Export limit exceeded: 344998 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9103 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27317 | 2 It-rays, Wordpress | 2 Rays Grid, Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in IT-RAYS RAYS Grid rays-grid allows Cross Site Request Forgery.This issue affects RAYS Grid: from n/a through <= 1.3.1. | ||||
| CVE-2025-27318 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ixiter Simple Google Sitemap simple-google-sitemap allows Cross Site Request Forgery.This issue affects Simple Google Sitemap: from n/a through <= 1.6. | ||||
| CVE-2025-13142 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete custom post types via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-13363 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The IMAQ Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the URL structure settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's URL structure settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-13519 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on multiple AJAX actions including 'save_data', 'delete_data', and 'add_popup'. This makes it possible for unauthenticated attackers to update the plugin's settings, delete map data, and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-13621 | 2 Teamdream, Wordpress | 2 Dream Gallery, Wordpress | 2026-04-15 | 6.1 Medium |
| The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-13685 | 2 Ays-pro, Wordpress | 2 Photo Gallery, Wordpress | 2026-04-15 | 4.3 Medium |
| The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.8. This is due to missing nonce verification on the bulk action functionality in the 'process_bulk_action()' function. This makes it possible for unauthenticated attackers to perform bulk operations (delete, publish, or unpublish galleries) via a forged request granted they can trick an administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-5925 | 2026-04-15 | 4.3 Medium | ||
| The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcss_options_subpanel() function. This makes it possible for unauthenticated attackers to update settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-4188 | 2026-04-15 | 6.1 Medium | ||
| The Advanced Reorder Image Text Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'reorder-simple-image-text-slider-setting' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-27336 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Alex Prokopenko / JustCoded Just Variables just-wp-variables allows Cross Site Request Forgery.This issue affects Just Variables: from n/a through <= 1.2.3. | ||||
| CVE-2025-22582 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Scott Nelle Uptime Robot uptime-robot allows Stored XSS.This issue affects Uptime Robot: from n/a through <= 0.1.3. | ||||
| CVE-2025-22589 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in bozdoz Quote Tweet quote-tweet allows Stored XSS.This issue affects Quote Tweet: from n/a through <= 0.7. | ||||
| CVE-2025-22590 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Prayer Times Anywhere prayer-times-anywhere allows Stored XSS.This issue affects Prayer Times Anywhere: from n/a through <= 2.0.1. | ||||
| CVE-2025-7685 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The Like & Share My Site plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the 'lsms_admin' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-8102 | 2026-04-15 | 5.4 Medium | ||
| The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the edd_sendwp_disconnect() and edd_sendwp_remote_install() functions. This makes it possible for unauthenticated attackers to deactivate or download and activate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-27339 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Will Anderson Minimum Password Strength minimum-password-strength allows Cross Site Request Forgery.This issue affects Minimum Password Strength: from n/a through <= 1.2.0. | ||||
| CVE-2025-9627 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirl_plugin_options function. This makes it possible for unauthenticated attackers to modify plugin settings including distance units, pace display preferences, style themes, and display positions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-22685 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in CheGevara29 Tags to Keywords tags-to-meta-keywords allows Stored XSS.This issue affects Tags to Keywords: from n/a through <= 1.0.1. | ||||
| CVE-2025-22688 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimited Page Sidebars unlimited-page-sidebars allows Stored XSS.This issue affects Unlimited Page Sidebars: from n/a through <= 0.2.6. | ||||
| CVE-2025-22690 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in DigiTimber DigiTimber cPanel Integration digitimber-cpanel-integration allows Stored XSS.This issue affects DigiTimber cPanel Integration: from n/a through <= 1.4.6. | ||||