Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-2410

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-25 Feb, 2026 | 09:26
Updated At-25 Feb, 2026 | 21:11
Rejected At-
Credits

Disable Admin Notices – Hide Dashboard Notifications <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update

The Disable Admin Notices – Hide Dashboard Notifications plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing nonce validation in the `showPageContent()` function. This makes it possible for unauthenticated attackers to add arbitrary URLs to the blocked redirects list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:25 Feb, 2026 | 09:26
Updated At:25 Feb, 2026 | 21:11
Rejected At:
▼CVE Numbering Authority (CNA)
Disable Admin Notices – Hide Dashboard Notifications <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update

The Disable Admin Notices – Hide Dashboard Notifications plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing nonce validation in the `showPageContent()` function. This makes it possible for unauthenticated attackers to add arbitrary URLs to the blocked redirects list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affected Products
Vendor
Themeislethemeisle
Product
Disable Admin Notices – Hide Dashboard Notifications
Default Status
unaffected
Versions
Affected
  • From * through 1.4.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Lukasz Sobanski
Timeline
EventDate
Vendor Notified2026-02-12 15:34:23
Disclosed2026-02-24 20:56:18
Event: Vendor Notified
Date: 2026-02-12 15:34:23
Event: Disclosed
Date: 2026-02-24 20:56:18
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/b3011679-51e8-4a13-8364-1d0723656d08?source=cve
N/A
https://plugins.trac.wordpress.org/browser/disable-admin-notices/tags/1.4.2/admin/pages/class-pages-edit-redirects.php#L103
N/A
https://plugins.trac.wordpress.org/browser/disable-admin-notices/trunk/admin/pages/class-pages-edit-redirects.php#L103
N/A
https://plugins.trac.wordpress.org/changeset/3463239/disable-admin-notices/trunk/admin/pages/class-pages-edit-redirects.php
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/b3011679-51e8-4a13-8364-1d0723656d08?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/disable-admin-notices/tags/1.4.2/admin/pages/class-pages-edit-redirects.php#L103
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/disable-admin-notices/trunk/admin/pages/class-pages-edit-redirects.php#L103
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset/3463239/disable-admin-notices/trunk/admin/pages/class-pages-edit-redirects.php
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:25 Feb, 2026 | 10:16
Updated At:25 Feb, 2026 | 14:15

The Disable Admin Notices – Hide Dashboard Notifications plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing nonce validation in the `showPageContent()` function. This makes it possible for unauthenticated attackers to add arbitrary URLs to the blocked redirects list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Primarysecurity@wordfence.com
CWE ID: CWE-352
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/browser/disable-admin-notices/tags/1.4.2/admin/pages/class-pages-edit-redirects.php#L103security@wordfence.com
N/A
https://plugins.trac.wordpress.org/browser/disable-admin-notices/trunk/admin/pages/class-pages-edit-redirects.php#L103security@wordfence.com
N/A
https://plugins.trac.wordpress.org/changeset/3463239/disable-admin-notices/trunk/admin/pages/class-pages-edit-redirects.phpsecurity@wordfence.com
N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/b3011679-51e8-4a13-8364-1d0723656d08?source=cvesecurity@wordfence.com
N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/disable-admin-notices/tags/1.4.2/admin/pages/class-pages-edit-redirects.php#L103
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/disable-admin-notices/trunk/admin/pages/class-pages-edit-redirects.php#L103
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset/3463239/disable-admin-notices/trunk/admin/pages/class-pages-edit-redirects.php
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/b3011679-51e8-4a13-8364-1d0723656d08?source=cve
Source: security@wordfence.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2091Records found
CVE-2023-2495
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.94%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 12:40
Updated-12 Nov, 2024 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Greeklish-permalink < 3.5 - Unauthenticated Post Slug Update

The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtrans_ajax_old AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF.

Action-Not Available
Vendor-greeklish-permalink_projectUnknown
Product-greeklish-permalinkGreeklish-permalink
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-24007
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 26.96%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 11:57
Updated-12 Nov, 2024 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Admin Block Country Plugin <= 7.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom Skroza Admin Block Country plugin <= 7.1.4 versions.

Action-Not Available
Vendor-admin_block_country_projectTheOnlineHero - Tom Skroza
Product-admin_block_countryAdmin Block Country
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23879
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 33.83%
||
7 Day CHG~0.00%
Published-23 Apr, 2023 | 11:18
Updated-09 Jan, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PHP Execution Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Nicolas Zeh PHP Execution plugin <= 1.0.0 versions.

Action-Not Available
Vendor-php_execution_projectNicolas Zeh
Product-php_executionPHP Execution
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-24008
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.38%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 12:15
Updated-02 Aug, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Maspik – Spam blacklist Plugin <= 0.7.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik – Spam Blacklist plugin <= 0.7.8 versions.

