Export limit exceeded: 23767 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9937 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58255 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images custom-post-types-image allows Code Injection.This issue affects Custom Post Type Images: from n/a through <= 0.5. | ||||
| CVE-2025-30549 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Yummly Yummly Rich Recipes yummly-rich-recipes allows Cross Site Request Forgery.This issue affects Yummly Rich Recipes: from n/a through <= 4.2. | ||||
| CVE-2024-37236 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Tim W Loco Translate loco-translate allows Cross Site Request Forgery.This issue affects Loco Translate: from n/a through <= 2.6.9. | ||||
| CVE-2025-32563 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in dangrossman WP Calais Auto Tagger calais-auto-tagger allows Cross Site Request Forgery.This issue affects WP Calais Auto Tagger: from n/a through <= 2.0. | ||||
| CVE-2025-30546 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in boroV Cackle cackle allows Cross Site Request Forgery.This issue affects Cackle: from n/a through <= 4.33. | ||||
| CVE-2025-14162 | 2 Magblogapi, Wordpress | 2 Bmlt Wordpress Plugin, Wordpress | 2026-04-15 | 4.3 Medium |
| The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.11.4. This is due to missing nonce validation on the 'BMLTPlugin_create_option' and 'BMLTPlugin_delete_option ' action. This makes it possible for unauthenticated attackers to create new plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-28954 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wphobby Backwp backwp allows Path Traversal.This issue affects Backwp: from n/a through <= 2.0.2. | ||||
| CVE-2025-28948 | 1 Codedraft | 1 Mediabay - Wordpress Media Library Folders | 2026-04-15 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in codedraft Mediabay - WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4. | ||||
| CVE-2025-28932 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in BCS Website Solutions Insert Code insert-code allows Stored XSS.This issue affects Insert Code: from n/a through <= 2.4. | ||||
| CVE-2025-28931 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in DevriX Hashtags wp-hashtags allows Stored XSS.This issue affects Hashtags: from n/a through <= 0.3.2. | ||||
| CVE-2025-28886 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through <= 5.1.2. | ||||
| CVE-2025-28884 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Kumar WP Bulk Post Duplicator wp-bulk-post-duplicator allows Cross Site Request Forgery.This issue affects WP Bulk Post Duplicator: from n/a through <= 1.2. | ||||
| CVE-2025-28883 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables wp-compare-tables allows Stored XSS.This issue affects WP Compare Tables: from n/a through <= 1.0.5. | ||||
| CVE-2025-2871 | 2026-04-15 | 4.3 Medium | ||
| The WordPress Mega Menu – QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajax_dismiss_notice() function. This makes it possible for unauthenticated attackers to update any user meta to a value of one, including wp_capabilities which could result in a privilege deescalation of an administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-12188 | 2 Wordpress, Wpmasterscom | 2 Wordpress, Posts Navigation Links For Sections And Headings | 2026-04-15 | 4.3 Medium |
| The Posts Navigation Links for Sections and Headings – Free by WP Masters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'wpm_navigation_links_settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-27344 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in filipstepanov Phee's LinkPreview linkpreview allows Cross Site Request Forgery.This issue affects Phee's LinkPreview: from n/a through <= 1.6.7. | ||||
| CVE-2025-27340 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Forge12 Interactive GmbH F12-Profiler f12-profiler allows Cross Site Request Forgery.This issue affects F12-Profiler: from n/a through <= 1.3.9. | ||||
| CVE-2025-32576 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows Upload a Web Shell to a Web Server.This issue affects WP shop: from n/a through <= 2.6.1. | ||||
| CVE-2025-66600 | 1 Yokogawa | 1 Fast/tools | 2026-04-15 | N/A |
| A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS (HTTP Strict Transport Security) configuration. When an attacker performs a Man in the middle (MITM) attack, communications with the web server could be sniffed. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 | ||||
| CVE-2025-27336 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Alex Prokopenko / JustCoded Just Variables just-wp-variables allows Cross Site Request Forgery.This issue affects Just Variables: from n/a through <= 1.2.3. | ||||