Search Results (9400 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-46815 1 Wptrio 1 Conditional Shipping For Woocommerce 2026-04-28 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions.
CVE-2022-46794 1 Weightbasedshipping 1 Woocommerce Weight Based Shipping 2026-04-28 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in weightbasedshipping.Com WooCommerce Weight Based Shipping plugin <= 5.4.1 versions.
CVE-2022-45850 1 Wordpress 1 Wordpress 2026-04-28 6.1 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9.
CVE-2022-45824 1 Elbtide 1 Advanced Booking Calendar 2026-04-28 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.
CVE-2022-45807 1 Wpvibes 1 Wp Mail Log 2026-04-28 5.4 Medium
Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions.
CVE-2022-45804 1 Robogallery 1 Robo Gallery 2026-04-28 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.9 leading to galleries hierarchy change, included plugin deactivate & activate.
CVE-2022-45079 1 Loginizer 1 Loginizer 2026-04-28 4.7 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions.
CVE-2022-45068 1 Mercadopago 1 Mercado Pago Payments For Woocommerce 2026-04-28 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin <= 6.3.1.
CVE-2022-45067 1 Devscred 1 Exclusive Addons For Elementor 2026-04-28 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions.
CVE-2022-44737 1 Tipsandtricks-hq 1 All In One Wp Security \& Firewall 2026-04-28 6.5 Medium
Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.
CVE-2022-41990 1 Cardozatechnologies 1 Cardoza-3d-tag-cloud 2026-04-28 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8.
CVE-2022-41685 1 Visztpeter 2 Integration For Szamlazz.hu \& Woocommerce, Package Points And Shipping Labels For Woocommerce 2026-04-28 5.4 Medium
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress.
CVE-2022-40692 1 Sunshinephotocart 1 Sunshine Photo Cart 2026-04-28 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions.
CVE-2022-38079 1 Backup Scheduler Project 1 Backup Scheduler 2026-04-28 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress.
CVE-2022-38063 1 Social Login Wp Project 1 Social Login Wp 2026-04-28 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plugin <= 5.0.0.0 versions.
CVE-2022-36388 1 Ydesignservices 1 Yds Support Ticket System 2026-04-28 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket System plugin <= 1.0 at WordPress.
CVE-2022-36379 1 Yookassa 1 Yukassa For Woocommerce 2026-04-28 8.8 High
Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress.
CVE-2022-33201 1 Mailerlite 1 Mailerlite Signup Forms 2026-04-28 6.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key.
CVE-2025-43296 1 Apple 1 Macos 2026-04-28 5.5 Medium
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks.
CVE-2026-40471 1 Hackage-server 1 Hackage-server 2026-04-28 9.6 Critical
hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly abusing latent credentials to upload packages or perform other administrative actions. Some unauthenticated actions could also be abused (e.g. creating new user accounts).