Total
9104 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43927 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Till Krüss Email Address Encoder email-address-encoder allows Cross Site Request Forgery.This issue affects Email Address Encoder: from n/a through <= 1.0.23. | ||||
| CVE-2025-30823 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize anthologize allows Cross Site Request Forgery.This issue affects Anthologize: from n/a through <= 0.8.2. | ||||
| CVE-2024-4463 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.7. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-30865 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in fuzzoid 3DPrint Lite 3dprint-lite allows Cross Site Request Forgery.This issue affects 3DPrint Lite: from n/a through <= 2.1.3.5. | ||||
| CVE-2025-59137 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through <= 1.7.5. | ||||
| CVE-2024-32092 | 2026-04-15 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Bester Kimili Flash Embed.This issue affects Kimili Flash Embed: from n/a through 2.5.3. | ||||
| CVE-2024-11689 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| The HQ Rental Software plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.29. This is due to missing or incorrect nonce validation on the displaySettingsPage() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-4409 | 2026-04-15 | 4.3 Medium | ||
| The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-32093 | 2026-04-15 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Nose Graze Novelist.This issue affects Novelist: from n/a through 1.2.2. | ||||
| CVE-2024-51687 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Platform.ly Platform.ly Official platformly allows Stored XSS.This issue affects Platform.ly Official: from n/a through <= 1.1.3. | ||||
| CVE-2024-33691 | 2026-04-15 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup Builder Team OptinMonster.This issue affects OptinMonster: from n/a through 2.15.3. | ||||
| CVE-2024-51684 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu W3P SEO wp-perfect-plugin allows Stored XSS.This issue affects W3P SEO: from n/a through < 1.8.6. | ||||
| CVE-2024-51658 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Henrik Hoff WP Course Manager wp-course-manager allows Stored XSS.This issue affects WP Course Manager: from n/a through <= 1.3. | ||||
| CVE-2024-51655 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in microkid Custom Author URL author-slug allows Stored XSS.This issue affects Custom Author URL: from n/a through <= 2.0.1. | ||||
| CVE-2024-51652 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in marckocher Skip To skip-to allows Stored XSS.This issue affects Skip To: from n/a through <= 2.0.0. | ||||
| CVE-2024-51649 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Patrick Lumumba Mobilize mobilize allows Stored XSS.This issue affects Mobilize: from n/a through <= 3.0.7. | ||||
| CVE-2024-51648 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in hands01 e-shops e-shops-cart2 allows Reflected XSS.This issue affects e-shops: from n/a through <= 1.0.3. | ||||
| CVE-2024-51645 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in themefusecom ThemeFuse Maintenance Mode themefuse-maintenance-mode allows Stored XSS.This issue affects ThemeFuse Maintenance Mode: from n/a through <= 1.1.3. | ||||
| CVE-2025-14062 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Animated Pixel Marquee Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery via the 'marquee' parameter in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the marquee deletion function. This makes it possible for unauthenticated attackers to delete arbitrary marquees via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-51644 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in samwilson Addressbook addressbook allows Stored XSS.This issue affects Addressbook: from n/a through <= 1.1.3. | ||||