Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-64499

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-08 Dec, 2025 | 22:44
Updated At-09 Dec, 2025 | 16:04
Rejected At-
Credits

Tuleap is missing CSRF protections for its planning management API

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API. Attackers have access to create, edit or remove plans. This issue is fixed in Tuleap Community Edition version 17.0.99.1762456922 and Tuleap Enterprise Edtion versions 17.0-2, 16.13-7 and 16.12-10.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:08 Dec, 2025 | 22:44
Updated At:09 Dec, 2025 | 16:04
Rejected At:
▼CVE Numbering Authority (CNA)
Tuleap is missing CSRF protections for its planning management API

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API. Attackers have access to create, edit or remove plans. This issue is fixed in Tuleap Community Edition version 17.0.99.1762456922 and Tuleap Enterprise Edtion versions 17.0-2, 16.13-7 and 16.12-10.

Affected Products
Vendor
Enalean SASEnalean
Product
tuleap
Versions
Affected
  • Tuleap Community Edition < 17.0.99.1762456922
  • Tuleap Enterprise Edition < 17.0-2
  • Tuleap Enterprise Edition < 16.13-7
  • Tuleap Enterprise Edition < 16.12-10
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352: Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352: Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.14.6MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Enalean/tuleap/security/advisories/GHSA-9h47-jg7r-ww7x
x_refsource_CONFIRM
https://github.com/Enalean/tuleap/commit/1734a7bb2964042310ddc3f6dd7b4c82eee27526
x_refsource_MISC
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=1734a7bb2964042310ddc3f6dd7b4c82eee27526
x_refsource_MISC
https://tuleap.net/plugins/tracker/?aid=45592
x_refsource_MISC
Hyperlink: https://github.com/Enalean/tuleap/security/advisories/GHSA-9h47-jg7r-ww7x
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/Enalean/tuleap/commit/1734a7bb2964042310ddc3f6dd7b4c82eee27526
Resource:
x_refsource_MISC
Hyperlink: https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=1734a7bb2964042310ddc3f6dd7b4c82eee27526
Resource:
x_refsource_MISC
Hyperlink: https://tuleap.net/plugins/tracker/?aid=45592
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:08 Dec, 2025 | 23:15
Updated At:10 Dec, 2025 | 21:03

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API. Attackers have access to create, edit or remove plans. This issue is fixed in Tuleap Community Edition version 17.0.99.1762456922 and Tuleap Enterprise Edtion versions 17.0-2, 16.13-7 and 16.12-10.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.6MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CPE Matches
Enalean SAS
enalean
>>tuleap>>Versions before 16.12-10(exclusive)
cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*
Enalean SAS
enalean
>>tuleap>>Versions before 17.0.99.1762456922(exclusive)
cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*
Enalean SAS
enalean
>>tuleap>>Versions from 16.13(inclusive) to 16.13-7(exclusive)
cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*
Enalean SAS
enalean
>>tuleap>>Versions from 17.0(inclusive) to 17.0-2(exclusive)
cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Secondarysecurity-advisories@github.com
CWE ID: CWE-352
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/Enalean/tuleap/commit/1734a7bb2964042310ddc3f6dd7b4c82eee27526security-advisories@github.com
Patch
https://github.com/Enalean/tuleap/security/advisories/GHSA-9h47-jg7r-ww7xsecurity-advisories@github.com
Vendor Advisory
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=1734a7bb2964042310ddc3f6dd7b4c82eee27526security-advisories@github.com
Patch
Broken Link
https://tuleap.net/plugins/tracker/?aid=45592security-advisories@github.com
Issue Tracking
Vendor Advisory
Hyperlink: https://github.com/Enalean/tuleap/commit/1734a7bb2964042310ddc3f6dd7b4c82eee27526
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/Enalean/tuleap/security/advisories/GHSA-9h47-jg7r-ww7x
Source: security-advisories@github.com
Resource:
Vendor Advisory
Hyperlink: https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=1734a7bb2964042310ddc3f6dd7b4c82eee27526
Source: security-advisories@github.com
Resource:
Patch
Broken Link
Hyperlink: https://tuleap.net/plugins/tracker/?aid=45592
Source: security-advisories@github.com
Resource:
Issue Tracking
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

607Records found
CVE-2025-50179
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.08% / 24.59%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 15:48
Updated-21 Aug, 2025 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tuleap missing CSRF protection on tracker reports manipulation

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1 to trick victims into changing the canned responses. Tuleap Community Edition 16.8.99.1749830289 and Tuleap Enterprise Edition 16.9-1 contain a patch for the issue.

