Total
9105 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48311 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in OffClicks Invisible Optin invisible-optin allows Stored XSS.This issue affects Invisible Optin: from n/a through <= 1.0. | ||||
| CVE-2025-9625 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the maybe_restrict_content function. This makes it possible for unauthenticated attackers to trigger CSS selector detection functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2026-2023 | 2 Brikou, Wordpress | 2 Wp Plugin Info Card, Wordpress | 2026-04-15 | 4.3 Medium |
| The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajax_save_custom_plugin() function, which is disabled by prefixing the check with 'false &&'. This makes it possible for unauthenticated attackers to create or modify custom plugin entries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-48109 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Xavier Media XM-Backup xm-backup allows Stored XSS.This issue affects XM-Backup: from n/a through <= 0.9.1. | ||||
| CVE-2024-54386 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart: from n/a through <= 3.9. | ||||
| CVE-2024-54391 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in mattwalters WordPress Filter wordpress-filter allows Stored XSS.This issue affects WordPress Filter: from n/a through <= 1.4.1. | ||||
| CVE-2024-53946 | 1 Kuwfi | 1 Ac900 Router | 2026-04-15 | 8.8 High |
| The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection vulnerability in /goform/formMultiApnSetting. Successful exploitation can also lead to unauthorized configuration changes. | ||||
| CVE-2024-31086 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Change default login logo,url and title allows Cross-Site Scripting (XSS).This issue affects Change default login logo,url and title: from n/a through 2.0. | ||||
| CVE-2023-51681 | 2026-04-15 | 6.5 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicator – WordPress Migration & Backup Plugin.This issue affects Duplicator – WordPress Migration & Backup Plugin: from n/a through 1.5.7. | ||||
| CVE-2024-54409 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in fzmaster XPD Reduce Image Filesize xpd-reduce-image-filesize allows Stored XSS.This issue affects XPD Reduce Image Filesize: from n/a through <= 1.0. | ||||
| CVE-2025-57977 | 3 Woocommerce, Wordpress, Wpdesk | 3 Woocommerce, Wordpress, Flexible Pdf Invoices | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible PDF Invoices for WooCommerce & WordPress flexible-invoices allows Cross Site Request Forgery.This issue affects Flexible PDF Invoices for WooCommerce & WordPress: from n/a through <= 6.0.13. | ||||
| CVE-2024-54416 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Navdeep Wp Login with Ajax wp-login-with-ajax allows Stored XSS.This issue affects Wp Login with Ajax: from n/a through <= 0.6. | ||||
| CVE-2025-58272 | 2 Ntt-east, Ntt-west | 2 Web Caster, Web Caster | 2026-04-15 | N/A |
| Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page created by an attacker, the settings of the product may be unintentionally changed. | ||||
| CVE-2024-56232 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Alex Volkov WP Nice Loader wp-nice-loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through <= 0.1.0.4. | ||||
| CVE-2024-54418 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Diversified Technology Corp. DTC Documents dtc-documents allows Cross Site Request Forgery.This issue affects DTC Documents: from n/a through <= 1.1.05. | ||||
| CVE-2025-58611 | 2 Tickera, Wordpress | 2 Tickera, Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Tickera Tickera tickera-event-ticketing-system allows Cross Site Request Forgery.This issue affects Tickera: from n/a through <= 3.5.5.6. | ||||
| CVE-2025-49342 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in merzedes Custom Style custom-style allows Stored XSS.This issue affects Custom Style: from n/a through <= 1.0. | ||||
| CVE-2025-58676 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in extendyourweb HORIZONTAL SLIDER horizontal-slider allows Stored XSS.This issue affects HORIZONTAL SLIDER: from n/a through <= 2.4. | ||||
| CVE-2025-6055 | 2026-04-15 | 6.1 Medium | ||
| The Zen Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing or incorrect nonce validation on the 'zen-social-sticky/zen-sticky-social.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-5988 | 1 Redhat | 2 Ansible Automation Platform, Ansible Automation Platform Developer | 2026-04-15 | 5.3 Medium |
| A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda. | ||||