Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-27741

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-23 Feb, 2026 | 22:01
Updated At-23 Feb, 2026 | 22:02
Rejected At-
Credits

Bludit <= 3.16.1 CSRF in Plugin and Theme Management Endpoints

Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can induce an authenticated administrator to visit a malicious page that silently submits crafted requests, resulting in unauthorized plugin uninstallation or theme installation. This may lead to loss of functionality, execution of untrusted code via malicious themes, and compromise of system integrity.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:23 Feb, 2026 | 22:01
Updated At:23 Feb, 2026 | 22:02
Rejected At:
â–¼CVE Numbering Authority (CNA)
Bludit <= 3.16.1 CSRF in Plugin and Theme Management Endpoints

Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can induce an authenticated administrator to visit a malicious page that silently submits crafted requests, resulting in unauthorized plugin uninstallation or theme installation. This may lead to loss of functionality, execution of untrusted code via malicious themes, and compromise of system integrity.

Affected Products
Vendor
Bludit
Product
Bludit
Repo
https://github.com/bludit/bludit
Default Status
unknown
Versions
Affected
  • From 0 through 3.16.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Ryan Chan (@RyanC34)
finder
Beatriz Fresno Naumova
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/bludit/bludit/issues/1577
issue-tracking
https://www.vulncheck.com/advisories/bludit-csrf-in-plugin-and-theme-management-endpoints
third-party-advisory
Hyperlink: https://github.com/bludit/bludit/issues/1577
Resource:
issue-tracking
Hyperlink: https://www.vulncheck.com/advisories/bludit-csrf-in-plugin-and-theme-management-endpoints
Resource:
third-party-advisory
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:23 Feb, 2026 | 22:16
Updated At:23 Feb, 2026 | 22:16

Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can induce an authenticated administrator to visit a malicious page that silently submits crafted requests, resulting in unauthorized plugin uninstallation or theme installation. This may lead to loss of functionality, execution of untrusted code via malicious themes, and compromise of system integrity.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Primarydisclosure@vulncheck.com
CWE ID: CWE-352
Type: Primary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/bludit/bludit/issues/1577disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/bludit-csrf-in-plugin-and-theme-management-endpointsdisclosure@vulncheck.com
N/A
Hyperlink: https://github.com/bludit/bludit/issues/1577
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/bludit-csrf-in-plugin-and-theme-management-endpoints
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2125Records found
CVE-2020-10479
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.15%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 13:05
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request.

Action-Not Available
Vendor-chadhaajayn/a
Product-phpkbn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-38732
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 40.34%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 13:23
Updated-02 Jan, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Patricia Blog theme <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in VolThemes Patricia Blog allows Cross Site Request Forgery.This issue affects Patricia Blog: from n/a through 1.2.

Action-Not Available
Vendor-VolThemes
Product-Patricia Blog
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-38766
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:01
Updated-03 Jan, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Matomo Analytics plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) leading to Notice Dismissal vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Matomo Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from n/a through 5.1.1.

Action-Not Available
Vendor-Matomo
Product-Matomo Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-39408
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.73%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 11:57
Updated-16 Oct, 2024 | 13:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-magentocommerceAdobe Commercecommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2147
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 61.93%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 15:01
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-macJenkins Mac Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-31216
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.30%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 13:50
Updated-30 Sep, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Member Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.

Action-Not Available
Vendor-Ultimate Member Group Ltd
Product-ultimate_memberUltimate Member
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-38754
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:01
Updated-02 Jan, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tagbox plugin <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Taggbox allows Cross Site Request Forgery.This issue affects Taggbox: from n/a through 3.3.

Action-Not Available
Vendor-Tagbox
Product-Taggbox
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-38765
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:01
Updated-03 Jan, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Oceanic theme <= 1.0.48 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Freelancelot Oceanic allows Cross Site Request Forgery.This issue affects Oceanic: from n/a through 1.0.48.

