Total
8331 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54598 | 1 Bevy | 2 Bevy, Event Service | 2025-09-09 | 6.5 Medium |
| The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI. | ||||
| CVE-2025-48104 | 1 Wordpress | 1 Wordpress | 2025-09-09 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in ericzane Floating Window Music Player allows Stored XSS. This issue affects Floating Window Music Player: from n/a through 3.4.2. | ||||
| CVE-2025-54174 | 1 Opensolution | 1 Quick.cms | 2025-09-08 | 4.3 Medium |
| QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | ||||
| CVE-2025-54541 | 1 Opensolution | 1 Quick.cms | 2025-09-08 | 4.3 Medium |
| QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | ||||
| CVE-2025-58801 | 1 Wordpress | 1 Wordpress | 2025-09-08 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in KCS Responder allows Cross Site Request Forgery. This issue affects Responder: from n/a through 4.3.8. | ||||
| CVE-2025-58800 | 2025-09-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Steve Truman WP Email Template allows Cross Site Request Forgery. This issue affects WP Email Template: from n/a through 2.8.3. | ||||
| CVE-2025-58806 | 2025-09-08 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in imjoehaines WordPress Error Monitoring by Bugsnag allows Stored XSS. This issue affects WordPress Error Monitoring by Bugsnag: from n/a through 1.6.3. | ||||
| CVE-2025-58804 | 2025-09-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in brijrajs WooCommerce Single Page Checkout allows Cross Site Request Forgery. This issue affects WooCommerce Single Page Checkout: from n/a through 1.2.7. | ||||
| CVE-2025-58802 | 2025-09-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in michalzagdan TrustMate.io – WooCommerce integration allows Cross Site Request Forgery. This issue affects TrustMate.io – WooCommerce integration: from n/a through 1.14.0. | ||||
| CVE-2025-27003 | 2 Fullworksplugins, Wordpress | 2 Quick Paypal Payments, Wordpress | 2025-09-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in fullworks Quick Paypal Payments allows Cross Site Request Forgery. This issue affects Quick Paypal Payments: from n/a through 5.7.46. | ||||
| CVE-2025-58843 | 1 Wordpress | 1 Wordpress | 2025-09-07 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Auto Last Youtube Video allows Stored XSS. This issue affects Auto Last Youtube Video: from n/a through 1.0.7. | ||||
| CVE-2025-58848 | 1 Wordpress | 1 Wordpress | 2025-09-07 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in aakash1911 WP likes allows Reflected XSS. This issue affects WP likes: from n/a through 3.1.1. | ||||
| CVE-2025-58818 | 1 Wordpress | 1 Wordpress | 2025-09-07 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in SwiftNinjaPro Developer Tools Blocker allows Cross Site Request Forgery. This issue affects Developer Tools Blocker: from n/a through 3.2.1. | ||||
| CVE-2025-58860 | 1 Wordpress | 1 Wordpress | 2025-09-07 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Enable Latex allows Stored XSS. This issue affects Enable Latex: from n/a through 1.2.16. | ||||
| CVE-2025-58831 | 1 Wordpress | 1 Wordpress | 2025-09-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in snagysandor Parallax Scrolling Enllax.js allows Cross Site Request Forgery. This issue affects Parallax Scrolling Enllax.js: from n/a through 0.0.6. | ||||
| CVE-2025-58833 | 1 Wordpress | 1 Wordpress | 2025-09-07 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity MyGLS connect allows Object Injection. This issue affects Invelity MyGLS connect: from n/a through 1.1.1. | ||||
| CVE-2025-58844 | 1 Wordpress | 1 Wordpress | 2025-09-07 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Subhash Kumar Database to Excel allows Stored XSS. This issue affects Database to Excel: from n/a through 1.0. | ||||
| CVE-2025-58799 | 2 Themelocation, Wordpress | 2 Custom Woocommerce Checkout Fields Editor, Wordpress | 2025-09-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in themelocation Custom WooCommerce Checkout Fields Editor allows Cross Site Request Forgery. This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.4. | ||||
| CVE-2025-58798 | 1 Wordpress | 1 Wordpress | 2025-09-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Bjorn Manintveld BCM Duplicate Menu allows Cross Site Request Forgery. This issue affects BCM Duplicate Menu: from n/a through 1.1.2. | ||||
| CVE-2025-58854 | 1 Wordpress | 1 Wordpress | 2025-09-07 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Samer Bechara Ultimate AJAX Login allows Reflected XSS. This issue affects Ultimate AJAX Login: from n/a through 1.2.1. | ||||