Action-Not Available
Vendor-wpmaspikyonifre
Product-maspikMaspik – Spam Blacklist
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23865
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.32%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 14:45
Updated-13 Jan, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stripe Payments For WooCommerce by Checkout Plugin <= 1.4.10 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin <= 1.4.10 leads to settings change.

Action-Not Available
Vendor-checkoutpluginsCheckout Plugins
Product-stripe_payments_for_woocommerceStripe Payments For WooCommerce by Checkout Plugins
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-24384
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.44%
||
7 Day CHG+0.02%
Published-23 Feb, 2023 | 14:55
Updated-13 Jan, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Organization chart Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions.

Action-Not Available
Vendor-WpDevArt
Product-organization_chartOrganization chart
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23792
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 05:49
Updated-07 Oct, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Swatchly – WooCommerce Variation Swatches for Products Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly plugin <= 1.2.0 versions.

Action-Not Available
Vendor-HasTech IT Limited (HasThemes)
Product-swatchlySwatchly
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53272
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.88%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Cleanup plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in opicron Image Cleanup allows Cross Site Request Forgery. This issue affects Image Cleanup: from n/a through 1.9.2.

Action-Not Available
Vendor-opicron
Product-Image Cleanup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23897
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-43.34% / 97.43%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 12:14
Updated-02 Aug, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Mobile URL Redirect Plugin <= 1.7.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions.

Action-Not Available
Vendor-ozetteOzette Plugins
Product-simple_mobile_url_redirectSimple Mobile URL Redirect
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-22691
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.33%
||
7 Day CHG+0.01%
Published-03 May, 2023 | 07:33
Updated-09 Jan, 2025 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Category Specific RSS feed Subscription Plugin <= v2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.1 versions.

Action-Not Available
Vendor-Ruhul AminTips and Tricks HQ
Product-category_specific_rss_feed_subscriptionCategory Specific RSS feed Subscription
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-52711
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.48%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:03
Updated-03 Jul, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8.

Action-Not Available
Vendor-BoldGrid (InMotion Hosting, Inc.)
Product-Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23731
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 07:01
Updated-08 Oct, 2024 | 13:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WishSuite Plugin <= 1.3.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite plugin <= 1.3.3 versions.

Action-Not Available
Vendor-HasTech IT Limited (HasThemes)
Product-wishsuiteWishSuite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-20321
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 5.96%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 17:48
Updated-21 Jul, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Membership State Change in Splunk Search Head Cluster through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster (SHC) through a Cross-Site Request Forgery (CSRF), potentially leading to the removal of the captain or a member of the SHC.<br><br>The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating a request within their browser. The attacker should not be able to exploit the vulnerability at will.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunksplunk_cloud_platformSplunk Enterprise CloudSplunk Enterprise
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53269
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.88%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress My Wp Brand plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in imw3 My Wp Brand allows Cross Site Request Forgery. This issue affects My Wp Brand: from n/a through 1.1.3.

Action-Not Available
Vendor-imw3
Product-My Wp Brand
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-22714
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.14%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 08:49
Updated-09 Jan, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Coming Soon by Supsystic Plugin <= 1.7.10 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <= 1.7.10 versions.

Action-Not Available
Vendor-supsysticSupsystic
Product-coming_soonComing Soon by Supsystic
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53261
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.88%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP YouTube Live plugin <= 1.10.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in macbookandrew WP YouTube Live allows Cross Site Request Forgery. This issue affects WP YouTube Live: from n/a through 1.10.0.

Action-Not Available
Vendor-macbookandrew
Product-WP YouTube Live
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53193
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.88%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:20
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Burst Statistics plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Burst Statistics B.V. Burst Statistics allows Cross Site Request Forgery. This issue affects Burst Statistics: from n/a through 2.0.6.

Action-Not Available
Vendor-Burst Statistics B.V.
Product-Burst Statistics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-52767
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.71%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 18:22
Updated-15 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin allows Cross Site Request Forgery. This issue affects NetInsight Analytics Implementation Plugin: from n/a through 1.0.3.

Action-Not Available
Vendor-lisensee
Product-NetInsight Analytics Implementation Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-25930
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 36.18%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 13:57
Updated-30 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection, and since there is no validation of an existing user name while renaming a user. As a result, privileges of the renamed user are being overwritten by the old user and the old user is being deleted from the user list.

Action-Not Available
Vendor-opennmsn/a
Product-horizonmeridianOpenNMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23706
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.14%
||
7 Day CHG~0.00%
Published-23 May, 2023 | 12:41
Updated-08 Jan, 2025 | 22:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin <= 7.5.14 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions.

