Total
8504 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13366 | 1 Wordpress | 1 Wordpress | 2025-12-12 | 4.3 Medium |
| The Rabbit Hole plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the plugin's reset functionality. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The vulnerability is exacerbated by the fact that the reset operation is performed via a GET request, making exploitation trivial via image tags or hyperlinks. | ||||
| CVE-2025-14117 | 1 Fit2cloud | 1 Halo | 2025-12-12 | 4.3 Medium |
| A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-67472 | 2 Vcita, Wordpress | 3 Online Booking & Scheduling Calendar For Wordpress By Vcita, Online Booking \& Scheduling Calendar, Wordpress | 2025-12-12 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <= 4.5.5. | ||||
| CVE-2024-43192 | 1 Ibm | 5 Diamondback Tape Library, Diamondback Tape Library Firmware, Storage Ts4500 Library and 2 more | 2025-12-11 | 6.5 Medium |
| IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2024-36076 | 1 Syslifters | 1 Sysreptor | 2025-12-11 | 8.8 High |
| Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session. | ||||
| CVE-2025-49351 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through <= 1.3.1. | ||||
| CVE-2025-49347 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Jupitercow WP sIFR wp-sifr allows Stored XSS.This issue affects WP sIFR: from n/a through <= 0.6.8.1. | ||||
| CVE-2025-49341 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Alex Furr PDF Creator Lite pdf-creator-lite allows Stored XSS.This issue affects PDF Creator Lite: from n/a through <= 1.2. | ||||
| CVE-2025-67473 | 2 Codeworkweb, Wordpress | 2 Cww Companion, Wordpress | 2025-12-11 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in codeworkweb CWW Companion cww-companion allows Cross Site Request Forgery.This issue affects CWW Companion: from n/a through <= 1.3.2. | ||||
| CVE-2025-67471 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Cross Site Request Forgery.This issue affects Quick Contact Form: from n/a through <= 8.2.5. | ||||
| CVE-2025-67469 | 2 Kubiq, Wordpress | 2 Pdf Thumbnail Generator, Wordpress | 2025-12-11 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in kubiq PDF Thumbnail Generator pdf-thumbnail-generator allows Cross Site Request Forgery.This issue affects PDF Thumbnail Generator: from n/a through <= 1.4. | ||||
| CVE-2025-67465 | 2 Quantumcloud, Wordpress | 2 Simple Link Directory, Wordpress | 2025-12-11 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Cross Site Request Forgery.This issue affects Simple Link Directory: from n/a through <= 8.8.3. | ||||
| CVE-2025-66531 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Cross Site Request Forgery.This issue affects Salon booking system: from n/a through <= 10.30.3. | ||||
| CVE-2025-66529 | 2 Ays-pro, Wordpress | 2 Chartify, Wordpress | 2025-12-11 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.6.3. | ||||
| CVE-2025-64256 | 2 Presstigers, Wordpress | 2 Simple Folio, Wordpress | 2025-12-11 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Folio simple-folio allows Cross Site Request Forgery.This issue affects Simple Folio: from n/a through <= 1.1.0. | ||||
| CVE-2025-59132 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Badi Jones Duplicate Content Cure duplicate-content-cure allows Cross Site Request Forgery.This issue affects Duplicate Content Cure: from n/a through <= 1.0. | ||||
| CVE-2025-62739 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Cross Site Request Forgery.This issue affects Add Custom Codes: from n/a through <= 4.80. | ||||
| CVE-2025-62102 | 2 Apasionados, Wordpress | 2 Dofollow Case By Case, Wordpress | 2025-12-11 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Cross Site Request Forgery.This issue affects DoFollow Case by Case: from n/a through <= 3.5.1. | ||||
| CVE-2025-62103 | 2 Wordpress, Wpmediadownload | 2 Wordpress, Media Library File Download | 2025-12-11 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in wpmediadownload Media Library File Download media-download allows Cross Site Request Forgery.This issue affects Media Library File Download: from n/a through <= 1.4. | ||||
| CVE-2025-65962 | 1 Enalean | 1 Tuleap | 2025-12-10 | 4.6 Medium |
| Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763803709 and Tuleap Enterprise Edition versions prior to 17.0-4 and 16.13-9 are mission CSRF protections in its tracker field dependencies, allowing attackers to modify tracker fields. This issue is fixed in Tuleap Community Edition version 17.0.99.1763803709 and Tuleap Enterprise Edition versions 17.0-4 and 16.13-9. | ||||