ByteOS Network

Hesabfa Accounting

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

4Vulnerabilities found

CVE-2025-48362

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-Not Assigned

Published-28 Aug, 2025 | 12:37

Updated-29 Aug, 2025 | 16:24

WordPress Hesabfa Accounting plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Cross Site Request Forgery. This issue affects Hesabfa Accounting: from n/a through 2.2.4.

Vendor-Saeed Sattar Beglou

Product-Hesabfa Accounting

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2025-48361

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-5.3||MEDIUM

EPSS-Not Assigned

Published-28 Aug, 2025 | 12:37

Updated-28 Aug, 2025 | 14:45

WordPress Hesabfa Accounting plugin <= 2.2.4 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Retrieve Embedded Sensitive Data. This issue affects Hesabfa Accounting: from n/a through 2.2.4.

Vendor-Saeed Sattar Beglou

Product-Hesabfa Accounting

CWE ID-CWE-201

Insertion of Sensitive Information Into Sent Data

CVE-2025-30815

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-4.3||MEDIUM

EPSS-0.01% / 1.27%

7 Day CHG-0.01%

Published-27 Mar, 2025 | 10:55

Updated-27 Mar, 2025 | 18:56

WordPress Hesabfa Accounting plugin <= 2.1.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Cross Site Request Forgery. This issue affects Hesabfa Accounting: from n/a through 2.1.8.

Vendor-Saeed Sattar Beglou

Product-Hesabfa Accounting

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2025-22682

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.04% / 12.98%

7 Day CHG~0.00%

Published-03 Feb, 2025 | 14:23

Updated-03 Feb, 2025 | 15:19

WordPress Hesabfa Accounting Plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hesabfa Hesabfa Accounting allows Reflected XSS. This issue affects Hesabfa Accounting: from n/a through 2.1.2.

Vendor-Hesabfa

Product-Hesabfa Accounting

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')