Total
8353 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-51157 | 2 07fly, Zero Takeoff | 2 07flycms, 07flycms | 2025-04-18 | 4.7 Medium |
| 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.html. | ||||
| CVE-2025-21576 | 1 Oracle | 1 Commerce Platform | 2025-04-17 | 5.4 Medium |
| Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2025-32655 | 2025-04-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in DevriX Restrict User Registration allows Stored XSS. This issue affects Restrict User Registration: from n/a through 1.0.1. | ||||
| CVE-2025-39443 | 2025-04-17 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.9.0. | ||||
| CVE-2025-39414 | 2025-04-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Mike spam-stopper allows Stored XSS. This issue affects spam-stopper: from n/a through 3.1.3. | ||||
| CVE-2025-39415 | 2025-04-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links allows Stored XSS. This issue affects Social Media Links: from n/a through 1.0.3. | ||||
| CVE-2025-39440 | 2025-04-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover allows Stored XSS. This issue affects Broken Links Remover: from n/a through 1.2.2. | ||||
| CVE-2025-32545 | 2025-04-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in SOFTAGON WooCommerce Products without featured images allows Reflected XSS. This issue affects WooCommerce Products without featured images: from n/a through 0.1. | ||||
| CVE-2025-39417 | 2025-04-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Eslam Mahmoud Redirect wordpress to welcome or landing page allows Stored XSS. This issue affects Redirect wordpress to welcome or landing page: from n/a through 2.0. | ||||
| CVE-2025-39435 | 2025-04-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in davidfcarr My Marginalia allows Stored XSS. This issue affects My Marginalia: from n/a through 1.0.6. | ||||
| CVE-2025-39453 | 2025-04-17 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in algol.plus Advanced Dynamic Pricing for WooCommerce allows Cross Site Request Forgery. This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.9.3. | ||||
| CVE-2025-39423 | 2025-04-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Jenst Add to Header allows Stored XSS. This issue affects Add to Header: from n/a through 1.0. | ||||
| CVE-2025-39455 | 2025-04-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ip2location IP2Location Variables allows Reflected XSS. This issue affects IP2Location Variables: from n/a through 2.9.5. | ||||
| CVE-2025-39431 | 2025-04-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Aaron Forgue Amazon Showcase WordPress Plugin allows Stored XSS. This issue affects Amazon Showcase WordPress Plugin: from n/a through 2.2. | ||||
| CVE-2025-39419 | 2025-04-17 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in David Miller Revision Diet allows Stored XSS. This issue affects Revision Diet: from n/a through 1.0.1. | ||||
| CVE-2025-39425 | 2025-04-17 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in pixelgrade Style Manager allows Cross Site Request Forgery. This issue affects Style Manager: from n/a through 2.2.7. | ||||
| CVE-2023-51402 | 1 Brainstormforce | 1 Ultimate Addons For Wpbakery Page Builder | 2025-04-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.17. | ||||
| CVE-2023-52072 | 1 Flycms Project | 1 Flycms | 2025-04-17 | 8.8 High |
| FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte. | ||||
| CVE-2023-50931 | 1 Savignano | 1 S\/notify | 2025-04-17 | 8.3 High |
| An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Bitbucket, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be. | ||||
| CVE-2023-52130 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2025-04-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31. | ||||