Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-63030

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-09 Dec, 2025 | 14:52
Updated At-20 Jan, 2026 | 14:28
Rejected At-
Credits

WordPress New User Approve plugin <= 3.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:09 Dec, 2025 | 14:52
Updated At:20 Jan, 2026 | 14:28
Rejected At:
â–¼CVE Numbering Authority (CNA)
WordPress New User Approve plugin <= 3.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.0.

Affected Products
Vendor
Saad Iqbal
Product
New User Approve
Collection URL
https://wordpress.org/plugins
Package Name
new-user-approve
Default Status
unaffected
Versions
Affected
  • From n/a through <= 3.2.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: Cross Site Request Forgery
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Psai | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/new-user-approve/vulnerability/wordpress-new-user-approve-plugin-3-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/new-user-approve/vulnerability/wordpress-new-user-approve-plugin-3-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:09 Dec, 2025 | 16:18
Updated At:20 Jan, 2026 | 15:18

Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Secondaryaudit@patchstack.com
CWE ID: CWE-352
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/new-user-approve/vulnerability/wordpress-new-user-approve-plugin-3-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/new-user-approve/vulnerability/wordpress-new-user-approve-plugin-3-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

689Records found
CVE-2025-63040
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.57%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 16:08
Updated-20 Jan, 2026 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Snippets plugin <= 4.0.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11.

Action-Not Available
Vendor-Saad Iqbal
Product-Post Snippets
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-67471
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.02% / 4.90%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 14:13
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quick Contact Form plugin <= 8.2.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Cross Site Request Forgery.This issue affects Quick Contact Form: from n/a through <= 8.2.5.

Action-Not Available
Vendor-Saad Iqbal
Product-Quick Contact Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-22355
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 2.89%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-27 Jan, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple XML Sitemap plugin <= 1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple XML Sitemap simple-xml-sitemap allows Stored XSS.This issue affects Simple XML Sitemap: from n/a through <= 1.3.

Action-Not Available
Vendor-gregmolnar
Product-Simple XML Sitemap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-68885
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 05:34
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Post Status plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Page Carbajal Custom Post Status allows Stored XSS.This issue affects Custom Post Status: from n/a through 1.1.0.

Action-Not Available
Vendor-Page Carbajal
Product-Custom Post Status
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54429
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.49%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Aphorismus plugin <= 1.2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ivan Ovsyannikov Aphorismus allows Stored XSS.This issue affects Aphorismus: from n/a through 1.2.0.

Action-Not Available
Vendor-Ivan Ovsyannikov
Product-Aphorismus
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-56232
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 17.07%
||
7 Day CHG+0.02%
Published-31 Dec, 2024 | 10:05
Updated-31 Dec, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Nice Loader plugin <= 0.1.0.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Alexander Volkov WP Nice Loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through 0.1.0.4.

Action-Not Available
Vendor-Alexander Volkov
Product-WP Nice Loader
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54386
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.09%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Get Push Monkey LLC Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart: from n/a through 3.9.

Action-Not Available
Vendor-Get Push Monkey LLC
Product-Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54434
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.49%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress phZoom plugin <= 1.2.92 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Phoetry phZoom allows Stored XSS.This issue affects phZoom: from n/a through 1.2.92.

Action-Not Available
Vendor-Phoetry
Product-phZoom
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53712
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.32%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kevin's plugin <= 2.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Kevin McCabe Kevin's allows Stored XSS.This issue affects Kevin's: from n/a through 2.0.0.

Action-Not Available
Vendor-Kevin McCabe
Product-Kevin's
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53716
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.50%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wp auto top plugin <= 2.9.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in overtrue wp auto top allows Stored XSS.This issue affects wp auto top: from n/a through 2.9.3.

Action-Not Available
Vendor-overtrue
Product-wp auto top
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53777
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Header and Footer plugin <= 1.0.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Alberto Reineri Simple Header and Footer allows Stored XSS.This issue affects Simple Header and Footer: from n/a through 1.0.0.

Action-Not Available
Vendor-Alberto Reineri
Product-Simple Header and Footer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53728
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.50%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Protect Your Content plugin <= 1.0.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SEO-Küche Internet Marketing GmbH & Co. KG Protect Your Content allows Stored XSS.This issue affects Protect Your Content: from n/a through 1.0.2.

Action-Not Available
Vendor-SEO-Küche Internet Marketing GmbH & Co. KG
Product-Protect Your Content
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54337
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:25
Updated-13 Dec, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DX Dark Site plugin <= 1.0.1 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in DevriX DX Dark Site allows Stored XSS.This issue affects DX Dark Site: from n/a through 1.0.1.

Action-Not Available
Vendor-DevriX
Product-DX Dark Site
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54416
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.02%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wp Login with Ajax plugin <= 0.6 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Navdeep Kumar Wp Login with Ajax allows Stored XSS.This issue affects Wp Login with Ajax: from n/a through 0.6.

