Total
8331 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58200 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Bage Flexible FAQ allows Cross Site Request Forgery. This issue affects Flexible FAQ: from n/a through 0.2. | ||||
| CVE-2025-58199 | 2 Fastly, Wordpress | 2 Fastly, Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28. | ||||
| CVE-2025-58032 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Bytes.co WP Compiler allows Cross Site Request Forgery. This issue affects WP Compiler: from n/a through 1.0.0. | ||||
| CVE-2025-58688 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Casengo Casengo Live Chat Support allows Stored XSS. This issue affects Casengo Live Chat Support: from n/a through 2.1.4. | ||||
| CVE-2025-58676 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in extendyourweb HORIZONTAL SLIDER allows Stored XSS. This issue affects HORIZONTAL SLIDER: from n/a through 2.4. | ||||
| CVE-2025-58690 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in ptibogxiv Doliconnect allows Stored XSS. This issue affects Doliconnect: from n/a through 9.5.7. | ||||
| CVE-2025-58687 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Current Age Plugin allows Stored XSS. This issue affects Current Age Plugin: from n/a through 1.6. | ||||
| CVE-2025-58677 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in puravida1976 ShrinkTheWeb (STW) Website Previews allows Stored XSS. This issue affects ShrinkTheWeb (STW) Website Previews: from n/a through 2.8.5. | ||||
| CVE-2025-58675 | 2 Tryinteract, Wordpress | 2 Interact, Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in tryinteract Interact: Embed A Quiz On Your Site allows Cross Site Request Forgery. This issue affects Interact: Embed A Quiz On Your Site: from n/a through 3.1. | ||||
| CVE-2025-58261 | 2 Presspage Entertainment, Wordpress | 2 Mavis Https To Http Redirection, Wordpress | 2025-09-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc Mavis HTTPS to HTTP Redirection allows Stored XSS. This issue affects Mavis HTTPS to HTTP Redirection: from n/a through 1.4.3. | ||||
| CVE-2025-58262 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in wpdirectorykit Sweet Energy Efficiency allows Stored XSS. This issue affects Sweet Energy Efficiency: from n/a through 1.0.6. | ||||
| CVE-2025-57992 | 2 Interserver, Wordpress | 2 Mail Baby Smtp, Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in InterServer Mail Baby SMTP allows Cross Site Request Forgery. This issue affects Mail Baby SMTP: from n/a through 2.8. | ||||
| CVE-2025-58224 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Printeers Printeers Print & Ship allows Cross Site Request Forgery. This issue affects Printeers Print & Ship: from n/a through 1.17.0. | ||||
| CVE-2024-41795 | 1 Siemens | 2 7kt Pac1260 Data Manager, 7kt Pac1260 Data Manager Firmware | 2025-09-23 | 6.5 Medium |
| A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device administrator to click on a malicious link. | ||||
| CVE-2025-59572 | 2 Purethemes, Wordpress | 2 Workscout Core, Wordpress | 2025-09-23 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core allows Cross Site Request Forgery. This issue affects WorkScout-Core: from n/a through n/a. | ||||
| CVE-2025-53456 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in activewebsight SEO Backlink Monitor allows Cross Site Request Forgery. This issue affects SEO Backlink Monitor: from n/a through 1.6.0. | ||||
| CVE-2025-57918 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in ERA404 LinkedInclude allows Stored XSS. This issue affects LinkedInclude: from n/a through 3.0.4. | ||||
| CVE-2025-57914 | 3 Matat Technologies, Woocommerce, Wordpress | 3 Deliver Via Shipos, Woocommerce, Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Matat Technologies Deliver via Shipos for WooCommerce allows Cross Site Request Forgery. This issue affects Deliver via Shipos for WooCommerce: from n/a through 3.0.2. | ||||
| CVE-2025-57946 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Loc Bui payOS allows Cross Site Request Forgery. This issue affects payOS: from n/a through 1.0.61. | ||||
| CVE-2025-9949 | 2 Webraketen, Wordpress | 2 Internal Links Manager Plugin, Wordpress | 2025-09-22 | 4.3 Medium |
| The Internal Links Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the link deletion functionality in the process_bulk_action() function. This makes it possible for unauthenticated attackers to delete SEO links via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||