Action-Not Available
Vendor-miniorangeminiOrange
Product-wordpress_social_login_and_register_\(discord\,_google\,_twitter\,_linkedin\)WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-2042
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.32%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 21:00
Updated-15 Oct, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
huang-yk student-manage cross-site request forgery

A vulnerability has been found in huang-yk student-manage 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-huang-ykhuang-yk
Product-student-managestudent-manage
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2025-53347
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.71%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 18:21
Updated-15 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kalium Theme plugin <= 3.18.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium allows Cross Site Request Forgery. This issue affects Kalium: from n/a through 3.18.3.

Action-Not Available
Vendor-Laborator
Product-Kalium
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-33678
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.04%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 10:42
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ClickCease Click Fraud Protection plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ClickCease ClickCease Click Fraud Protection.This issue affects ClickCease Click Fraud Protection: from n/a through 3.2.4.

Action-Not Available
Vendor-ClickCeaseclickcease
Product-ClickCease Click Fraud Protectionclickcease
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-2286
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.60%
||
7 Day CHG~0.00%
Published-09 Jun, 2023 | 12:32
Updated-09 Nov, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-wpwhitesecuritywpwhitesecurity
Product-wp_activity_logWP Activity Log PremiumWP Activity Log
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-33690
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.12%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 12:52
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Financio theme <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio.This issue affects Financio: from n/a through 1.1.3.

Action-Not Available
Vendor-Jegstudiojegstudio
Product-Financiofinancio
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23714
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.38%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 11:01
Updated-08 Jan, 2025 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uncanny Toolkit for LearnDash Plugin <= 3.6.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash plugin <= 3.6.4.1 versions.

Action-Not Available
Vendor-Uncanny Owl Inc.
Product-uncanny_toolkit_for_learndashUncanny Toolkit for LearnDash
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53273
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.88%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slickstream plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Slickstream Slickstream allows Cross Site Request Forgery. This issue affects Slickstream: from n/a through 2.0.3.

Action-Not Available
Vendor-Slickstream
Product-Slickstream
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53254
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.88%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cyrlitera plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in webcraftic Cyrlitera allows Cross Site Request Forgery. This issue affects Cyrlitera: from n/a through 1.2.0.

Action-Not Available
Vendor-webcraftic
Product-Cyrlitera
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23724
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.14%
||
7 Day CHG~0.00%
Published-23 May, 2023 | 12:46
Updated-08 Jan, 2025 | 22:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress Email Marketing Plugin – WP Email Capture Plugin <= 3.9.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions.

Action-Not Available
Vendor-winwarWinwar Media
Product-wp_email_captureWP Email Capture
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-22692
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.14%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 08:42
Updated-09 Jan, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Name Directory Plugin <= 1.27.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <= 1.27.1 versions.

Action-Not Available
Vendor-name_directory_projectJeroen Peters
Product-name_directoryName Directory
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-22681
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.32%
||
7 Day CHG~0.00%
Published-20 Mar, 2023 | 10:56
Updated-10 Jan, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Online Exam Software : eExamhall Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Aarvanshinfotech Online Exam Software: eExamhall plugin <= 4.0 versions.

Action-Not Available
Vendor-online_exam_software_\Aarvanshinfotech
Product-_eexamhall_projectOnline Exam Software : eExamhall
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-22693
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.38%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 12:09
Updated-08 Nov, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Google Tag Manager Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Google Tag Manager plugin <= 1.1 versions.

Action-Not Available
Vendor-conlabzconlabzgmbh
Product-wp_google_tag_managerWP Google Tag Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-22672
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.07%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 10:40
Updated-07 Oct, 2024 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress vSlider Multi Image Slider for WordPress Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions.

Action-Not Available
Vendor-vibethemesMr.Vibe
Product-vslidervSlider Multi Image Slider for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23705
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.14%
||
7 Day CHG~0.00%
Published-23 May, 2023 | 13:03
Updated-08 Jan, 2025 | 22:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Books Gallery Plugin <= 4.4.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress Books Gallery plugin <= 4.4.8 versions.

Action-Not Available
Vendor-hmpluginHM Plugin
Product-wordpress_books_galleryWordPress Books Gallery
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23713
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.14%
||
7 Day CHG~0.00%
Published-23 May, 2023 | 13:16
Updated-08 Jan, 2025 | 22:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Theme Tweaker Plugin <= 5.20 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Theme Tweaker plugin <= 5.20 versions.