Action-Not Available
Vendor-Navdeep Kumar
Product-Wp Login with Ajax
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53723
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.50%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Google Plus Share and +1 Button plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in A.Cihangir BALTACI Google Plus Share and +1 Button allows Stored XSS.This issue affects Google Plus Share and +1 Button: from n/a through 1.0.

Action-Not Available
Vendor-A.Cihangir BALTACI
Product-Google Plus Share and +1 Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53722
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.50%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Favicon My Blog plugin <= 1.0.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rockemmusic Favicon My Blog allows Stored XSS.This issue affects Favicon My Blog: from n/a through 1.0.2.

Action-Not Available
Vendor-Rockemmusic
Product-Favicon My Blog
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53732
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.50%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 11:03
Updated-28 Nov, 2024 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Footer Flyout Widget plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP WOX Footer Flyout Widget allows Stored XSS.This issue affects Footer Flyout Widget: from n/a through 1.1.

Action-Not Available
Vendor-WP WOX
Product-Footer Flyout Widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54399
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.45%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CRUDLab Google Plus Button plugin <= 1.0.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through 1.0.2.

Action-Not Available
Vendor-CRUDLab
Product-CRUDLab Google Plus Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54436
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Jet Footer Code plugin <= 1.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Jettochkin Jet Footer Code allows Stored XSS.This issue affects Jet Footer Code: from n/a through 1.4.

Action-Not Available
Vendor-Jettochkin
Product-Jet Footer Code
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54394
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.57%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mandrill WP plugin <= 1.0.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Web solution soft Mandrill WP allows Stored XSS.This issue affects Mandrill WP: from n/a through 1.0.5.

Action-Not Available
Vendor-Web solution soft
Product-Mandrill WP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53730
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.04%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:43
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress April's Call Posts plugin <= 2.1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Aaron Hodge Silver April's Call Posts allows Stored XSS. This issue affects April's Call Posts: from n/a through 2.1.1.

Action-Not Available
Vendor-Aaron Hodge Silver
Product-April's Call Posts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54421
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Floating Video Player plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Sanjay Singh Negi Floating Video Player allows Stored XSS.This issue affects Floating Video Player: from n/a through 1.0.

Action-Not Available
Vendor-Sanjay Singh Negi
Product-Floating Video Player
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53762
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FastBook plugin <= 1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Faster Themes FastBook – Responsive Appointment Booking and Scheduling System allows Stored XSS.This issue affects FastBook – Responsive Appointment Booking and Scheduling System: from n/a through 1.1.

Action-Not Available
Vendor-Faster Themes
Product-FastBook – Responsive Appointment Booking and Scheduling System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53718
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.50%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi Feed Reader plugin <= 2.2.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi Feed Reader allows Stored XSS.This issue affects Multi Feed Reader: from n/a through 2.2.4.

Action-Not Available
Vendor-Eric Teubert
Product-Multi Feed Reader
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54392
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.57%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP微信机器人 plugin <= 5.3.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Midoks WP微信机器人 allows Stored XSS.This issue affects WP微信机器人: from n/a through 5.3.5.

Action-Not Available
Vendor-Midoks
Product-WP微信机器人
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53736
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 8.13%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 11:01
Updated-28 Nov, 2024 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Shortcode Sidebars plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Jason Grim Custom Shortcode Sidebars allows Stored XSS.This issue affects Custom Shortcode Sidebars: from n/a through 1.2.

Action-Not Available
Vendor-Jason Grim
Product-Custom Shortcode Sidebars
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53778
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 8.13%
||
7 Day CHG~0.00%
Published-30 Nov, 2024 | 21:15
Updated-01 Dec, 2024 | 23:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Breadcrumbs plugin <= 1.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs allows Stored XSS.This issue affects Essential Breadcrumbs: from n/a through 1.1.1.

Action-Not Available
Vendor-Essential Marketer
Product-Essential Breadcrumbs
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54423
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Media Sharing plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Jesse Overright Social Media Sharing allows Stored XSS.This issue affects Social Media Sharing: from n/a through 1.1.

Action-Not Available
Vendor-Jesse Overright
Product-Social Media Sharing
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54393
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.57%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Fiddle plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Sheikh Heera WP Fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through 1.0.

Action-Not Available
Vendor-Sheikh Heera
Product-WP Fiddle
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54391
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.57%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress Filter plugin <= 1.4.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Matt Walters WordPress Filter allows Stored XSS.This issue affects WordPress Filter: from n/a through 1.4.1.

Action-Not Available
Vendor-Matt Walters
Product-WordPress Filter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54428
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Add image to Post plugin <= 0.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Add image to Post allows Stored XSS.This issue affects Add image to Post: from n/a through 0.6.

Action-Not Available
Vendor-onigetoc
Product-Add image to Post
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54433
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Booking – Widget plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Simple Booking Simple Booking Widget allows Stored XSS.This issue affects Simple Booking Widget: from n/a through 1.1.

Action-Not Available
Vendor-Simple Booking
Product-Simple Booking Widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53750
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 17.07%
||
7 Day CHG~0.00%
Published-01 Dec, 2024 | 21:21
Updated-01 Dec, 2024 | 23:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PayPal Responder plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2.