Action-Not Available
Vendor-Enalean SAS
Product-tuleaptuleap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48991
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.08% / 24.59%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 14:07
Updated-21 Aug, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tuleap missing CSRF protection on tracker canned responses administration

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into changing the canned responses. Tuleap Community Edition 16.8.99.1748845907, Tuleap Enterprise Edition 16.8-3, and Tuleap Enterprise Edition 16.7-5 contain a fix for the vulnerability.

Action-Not Available
Vendor-Enalean SAS
Product-tuleaptuleap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-29766
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.26% / 49.65%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 15:38
Updated-21 Aug, 2025 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tuleap has missing CSRF protections on artifact submission & edition from the tracker view

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap has missing CSRF protections on artifact submission & edition from the tracker view. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. The vulnerability is fixed in Tuleap Community Edition 16.5.99.1741784483 and Tuleap Enterprise Edition 16.5-3 and 16.4-8.

Action-Not Available
Vendor-Enalean SAS
Product-tuleaptuleap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-29929
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.26% / 49.65%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 15:40
Updated-21 Aug, 2025 | 22:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tuleap is missing CSRF protection on tracker hierarchy administration

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742306712 and Tuleap Enterprise Edition 16.5-5 and 16.4-8.

Action-Not Available
Vendor-Enalean SAS
Product-tuleaptuleap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27402
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.16% / 37.19%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 17:00
Updated-22 Aug, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tuleap is missing CSRF protections on tracker fields administrative operations

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740414959 and Tuleap Enterprise Edition 16.4-6 and 16.3-11.

Action-Not Available
Vendor-Enalean SAS
Product-tuleaptuleap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-24007
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.01% / 0.88%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 19:52
Updated-23 Feb, 2026 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tuleap is missing CSRF protection in the Overview inconsistent items

Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap is missing CSRF protection in the Overview inconsistent items. An attacker could use this vulnerability to trick victims into repairing inconsistent items (creating artifact links from the release). This vulnerability is fixed in Tuleap Community Edition 17.0.99.1768924735 and Tuleap Enterprise Edition 17.2-5, 17.1-6, and 17.0-9.

Action-Not Available
Vendor-Enalean SAS
Product-tuleaptuleap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-64117
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 5.82%
||
7 Day CHG~0.00%
Published-12 Nov, 2025 | 19:12
Updated-14 Nov, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tuleap missing CSRF protection in the management of SVN commit rules and immutable tags

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1761813675 and Tuleap Enterprise Edition prior to versions 16.13-5 and 16.12-8 don't have cross-site request forgery protection in the management of SVN commit rules and immutable tags. An attacker could use this vulnerability to trick victims into changing the commit rules or immutable tags of a SVN repo. Tuleap Community Edition 16.13.99.1761813675, Tuleap Enterprise Edition 16.13-5, and Tuleap Enterprise Edition 16.12-8 contain a fix for the issue.

Action-Not Available
Vendor-Enalean SAS
Product-tuleap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-65962
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 4.35%
||
7 Day CHG~0.00%
Published-08 Dec, 2025 | 23:15
Updated-10 Dec, 2025 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tuleap has missing CSRF protections its in tracker field dependencies

Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763803709 and Tuleap Enterprise Edition versions prior to 17.0-4 and 16.13-9 are mission CSRF protections in its tracker field dependencies, allowing attackers to modify tracker fields. This issue is fixed in Tuleap Community Edition version 17.0.99.1763803709 and Tuleap Enterprise Edition versions 17.0-4 and 16.13-9.

Action-Not Available
Vendor-Enalean SAS
Product-tuleaptuleap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-64482
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 5.82%
||
7 Day CHG~0.00%
Published-12 Nov, 2025 | 21:37
Updated-14 Nov, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tuleap missing CSRF protections in the File Release System

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1762267347 and Tuleap Enterprise Edition prior to versions 17.01-, 16.13-6, and 16.12-9 don't have cross-site request forgery protections in the file release system. An attacker could use this vulnerability to trick victims into changing the commit rules or immutable tags of a SVN repo. Tuleap Community Edition 16.13.99.1762267347, Tuleap Enterprise Edition 17.0-1, Tuleap Enterprise Edition 16.13-6, and Tuleap Enterprise Edition 16.12-9 fix the issue.

