Total
9102 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-51645 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in themefusecom ThemeFuse Maintenance Mode themefuse-maintenance-mode allows Stored XSS.This issue affects ThemeFuse Maintenance Mode: from n/a through <= 1.1.3. | ||||
| CVE-2025-50036 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows Cross Site Request Forgery.This issue affects Mailing Group Listserv: from n/a through <= 3.0.5. | ||||
| CVE-2019-25234 | 2026-04-15 | 5.3 Medium | ||
| SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulnerabilities by tricking logged-in users into visiting malicious websites or injecting malicious scripts into various application parameters. | ||||
| CVE-2024-51637 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in sroyalty Admin SMS Alert admin-sms-alert allows Stored XSS.This issue affects Admin SMS Alert: from n/a through <= 1.1.0. | ||||
| CVE-2025-39417 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Eslam Mahmoud Redirect wordpress to welcome or landing page redirect-to-welcome-or-landing-page allows Stored XSS.This issue affects Redirect wordpress to welcome or landing page: from n/a through <= 2.0. | ||||
| CVE-2024-51638 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Awesome Shortcodes For Genesis awesome-shortcodes-for-genesis allows Stored XSS.This issue affects Awesome Shortcodes For Genesis: from n/a through 1.1.8. | ||||
| CVE-2024-1416 | 2026-04-15 | 4.3 Medium | ||
| The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated attackers to invoke those functions. | ||||
| CVE-2025-29005 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Cross Site Request Forgery.This issue affects HR Management Lite: from n/a through <= 3.6. | ||||
| CVE-2025-48320 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in cuckoohello 百度分享按钮 baidushare-wp allows Stored XSS.This issue affects 百度分享按钮: from n/a through <= 1.0.6. | ||||
| CVE-2025-39433 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in beke_ro Bknewsticker bknewsticker allows Stored XSS.This issue affects Bknewsticker: from n/a through <= 1.0.5. | ||||
| CVE-2025-13194 | 2 Devsoftbaltic, Wordpress | 2 Surveyjs Drag Drop Wordpress Form Builder, Wordpress | 2026-04-15 | 4.3 Medium |
| The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce verification on the 'SurveyJS_RenameSurvey' AJAX action. This makes it possible for unauthenticated attackers to rename surveys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-30764 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in AntoineH Football Pool football-pool allows Cross Site Request Forgery.This issue affects Football Pool: from n/a through <= 2.12.2. | ||||
| CVE-2024-51644 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in samwilson Addressbook addressbook allows Stored XSS.This issue affects Addressbook: from n/a through <= 1.1.3. | ||||
| CVE-2025-32282 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics googleanalytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through <= 3.2.3. | ||||
| CVE-2025-31807 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in CloudRedux Product Notices for WooCommerce product-notices-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Notices for WooCommerce: from n/a through <= 1.3.4. | ||||
| CVE-2025-66097 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Igor Jerosimić I Order Terms i-order-terms allows Cross Site Request Forgery.This issue affects I Order Terms: from n/a through <= 1.5.0. | ||||
| CVE-2024-37240 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in sbouey Falang multilanguage falang allows Cross Site Request Forgery.This issue affects Falang multilanguage: from n/a through <= 1.3.51. | ||||
| CVE-2024-37238 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Greg Winiarski WPAdverts wpadverts allows Cross Site Request Forgery.This issue affects WPAdverts: from n/a through <= 2.1.2. | ||||
| CVE-2024-51641 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Juan Camilo Advanced PDF Generator advanced-pdf-generator allows Stored XSS.This issue affects Advanced PDF Generator: from n/a through <= 0.4.0. | ||||
| CVE-2024-53754 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Irish_Cathal Out Of Stock Badge out-of-stock-badge allows Cross Site Request Forgery.This issue affects Out Of Stock Badge: from n/a through <= 2.0. | ||||