Action-Not Available
Vendor-Maeve Lander
Product-PayPal Responder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54415
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.16%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-HideThat plugin <= 1.2 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-HideThat allows Stored XSS.This issue affects WP-HideThat: from n/a through 1.2.

Action-Not Available
Vendor-Cyle Conoly
Product-WP-HideThat
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53755
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Third Party Cookie Eraser plugin <= 1.0.2 - CSRF to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Pernici Third Party Cookie Eraser allows Stored XSS.This issue affects Third Party Cookie Eraser: from n/a through 1.0.2.

Action-Not Available
Vendor-Andrea Pernici
Product-Third Party Cookie Eraser
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54388
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.27%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multiple Admin Emails plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Phuc Pham Multiple Admin Emails allows Cross Site Request Forgery.This issue affects Multiple Admin Emails: from n/a through 1.0.

Action-Not Available
Vendor-Phuc Pham
Product-Multiple Admin Emails
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53729
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.04%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blizzard Quotes plugin <= 1.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Plumeria Web Design Blizzard Quotes allows Stored XSS.This issue affects Blizzard Quotes: from n/a through 1.3.

Action-Not Available
Vendor-Plumeria Web Design
Product-Blizzard Quotes
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54420
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.09%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Metrika plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Aleksander Novikov Metrika allows Cross Site Request Forgery.This issue affects Metrika: from n/a through 1.2.

Action-Not Available
Vendor-Aleksander Novikov
Product-Metrika
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54425
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.49%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LionScripts: Site Maintenance plugin <= 2.1 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.com LionScripts: Site Maintenance & Noindex Nofollow Plugin allows Stored XSS.This issue affects LionScripts: Site Maintenance & Noindex Nofollow Plugin: from n/a through 2.1.

Action-Not Available
Vendor-LionScripts.com
Product-LionScripts: Site Maintenance & Noindex Nofollow Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53726
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.50%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RealtyCandy IDX Broker Extended plugin <= 1.5.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Realty Candy RealtyCandy IDX Broker Extended allows Stored XSS.This issue affects RealtyCandy IDX Broker Extended: from n/a through 1.5.1.

Action-Not Available
Vendor-Realty Candy
Product-RealtyCandy IDX Broker Extended
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53719
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.50%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Zajax – Ajax Navigation plugin <= 0.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Zajax – Ajax Navigation allows Stored XSS.This issue affects Zajax – Ajax Navigation: from n/a through 0.4.

Action-Not Available
Vendor-onigetoc
Product-Zajax – Ajax Navigation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53725
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.50%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Hits Counter plugin <= 2.8.23 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Script-Recipes Post Hits Counter allows Reflected XSS.This issue affects Post Hits Counter: from n/a through 2.8.23.

Action-Not Available
Vendor-Script-Recipes
Product-Post Hits Counter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54414
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.16%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Geoportail Shortcode plugin <= 2.4.4 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in geoWP Geoportail Shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through 2.4.4.

Action-Not Available
Vendor-geoWP
Product-Geoportail Shortcode
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54427
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Category of Posts plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Linda MacPhee-Cobb Category of Posts allows Stored XSS.This issue affects Category of Posts: from n/a through 1.0.

Action-Not Available
Vendor-Linda MacPhee-Cobb
Product-Category of Posts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54426
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.16%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LeaderBoard Plugin plugin <= 1.2.4 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Andy Fradelakis LeaderBoard Plugin allows Stored XSS.This issue affects LeaderBoard Plugin: from n/a through 1.2.4.

Action-Not Available
Vendor-Andy Fradelakis
Product-LeaderBoard Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53711
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.32%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hotlink2Watermark plugin <= 0.3.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Jean-Marc BIANCA Hotlink2Watermark allows Stored XSS.This issue affects Hotlink2Watermark: from n/a through 0.3.2.

Action-Not Available
Vendor-Jean-Marc BIANCA
Product-Hotlink2Watermark
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53782
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Video Store plugin <= 21.07 - CSRF to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CMSaccount Photo Video Store allows Cross-Site Scripting (XSS).This issue affects Photo Video Store: from n/a through 21.07.

Action-Not Available
Vendor-CMSaccount
Product-Photo Video Store
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54411
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.02%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Controller plugin <= 3.2.0 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in hosting.io, campaigns.io WP Controller allows Stored XSS.This issue affects WP Controller: from n/a through 3.2.0.

Action-Not Available
Vendor-hosting.io, campaigns.io
Product-WP Controller
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54439
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.16%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Amazon Product Price plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Alok Tiwari Amazon Product Price allows Stored XSS.This issue affects Amazon Product Price: from n/a through 1.1.

Action-Not Available
Vendor-Alok Tiwari
Product-Amazon Product Price
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54405
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.16%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ECT Social Share plugin <= 1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Andy Chapman ECT Social Share allows Stored XSS.This issue affects ECT Social Share: from n/a through 1.3.

Action-Not Available
Vendor-Andy Chapman
Product-ECT Social Share
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 13
  • 14
  • Next
Details not found