Action-Not Available
Vendor-Enalean SAS
Product-tuleap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-64760
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 4.35%
||
7 Day CHG~0.00%
Published-08 Dec, 2025 | 23:08
Updated-10 Dec, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tuleap has missing CSRF protections in its tracker trigger management system

Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to create or remove tracker triggers. This issue is fixed in Tuleap Community Edition version 17.0.99.1763126988 and Tuleap Enterprise Edition versions 17.0-3 and 16.13-8.

Action-Not Available
Vendor-Enalean SAS
Product-tuleaptuleap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-64498
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 4.35%
||
7 Day CHG~0.00%
Published-08 Dec, 2025 | 22:36
Updated-10 Dec, 2025 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tuleap has a Cross-Site Request Forgery (CSRF) vulnerability

Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. This issue is fixed in version Tuleap Community Edition version 17.0.99.1762444754 and Tuleap Enterprise Edition versions 17.0-2, 16.13-7 and 16.12-10.

Action-Not Available
Vendor-Enalean SAS
Product-tuleaptuleap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-27401
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.15% / 35.70%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 16:58
Updated-22 Aug, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
In Tuleap, deleting a report can delete criteria filters in other reports

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle through all the filters of all reports of the instance and delete them. The malicious user only needs to have access to one tracker. This would result in the loss of all criteria filters forcing users and tracker admins to re-create them. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740498975 and Tuleap Enterprise Edition 16.4-6 and 16.3-11.

Action-Not Available
Vendor-Enalean SAS
Product-tuleaptuleap
CWE ID-CWE-440
Expected Behavior Violation
CVE-2018-7634
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 40.24%
||
7 Day CHG~0.00%
Published-01 Mar, 2018 | 22:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover.

Action-Not Available
Vendor-n/aEnalean SAS
Product-tuleapn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51683
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 16:45
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy PayPal Buy Now Button Plugin <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through 1.8.1.

Action-Not Available
Vendor-wppluginScott Paterson
Product-easy_paypal_\&_stripe_buy_now_buttonEasy PayPal & Stripe Buy Now Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48362
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 7.78%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hesabfa Accounting plugin <= 2.2.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Cross Site Request Forgery.This issue affects Hesabfa Accounting: from n/a through <= 2.2.5.

Action-Not Available
Vendor-Saeed Sattar Beglou
Product-Hesabfa Accounting
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32744
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 20:53
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Product Recommendations Plugin < 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin <= 2.3.0 versions.

Action-Not Available
Vendor-WooCommerce
Product-product_recommendationsProduct Recommendations
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48342
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.63%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:55
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dynamic Pricing & Discounts Lite for WooCommerce plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in RedefiningTheWeb Dynamic Pricing & Discounts Lite for WooCommerce woo-dynamic-pricing-discounts-lite allows Cross Site Request Forgery.This issue affects Dynamic Pricing & Discounts Lite for WooCommerce: from n/a through <= 2.0.4.

Action-Not Available
Vendor-RedefiningTheWeb
Product-Dynamic Pricing & Discounts Lite for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47684
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Smaily for WP plugin <= 3.1.7 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Smaily Smaily for WP smaily-for-wp allows Cross Site Request Forgery.This issue affects Smaily for WP: from n/a through <= 3.1.7.

Action-Not Available
Vendor-Smaily
Product-Smaily for WP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48344
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.63%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:55
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rootspersona plugin <= 3.7.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ed4becky Rootspersona rootspersona allows Cross Site Request Forgery.This issue affects Rootspersona: from n/a through <= 3.7.5.

Action-Not Available
Vendor-ed4becky
Product-Rootspersona
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47473
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PW WooCommerce Bulk Edit plugin <= 2.134 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in pimwick PW WooCommerce Bulk Edit pw-bulk-edit allows Cross Site Request Forgery.This issue affects PW WooCommerce Bulk Edit: from n/a through <= 2.134.

Action-Not Available
Vendor-pimwick
Product-PW WooCommerce Bulk Edit
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47583
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.63%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:07
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Salon booking system plugin <= 10.16 - CSRF to Arbitrary Content Deletion vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Cross Site Request Forgery.This issue affects Salon booking system: from n/a through <= 10.16.