Action-Not Available
Vendor-Freelancelot
Product-Oceanic
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-3932
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 29.77%
||
7 Day CHG~0.00%
Published-13 Nov, 2021 | 08:45
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in area17/twill

twill is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-area17area17
Product-twillarea17/twill
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2237
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 64.34%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 13:25
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision.

Action-Not Available
Vendor-Jenkins
Product-flaky_test_handlerJenkins Flaky Test Handler Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-3957
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.6||MEDIUM
EPSS-0.09% / 25.36%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 12:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-kimaikevinpapst
Product-kimai_2kevinpapst/kimai2
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-38762
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:01
Updated-02 Jan, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Event Tickets and Registration plugin <= 5.11.0.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar Event Tickets allows Cross Site Request Forgery.This issue affects Event Tickets: from n/a through 5.11.0.4.

Action-Not Available
Vendor-The Events Calendar
Product-Event Tickets
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-38763
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:01
Updated-02 Jan, 2025 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popularis Verse theme <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Verse allows Cross Site Request Forgery.This issue affects Popularis Verse: from n/a through 1.1.1.

Action-Not Available
Vendor-Themes4WP
Product-Popularis Verse
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3945
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.27%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 04:31
Updated-12 Feb, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_manage()

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_manage() function. This makes it possible for unauthenticated attackers to add new todo items via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-delowerdelower186
Product-wp_to_doWP To Do
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-38764
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.24%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 13:00
Updated-02 Jan, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress i-transform theme <= 3.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Marsian allows Cross Site Request Forgery.This issue affects i-transform: from n/a through 3.0.9.

Action-Not Available
Vendor-Marsian
Product-i-transform
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3947
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.27%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 04:31
Updated-12 Feb, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_settings

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_settings() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-delowerdelower186
Product-wp_to_doWP To Do
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3943
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.27%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 04:31
Updated-12 Feb, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_addcomment

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_addcomment function. This makes it possible for unauthenticated attackers to add comments to to do items via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-delowerdelower186
Product-wp_to_doWP To Do
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37467
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.13%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-03 Jan, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hestia theme <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ThemeIsle Hestia allows Cross Site Request Forgery.This issue affects Hestia: from n/a through 3.1.2.

Action-Not Available
Vendor-ThemeIsle
Product-Hestia
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-9633
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.07%
||
7 Day CHG~0.00%
Published-11 Sep, 2025 | 07:25
Updated-11 Sep, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LH Signing <= 2.83 - Cross-Site Request Forgery

The LH Signing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.83. This is due to missing or incorrect nonce validation on the plugin_options function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-shawfactor
Product-LH Signing
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37412
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 36.23%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-12 Jan, 2026 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blossom Shop theme <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Blossom Shop allows Cross Site Request Forgery.This issue affects Blossom Shop: from n/a through 1.1.7.

Action-Not Available
Vendor-blossomthemesBlossom Themes
Product-blossom_shopBlossom Shop
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37543
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:01
Updated-02 Jan, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Auction plugin <= 4.2.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Nitesh Singh Ultimate Auction allows Cross Site Request Forgery.This issue affects Ultimate Auction : from n/a through 4.2.5.

Action-Not Available
Vendor-Nitesh Singh
Product-Ultimate Auction
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37941
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.05%
||
7 Day CHG~0.00%
Published-12 Jul, 2024 | 13:42
Updated-02 Aug, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin <= 2.24.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Internal Link Juicer Internal Link Juicer: SEO Auto Linker for WordPress.This issue affects Internal Link Juicer: SEO Auto Linker for WordPress: from n/a through 2.24.3.

Action-Not Available
Vendor-Internal Link Juicer
Product-Internal Link Juicer: SEO Auto Linker for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37236
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Loco Translate plugin <= 2.6.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tim Whitlock Loco Translate allows Cross Site Request Forgery.This issue affects Loco Translate: from n/a through 2.6.9.