Action-Not Available
Vendor-theme_tweaker_projectManoj Thulasidas
Product-theme_tweakerTheme Tweaker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-22675
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.91%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 16:41
Updated-09 Dec, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Fast Cache plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Taylor Hawkes WP Fast Cache allows Cross Site Request Forgery.This issue affects WP Fast Cache: from n/a through 1.5.

Action-Not Available
Vendor-Taylor Hawkes
Product-WP Fast Cache
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-22700
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.32%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 14:02
Updated-13 Jan, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PixelYourSite – Your smart PIXEL (TAG) Manager Plugin <= 9.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager plugin <= 9.3.0 versions.

Action-Not Available
Vendor-pixelyoursitePixelYourSite
Product-pixelyoursitePixelYourSite – Your smart PIXEL (TAG) Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-22695
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 12:38
Updated-07 Oct, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Field Template Plugin <= 2.5.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.8 versions.

Action-Not Available
Vendor-wpgogoHiroaki Miyashita
Product-custom_field_templateCustom Field Template
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-22709
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.14%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 08:46
Updated-02 Aug, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SRS Simple Hits Counter Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple Hits Counter plugin <= 1.1.0 versions.

Action-Not Available
Vendor-srs_simple_hits_counter_projectAtif N
Product-srs_simple_hits_counterSRS Simple Hits Counter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23704
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 07:35
Updated-17 Oct, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Comments Ratings Plugin <= 1.1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.6 versions.

Action-Not Available
Vendor-pixelgradePixelgrade
Product-comments_ratingComments Ratings
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-22688
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.14%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 08:37
Updated-09 Jan, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Tabs Slides Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs Slides plugin <= 2.0.3 versions.

Action-Not Available
Vendor-wp_tabs_slides_projectAbdul Ibad
Product-wp_tabs_slidesWP Tabs Slides
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-22942
Matching Score-4
Assigner-Splunk Inc.
ShareView Details
Matching Score-4
Assigner-Splunk Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.78%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 17:22
Updated-28 Feb, 2025 | 11:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk Enterprise

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG KV store collections using an HTTP GET request.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunkSplunk Enterprise
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23721
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.33%
||
7 Day CHG~0.00%
Published-20 Mar, 2023 | 11:27
Updated-10 Jan, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Admin Log Plugin <= 1.50 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin Log plugin <= 1.50 versions.

Action-Not Available
Vendor-admin_log_projectDavid Gwyer
Product-admin_logAdmin Log
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23659
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 28.88%
||
7 Day CHG+0.01%
Published-23 Feb, 2023 | 14:46
Updated-13 Jan, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MainWP Matomo Extension Plugin <= 4.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Extension <= 4.0.4 versions.

Action-Not Available
Vendor-mainwpMainWP
Product-motomoMainWP Matomo Extension
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-22694
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 12:34
Updated-17 Oct, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BigContact Plugin <= 1.5.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Arian Khosravi, Norik Davtian BigContact Contact Page plugin <= 1.5.8 versions.

Action-Not Available
Vendor-bigcontact_contact_page_projectArian Khosravi, Norik Davtian
Product-bigcontact_contact_pageBigContact Contact Page
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23711
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.32%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 14:07
Updated-13 Jan, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress A2 Optimized WP Plugin <= 3.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optimized WP plugin <= 3.0.4 versions.

Action-Not Available
Vendor-a2hostingA2 Hosting
Product-a2_optimizedA2 Optimized WP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23646
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.54%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 10:50
Updated-07 Oct, 2024 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Album Gallery – WordPress Gallery Plugin <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery – WordPress Gallery plugin <= 1.4.9 versions.

Action-Not Available
Vendor-A WP Life
Product-album_galleryAlbum Gallery – WordPress Gallery
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53197
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.88%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:20
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cookiebot plugin <= 4.5.8 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in cookiebot Cookiebot allows Cross Site Request Forgery. This issue affects Cookiebot: from n/a through 4.5.8.

Action-Not Available
Vendor-cookiebot
Product-Cookiebot
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53569
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.88%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 08:42
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Trust Payments Gateway for WooCommerce (JavaScript Library) plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Trust Payments Trust Payments Gateway for WooCommerce (JavaScript Library) allows Cross Site Request Forgery. This issue affects Trust Payments Gateway for WooCommerce (JavaScript Library): from n/a through 1.3.6.

Action-Not Available
Vendor-Trust Payments
Product-Trust Payments Gateway for WooCommerce (JavaScript Library)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53203
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.88%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce PDF Invoice Builder plugin <= 1.2.148 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder allows Cross Site Request Forgery. This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.148.

Action-Not Available
Vendor-EDGARROJAS
Product-WooCommerce PDF Invoice Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 14
  • 15
  • 16
  • ...
  • 41
  • 42
  • Next
Details not found