Total
9103 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4086 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The CM Tooltip Glossary – Powerful Glossary Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.11. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the plugin's settings or reset them via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-51657 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Woopy Plugins SmartLink Dynamic URLs smartlink-dinamic-urls allows Stored XSS.This issue affects SmartLink Dynamic URLs: from n/a through <= 1.1.0. | ||||
| CVE-2024-51656 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in litefeel Flash Show And Hide Box flash-show-and-hide-box allows Stored XSS.This issue affects Flash Show And Hide Box: from n/a through <= 1.6. | ||||
| CVE-2025-23577 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Word Freshener word-freshener allows Stored XSS.This issue affects Word Freshener: from n/a through <= 1.3. | ||||
| CVE-2025-32480 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in dalziel Windows Live Writer windows-live-writer allows Stored XSS.This issue affects Windows Live Writer: from n/a through <= 0.1. | ||||
| CVE-2025-49435 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Hasina77 Wp Easy Allopass wordpress-easy-allopass allows Cross Site Request Forgery.This issue affects Wp Easy Allopass: from n/a through <= 4.1.1. | ||||
| CVE-2025-23649 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Kreg Steppe Auphonic Importer auphonic-importer allows Stored XSS.This issue affects Auphonic Importer: from n/a through <= 1.5.1. | ||||
| CVE-2025-31904 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Infoway LLC Ebook Downloader ebook-downloader allows Cross Site Request Forgery.This issue affects Ebook Downloader: from n/a through <= 1.0. | ||||
| CVE-2025-49284 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Maintenance Mode & Site Under Construction wp-maintenance-mode-site-under-construction allows Cross Site Request Forgery.This issue affects WP Maintenance Mode & Site Under Construction: from n/a through <= 4.3. | ||||
| CVE-2025-31915 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Cross Site Request Forgery.This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through <= 1.0.3. | ||||
| CVE-2025-60137 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Post Featured Video post-featured-video allows Cross Site Request Forgery.This issue affects Post Featured Video: from n/a through <= 1.7. | ||||
| CVE-2025-60139 | 2 Joovii, Wordpress | 2 Sendle Shipping, Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Cross Site Request Forgery.This issue affects Sendle Shipping: from n/a through <= 6.02. | ||||
| CVE-2024-54414 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in geoWP Geoportail Shortcode geoportail-shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through <= 2.4.4. | ||||
| CVE-2025-49283 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Matthias Nordwig Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant gdpr-compliant-recaptcha-for-all-forms allows Cross Site Request Forgery.This issue affects Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant: from n/a through <= 4.1.1. | ||||
| CVE-2025-39517 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Basic Interactive World Map basic-interactive-world-map allows Cross Site Request Forgery.This issue affects Basic Interactive World Map: from n/a through <= 2.7. | ||||
| CVE-2025-39512 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Yuya Hoshino Bulk Term Editor bulk-term-editor allows Cross Site Request Forgery.This issue affects Bulk Term Editor: from n/a through <= 1.1.4. | ||||
| CVE-2025-60145 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in yonifre Lenix scss compiler lenix-scss-compiler allows Cross Site Request Forgery.This issue affects Lenix scss compiler: from n/a through <= 1.2. | ||||
| CVE-2025-23720 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Marco Castelluccio Web Push web-push allows Stored XSS.This issue affects Web Push: from n/a through <= 1.4.0. | ||||
| CVE-2025-12173 | 2 Winkm89, Wordpress | 2 Wp Admin Microblog, Wordpress | 2026-04-15 | 4.3 Medium |
| The WP Admin Microblog plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'wp-admin-microblog' page. This makes it possible for unauthenticated attackers to send messages on behalf of an administrator via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-50255 | 1 Bpcbt | 2 Smartvista, Smartvista Backoffice | 2026-04-15 | 7.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request. | ||||