Action-Not Available
Vendor-Tim Whitlock
Product-Loco Translate
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37242
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Newspack Newsletters plugin <= 2.13.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Automattic Newspack Newsletters allows Cross Site Request Forgery.This issue affects Newspack Newsletters: from n/a through 2.13.2.

Action-Not Available
Vendor-Automattic Inc.
Product-Newspack Newsletters
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-9635
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 1.43%
||
7 Day CHG~0.00%
Published-11 Sep, 2025 | 07:24
Updated-11 Sep, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Analytics Reduce Bounce Rate <= 2.3 - Cross-Site Request Forgery

The Analytics Reduce Bounce Rate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the unbounce_options function. This makes it possible for unauthenticated attackers to modify Google Analytics tracking settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-ishan001
Product-Analytics Reduce Bounce Rate
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37413
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-09 Jan, 2026 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Preschool and Kindergarten theme <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Preschool and Kindergarten allows Cross Site Request Forgery.This issue affects Preschool and Kindergarten: from n/a through 1.2.1.

Action-Not Available
Vendor-rarathemesRara Theme
Product-preschool_and_kindergartenPreschool and Kindergarten
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-9891
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 1.08%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 01:53
Updated-17 Sep, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User Sync – Remote User Sync <= 1.0.2 - Cross-Site Request Forgery to Plugin Deactivation

The User Sync – Remote User Sync plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the mo_user_sync_form_handler() function. This makes it possible for unauthenticated attackers to deactivate the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-cyberlord92
Product-User Sync
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37238
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.13%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPAdverts – Classifieds plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Greg Winiarski WPAdverts – Classifieds Plugin allows Cross Site Request Forgery.This issue affects WPAdverts – Classifieds Plugin: from n/a through 2.1.2.

Action-Not Available
Vendor-Greg Winiarski
Product-WPAdverts – Classifieds Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34806
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.48%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 09:48
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Clearfy Cache plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Clearfy Cache.This issue affects Clearfy Cache: from n/a through 2.2.1.

Action-Not Available
Vendor-Creative Motion
Product-Clearfy Cache
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37473
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Trendy News theme <= 1.0.15 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in BlazeThemes Trendy News allows Cross Site Request Forgery.This issue affects Trendy News: from n/a through 1.0.15.

Action-Not Available
Vendor-BlazeThemes
Product-Trendy News
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37491
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rife Free theme <= 2.4.18 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Rife Free allows Cross Site Request Forgery.This issue affects Rife Free: from n/a through 2.4.18.

Action-Not Available
Vendor-Apollo13Themes
Product-Rife Free
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37243
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-07 Jan, 2026 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Vandana Lite theme <= 1.1.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Vandana Lite allows Cross Site Request Forgery.This issue affects Vandana Lite: from n/a through 1.1.9.

Action-Not Available
Vendor-blossomthemesBlossom Themes
Product-vandanaVandana Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37452
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 40.35%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 13:30
Updated-02 Jan, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Schema Lite theme <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop Schema Lite allows Cross Site Request Forgery.This issue affects Schema Lite: from n/a through 1.2.2.

Action-Not Available
Vendor-MyThemeShop
Product-Schema Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-8505
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 3.31%
||
7 Day CHG~0.00%
Published-03 Aug, 2025 | 08:02
Updated-04 Aug, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
495300897 wx-shop cross-site request forgery

A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Action-Not Available
Vendor-495300897
Product-wx-shop
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2020-2215
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 61.93%
||
7 Day CHG~0.00%
Published-02 Jul, 2020 | 14:55
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password.

Action-Not Available
Vendor-Jenkins
Product-zephyr_for_jira_test_managementJenkins Zephyr for JIRA Test Management Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37493
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.11%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Posterity theme <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SKT Themes Posterity allows Cross Site Request Forgery.This issue affects Posterity: from n/a through 3.3.