Action-Not Available
Vendor-Dimitri Grassi
Product-Salon booking system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48284
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.63%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:45
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Japanized For WooCommerce plugin <= 2.6.40 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in shohei.tanaka Japanized For WooCommerce woocommerce-for-japan allows Cross Site Request Forgery.This issue affects Japanized For WooCommerce: from n/a through <= 2.6.40.

Action-Not Available
Vendor-shohei.tanaka
Product-Japanized For WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47661
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.63%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 워드프레스 결제 심플페이 plugin <= 5.2.11 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in codemstory 워드프레스 결제 심플페이 pgall-for-woocommerce allows Cross Site Request Forgery.This issue affects 워드프레스 결제 심플페이: from n/a through <= 5.2.11.

Action-Not Available
Vendor-codemstory
Product-워드프레스 결제 심플페이
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49744
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-15 Dec, 2023 | 15:42
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gift Up Gift Cards for WordPress and WooCommerce Plugin <= 2.21.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3.

Action-Not Available
Vendor-giftupGift Up
Product-gift_up_gift_cards_for_wordpress_and_woocommerceGift Up Gift Cards for WordPress and WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46498
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 39.18%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:09
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Zalo Official Live Chat plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in nghialuu Zalo Official Live Chat zalo-official-live-chat allows Cross Site Request Forgery.This issue affects Zalo Official Live Chat: from n/a through <= 1.0.0.

Action-Not Available
Vendor-nghialuu
Product-Zalo Official Live Chat
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32966
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 25.80%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 17:29
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Jazz Popups Plugin <= 1.8.7 is vulnerable to Cross Site Request Forgery (CSRF) leading to Stored XSS

Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab Jazz Popups leads to Stored XSS.This issue affects Jazz Popups: from n/a through 1.8.7.

Action-Not Available
Vendor-crudlabCRUDLab
Product-jazz_popupsJazz Popups
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-24374
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 8.73%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RegistrationMagic plugin <= 6.0.6.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Cross Site Request Forgery.This issue affects RegistrationMagic: from n/a through <= 6.0.6.9.

Action-Not Available
Vendor-Metagauss Inc.
Product-RegistrationMagic
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-25024
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 8.73%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 14:08
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ThirstyAffiliates plugin <= 3.11.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Cross Site Request Forgery.This issue affects ThirstyAffiliates: from n/a through <= 3.11.9.

Action-Not Available
Vendor-Blair Williams
Product-ThirstyAffiliates
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-5935
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 17.95%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 18:45
Updated-19 May, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSRF Vulnerability in imartinez/privategpt

A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's users.

Action-Not Available
Vendor-pribaiimartinezimartinez
Product-privategptimartinez/privategptimartinez_privategpt
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32247
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 39.18%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Content Creator plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ABCdatos AI Content Creator ai-content-creator allows Cross Site Request Forgery.This issue affects AI Content Creator: from n/a through <= 1.2.6.

Action-Not Available
Vendor-ABCdatos
Product-AI Content Creator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47758
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 17.23%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 18:09
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi Step Form Plugin <= 1.7.11 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form plugin <= 1.7.11 versions.

Action-Not Available
Vendor-mondulaMondula GmbH
Product-multi_step_formMulti Step Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32249
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 39.18%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-12 May, 2026 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DirectoryPress Plugin <= 3.6.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Designinvento DirectoryPress directorypress allows Cross Site Request Forgery.This issue affects DirectoryPress: from n/a through <= 3.6.22.

Action-Not Available
Vendor-Designinvento
Product-DirectoryPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32248
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 46.59%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SwiftXR (3D/AR/VR) Viewer plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SwiftXR SwiftXR (3D/AR/VR) Viewer swiftxr-3darvr-viewer allows Cross Site Request Forgery.This issue affects SwiftXR (3D/AR/VR) Viewer: from n/a through <= 1.0.7.

Action-Not Available
Vendor-SwiftXR
Product-SwiftXR (3D/AR/VR) Viewer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32587
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 17.23%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 21:14
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Reactions Lite Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WP Reactions, LLC WP Reactions Lite plugin <= 1.3.8 versions.

Action-Not Available
Vendor-wpreactionsWP Reactions, LLC
Product-wp_reactions_liteWP Reactions Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32250
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 32.23%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-12 May, 2026 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rollbar plugin <= 2.7.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in rollbar Rollbar rollbar allows Cross Site Request Forgery.This issue affects Rollbar: from n/a through <= 2.7.1.

