Export limit exceeded: 23776 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43192 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43192 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9944 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12061 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.6 High |
| The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements | ||||
| CVE-2025-31401 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in mmetrodw MMX – Make Me Christmas mmx-make-me-christmas allows Stored XSS.This issue affects MMX – Make Me Christmas: from n/a through <= 1.0.0. | ||||
| CVE-2025-60134 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Media Categories wp-media-categories allows Cross Site Request Forgery.This issue affects WP Media Categories: from n/a through <= 2.1.0. | ||||
| CVE-2025-48104 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in ericzane Floating Window Music Player floating-window-music-player allows Stored XSS.This issue affects Floating Window Music Player: from n/a through <= 3.4.2. | ||||
| CVE-2024-27955 | 2 Wordpress, Wp Automatic | 2 Wordpress, Automatic | 2026-04-15 | 8.3 High |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0. | ||||
| CVE-2024-24705 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.This issue affects Accessibility: from n/a through 1.0.6. | ||||
| CVE-2025-64700 | 1 Growi | 1 Growi | 2026-04-15 | N/A |
| Cross-site request forgery vulnerability exists in GROWI v7.3.3 and earlier. If a user views a malicious page while logged in, the user may be tricked to do unintended operations. | ||||
| CVE-2025-32497 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in squiter Spoiler Block spoiler-block allows Stored XSS.This issue affects Spoiler Block: from n/a through <= 1.7. | ||||
| CVE-2025-31388 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in doa The World the-world allows Stored XSS.This issue affects The World: from n/a through <= 0.4. | ||||
| CVE-2024-4100 | 2 Elfsight, Wordpress | 2 Pricing Table, Wordpress | 2026-04-15 | 5.3 Medium |
| The Pricing Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the ajax() function. This makes it possible for unauthenticated attackers to perform a variety of actions related to managing pricing tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-58250 | 2 Apustheme, Wordpress | 2 Findgo, Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo fingo allows Authentication Bypass.This issue affects Findgo: from n/a through <= 1.3.55. | ||||
| CVE-2023-52235 | 1 Spacex Starlink Wi Fi Router Gen 2 | 1 Spacex Starlink Wi Fi Router Gen 2 | 2026-04-15 | 8.8 High |
| SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722-a9ee-de28928aed34 allow CSRF (e.g., for a reboot) via a DNS Rebinding attack. | ||||
| CVE-2024-56214 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro userpro allows Path Traversal.This issue affects Userpro: from n/a through <= 5.1.9. | ||||
| CVE-2025-31392 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Shameem Reza Smart Product Gallery Slider smart-product-gallery-slider allows Cross Site Request Forgery.This issue affects Smart Product Gallery Slider: from n/a through <= 1.0.4. | ||||
| CVE-2025-31390 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in bdoga Social Crowd social-crowd allows Stored XSS.This issue affects Social Crowd: from n/a through <= 0.9.6.1. | ||||
| CVE-2025-31399 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Chandan Garg CG Scroll To Top cg-scroll-to-top allows Stored XSS.This issue affects CG Scroll To Top: from n/a through <= 3.5. | ||||
| CVE-2025-22538 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Ofek Nakar Virtual Bot virtual-bot allows Stored XSS.This issue affects Virtual Bot: from n/a through <= 1.0.0. | ||||
| CVE-2025-12821 | 2 Spicethemes, Wordpress | 2 Newsblogger, Wordpress | 2026-04-15 | 8.8 High |
| The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is due to a reverted fix of CVE-2025-1305. | ||||
| CVE-2025-31054 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8. | ||||
| CVE-2024-0847 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in class-sbmm-list-table.php. This makes it possible for unauthenticated attackers to bulk delete messages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||