Action-Not Available
Vendor-Sonl Sinha (SKT Web Themes LLC)
Product-Posterity
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37272
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Travel Monster theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP Travel Engine Travel Monster allows Cross Site Request Forgery.This issue affects Travel Monster: from n/a through 1.1.2.

Action-Not Available
Vendor-WP Travel Engine
Product-Travel Monster
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37227
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.56%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 13:40
Updated-25 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Newsletters plugin <= 4.9.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7.

Action-Not Available
Vendor-tribulantTribulant
Product-newslettersNewsletters
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37518
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.11%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:01
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Events Calendar plugin <= 6.5.1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through 6.5.1.4.

Action-Not Available
Vendor-The Events Calendar
Product-The Events Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37938
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 41.93%
||
7 Day CHG~0.00%
Published-12 Jul, 2024 | 13:49
Updated-02 Aug, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SociallyViral theme <= 1.0.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop SociallyViral.This issue affects SociallyViral: from n/a through 1.0.10.

Action-Not Available
Vendor-MyThemeShop
Product-SociallyViral
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37448
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress OnePress theme <= 2.3.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in FameThemes OnePress allows Cross Site Request Forgery.This issue affects OnePress: from n/a through 2.3.6.

Action-Not Available
Vendor-FameThemes
Product-OnePress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37241
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 40.35%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 13:33
Updated-02 Jan, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Job Manager Resume Manager plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager - Resume Manager allows Cross Site Request Forgery.This issue affects WP Job Manager - Resume Manager: from n/a through 2.1.0.

Action-Not Available
Vendor-Automattic Inc.
Product-WP Job Manager - Resume Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37931
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 47.32%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 13:27
Updated-02 Jan, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Point theme <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Creativthemes Point allows Cross Site Request Forgery.This issue affects Point: from n/a through 1.1.

Action-Not Available
Vendor-Creativthemes
Product-Point
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37441
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NewsMash theme <= 1.0.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in DesertThemes NewsMash allows Cross Site Request Forgery.This issue affects NewsMash: from n/a through 1.0.34.

Action-Not Available
Vendor-DesertThemes
Product-NewsMash
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37451
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.39%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-08 Jan, 2026 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Travel Agency theme <= 1.4.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Travel Agency allows Cross Site Request Forgery.This issue affects Travel Agency: from n/a through 1.4.9.

Action-Not Available
Vendor-rarathemesRara Theme
Product-travel_agencyTravel Agency
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37426
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-09 Jan, 2026 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Elegant Pink theme 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Elegant Pink allows Cross Site Request Forgery.This issue affects Elegant Pink: from n/a through 1.3.0.

Action-Not Available
Vendor-rarathemesRara Theme
Product-elegant_pinkElegant Pink
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37458
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-03 Jan, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Highlight theme <= 1.0.29 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ExtendThemes Highlight allows Cross Site Request Forgery.This issue affects Highlight: from n/a through 1.0.29.

Action-Not Available
Vendor-ExtendThemes
Product-Highlight
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37450
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.39%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-08 Jan, 2026 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Benevolent theme <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Benevolent allows Cross Site Request Forgery.This issue affects Benevolent: from n/a through 1.3.4.

Action-Not Available
Vendor-rarathemesRara Theme
Product-benevolentBenevolent
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-3055
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 18.65%
||
7 Day CHG~0.00%
Published-02 Jun, 2023 | 23:37
Updated-20 Dec, 2024 | 23:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_save' function. This makes it possible for unauthenticated attackers to update the post content and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-azexoazexo
Product-page_builder_with_image_map_by_azexoPage Builder with Image Map by AZEXO
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37235
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.80%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-05 Jun, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Groundhogg plugin <= 3.4.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Groundhogg allows Cross Site Request Forgery.This issue affects Groundhogg: from n/a through 3.4.2.3.

Action-Not Available
Vendor-Groundhogg (Groundhogg Inc.)
Product-groundhoggGroundhogg
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 42
  • 43
  • Next
Details not found