Total
8331 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9894 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the crsf_cron_job_func function. This makes it possible for unauthenticated attackers to trigger content synchronization from Feedly, potentially creating multiple posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-9944 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| The Professional Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the watch_for_contact_form_submit function. This makes it possible for unauthenticated attackers to trigger test email sending via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-9899 | 2 Trustreviews, Wordpress | 2 Trust Reviews Plugin, Wordpress | 2025-09-29 | 6.1 Medium |
| The Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the feed_save function. This makes it possible for unauthenticated attackers to create or modify feed entries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-9896 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.8. This is due to missing or incorrect nonce validation on the options.php settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-9893 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| The VM Menu Reorder plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the vm_set_to_default function. This makes it possible for unauthenticated attackers to reset all menu reordering settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-10499 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybe_opt_in() function. This makes it possible for unauthenticated attackers to opt an affected site into usage statistics collection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-10498 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated attackers to delete those files granted they can trick an administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-59845 | 1 Apollographql | 2 Apollo Explorer, Apollo Sandbox | 2025-09-29 | 8.2 High |
| Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victim’s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim’s cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3. | ||||
| CVE-2024-11142 | 1 Proticaret | 1 Proticaret | 2025-09-29 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.This issue affects Proticaret E-Commerce: before v6.0 NOTE: According to the vendor, fixing process is still ongoing for v4.05. | ||||
| CVE-2025-60093 | 2 Shahjada, Wordpress | 2 Download Manager, Wordpress | 2025-09-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download Manager allows Cross Site Request Forgery. This issue affects Download Manager: from n/a through 3.3.24. | ||||
| CVE-2024-24336 | 2 Koha, Koha-community | 2 Koha, Koha Library Software | 2025-09-29 | 8.1 High |
| A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and passwords of users visiting the affected page, via the 'Circulation note' and ‘Patrons Restriction’ components. | ||||
| CVE-2025-58914 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Di Themes Di Themes Demo Site Importer allows Cross Site Request Forgery. This issue affects Di Themes Demo Site Importer: from n/a through 1.2. | ||||
| CVE-2025-60111 | 2 Javothemes, Wordpress | 2 Javo Core, Wordpress | 2025-09-29 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in javothemes Javo Core allows Authentication Bypass. This issue affects Javo Core: from n/a through 3.0.0.266. | ||||
| CVE-2025-60115 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in instapagedev Instapage Plugin allows Cross Site Request Forgery. This issue affects Instapage Plugin: from n/a through 3.5.12. | ||||
| CVE-2025-60156 | 2 Webandprintdesign, Wordpress | 2 Ar For Wordpress, Wordpress | 2025-09-29 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress allows Upload a Web Shell to a Web Server. This issue affects AR For WordPress: from n/a through 7.98. | ||||
| CVE-2025-60173 | 3 Ashwani Kumar, Woocommerce, Wordpress | 3 Gst For Woocommerce, Woocommerce, Wordpress | 2025-09-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Ashwani kumar GST for WooCommerce allows Stored XSS. This issue affects GST for WooCommerce: from n/a through 2.0. | ||||
| CVE-2025-60145 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in yonifre Lenix scss compiler allows Cross Site Request Forgery. This issue affects Lenix scss compiler: from n/a through 1.2. | ||||
| CVE-2025-60164 | 2 Newsman, Wordpress | 2 Newsmanapp, Wordpress | 2025-09-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN NewsmanApp allows Stored XSS. This issue affects NewsmanApp: from n/a through 2.7.7. | ||||
| CVE-2025-60169 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technology W3SCloud Contact Form 7 to Zoho CRM allows Stored XSS. This issue affects W3SCloud Contact Form 7 to Zoho CRM: from n/a through 3.0. | ||||
| CVE-2025-60117 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in TangibleWP Vehica Core allows Cross Site Request Forgery. This issue affects Vehica Core: from n/a through 1.0.100. | ||||