Action-Not Available
Vendor-rollbar
Product-Rollbar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-32679
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 47.70%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-12 May, 2026 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Registration Using Contact Form 7 plugin <= 2.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ZealousWeb User Registration Using Contact Form 7 user-registration-using-contact-form-7 allows Cross Site Request Forgery.This issue affects User Registration Using Contact Form 7: from n/a through <= 2.4.

Action-Not Available
Vendor-ZealousWeb
Product-User Registration Using Contact Form 7
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45109
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 13:18
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WhitePage Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage plugin <= 1.1.5 versions.

Action-Not Available
Vendor-myback.linkZAKSTAN
Product-whitepageWhitePage
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32500
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 22:22
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WoodMart Theme <= 7.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme <= 7.1.1 versions.

Action-Not Available
Vendor-XTemos Studio
Product-woodmartWoodMart - Multipurpose WooCommerce Themewoodmart
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32745
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 20:38
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.1 versions.

Action-Not Available
Vendor-WooCommerce
Product-automatewooAutomateWoo
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32091
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 13:04
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress POEditor Plugin <= 0.9.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions.

Action-Not Available
Vendor-poeditorPOEditor
Product-poeditorPOEditor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31859
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 30.42%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:52
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Feedbucket – Website Feedback Tool Plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Feedbucket Feedbucket – Website Feedback Tool feedbucket allows Cross Site Request Forgery.This issue affects Feedbucket – Website Feedback Tool: from n/a through <= 1.0.6.

Action-Not Available
Vendor-Feedbucket
Product-Feedbucket – Website Feedback Tool
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-56222
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 25.50%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 10:07
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CodeBard Help Desk plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard Help Desk codebard-help-desk allows Cross Site Request Forgery.This issue affects CodeBard Help Desk: from n/a through <= 1.1.1.

Action-Not Available
Vendor-codebardCodeBard
Product-codebard_help_deskCodeBard Help Desk
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31439
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.31%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 11:54
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Browser Caching with .htaccess 1.2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in tobias_.MerZ Browser Caching with .htaccess allows Cross Site Request Forgery. This issue affects Browser Caching with .htaccess: from 1.2.1 through n/a.

Action-Not Available
Vendor-tobias_.MerZ
Product-Browser Caching with .htaccess
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-22949
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.42%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 12:40
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"

Action-Not Available
Vendor-concretecmsn/a
Product-concrete_cmshttps://github.com/concrete5/concrete5
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31915
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.63%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pixel Form BuilderPlugin & Autoresponder plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Cross Site Request Forgery.This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through <= 1.0.3.

Action-Not Available
Vendor-kamleshyadav
Product-Pixel WordPress Form BuilderPlugin & Autoresponder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32504
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 32.30%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 22:28
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wise Chat Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat.This issue affects Wise Chat: from n/a through 3.1.3.

Action-Not Available
Vendor-kaineKainex
Product-wise_chatWise Chat
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31457
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 51.99%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 11:54
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LWS SMS plugin <= 2.4.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Aurélien LWS LWS SMS lws-sms allows Cross Site Request Forgery.This issue affects LWS SMS: from n/a through <= 2.4.1.

Action-Not Available
Vendor-Aurélien LWS
Product-LWS SMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31448
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 36.88%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 11:54
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Trackback Disabler plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in misteraon Simple Trackback Disabler simple-trackback-disabler allows Cross Site Request Forgery.This issue affects Simple Trackback Disabler: from n/a through <= 1.4.

Action-Not Available
Vendor-misteraon
Product-Simple Trackback Disabler
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-30968
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.63%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Post List plugin <= 0.5.6.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in jokerbr313 Advanced Post List advanced-post-list allows Cross Site Request Forgery.This issue affects Advanced Post List: from n/a through <= 0.5.6.2.

Action-Not Available
Vendor-jokerbr313
Product-Advanced Post List
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32514
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.23%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 22:24
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Google Site Verification plugin using Meta Tag Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2.

Action-Not Available
Vendor-himanshuparasharHimanshu Parashar
Product-google_site_verification_plugin_using_meta_tagGoogle Site Verification plugin using Meta Tag
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 12
  • 13
  • Next
Details not found