.2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in dor re.place replace allows Stored XSS.This issue affects re.place: from n/a through <= 0.2.1.

Action-Not Available
Vendor-dor
Product-re.place
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-52772
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:03
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Virtual Moderator plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Adnan Haque (a11n) Virtual Moderator allows Cross-Site Scripting (XSS). This issue affects Virtual Moderator: from n/a through 1.4.

Action-Not Available
Vendor-Adnan Haque (a11n)
Product-Virtual Moderator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-52781
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:03
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TinyNav plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Beee TinyNav tinynav allows Stored XSS.This issue affects TinyNav: from n/a through <= 1.4.

Action-Not Available
Vendor-Beee
Product-TinyNav
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53315
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Relocate Upload plugin <= 0.24.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in alanft Relocate Upload relocate-upload allows Stored XSS.This issue affects Relocate Upload: from n/a through <= 0.24.1.

Action-Not Available
Vendor-alanft
Product-Relocate Upload
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 14
  • 15
  • Next
Details not found