Total
9101 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54419 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in chenyenming Ui Slider Filter By Price ui-slider-filter-by-price allows Cross Site Request Forgery.This issue affects Ui Slider Filter By Price: from n/a through <= 1.1. | ||||
| CVE-2024-53778 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs essential-breadcrumbs allows Stored XSS.This issue affects Essential Breadcrumbs: from n/a through <= 1.1.1. | ||||
| CVE-2024-32089 | 2 Supsystic, Wordpress | 2 Digital Publications By Supsystic, Wordpress | 2026-04-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. | ||||
| CVE-2024-32088 | 2026-04-15 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.15.20. | ||||
| CVE-2024-13510 | 2 Shopsite, Wordpress | 2 Shopsite, Wordpress | 2026-04-15 | 6.1 Medium |
| The ShopSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.10. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-62896 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in digitaldonkey Multilang Contact Form multilang-contact-form allows Stored XSS.This issue affects Multilang Contact Form: from n/a through <= 1.5. | ||||
| CVE-2026-25024 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Cross Site Request Forgery.This issue affects ThirstyAffiliates: from n/a through <= 3.11.9. | ||||
| CVE-2025-31570 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wp-buy Related Posts Widget with Thumbnails advanced-css3-related-posts-widget allows Stored XSS.This issue affects Related Posts Widget with Thumbnails: from n/a through <= 1.2. | ||||
| CVE-2019-25233 | 1 Ave | 1 Dominaplus | 2026-04-15 | 5.3 Medium |
| AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and execute arbitrary scripts in user browser sessions. | ||||
| CVE-2024-13560 | 2026-04-15 | 4.3 Medium | ||
| The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-32091 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo Sangar Slider.This issue affects Sangar Slider: from n/a through 1.3.2. | ||||
| CVE-2025-5930 | 2026-04-15 | 4.3 Medium | ||
| The WP2HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-50044 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Cross Site Request Forgery.This issue affects Real Estate Manager: from n/a through <= 7.3. | ||||
| CVE-2025-63060 | 2 Hogash, Wordpress | 2 Kallyas, Wordpress | 2026-04-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in hogash KALLYAS kallyas allows Cross Site Request Forgery.This issue affects KALLYAS: from n/a through < 4.25.0. | ||||
| CVE-2024-30560 | 2026-04-15 | 9.6 Critical | ||
| Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4. | ||||
| CVE-2024-32097 | 2026-04-15 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through 4.1. | ||||
| CVE-2024-31086 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Change default login logo,url and title allows Cross-Site Scripting (XSS).This issue affects Change default login logo,url and title: from n/a through 2.0. | ||||
| CVE-2025-58800 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Steve Truman WP Email Template wp-email-template allows Cross Site Request Forgery.This issue affects WP Email Template: from n/a through <= 2.8.5. | ||||
| CVE-2025-58688 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Casengo Casengo Live Chat Support the-casengo-chat-widget allows Stored XSS.This issue affects Casengo Live Chat Support: from n/a through <= 2.1.4. | ||||
| CVE-2024-32773 | 2026-04-15 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Royal Elementor Kit.This issue affects Royal Elementor Kit: from n/a through 1.0.116. | ||||