Total
9105 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5930 | 2026-04-15 | 4.3 Medium | ||
| The WP2HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-12173 | 2 Winkm89, Wordpress | 2 Wp Admin Microblog, Wordpress | 2026-04-15 | 4.3 Medium |
| The WP Admin Microblog plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'wp-admin-microblog' page. This makes it possible for unauthenticated attackers to send messages on behalf of an administrator via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-59009 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Astoundify Listify listify allows Cross Site Request Forgery.This issue affects Listify: from n/a through <= 3.2.5. | ||||
| CVE-2024-32435 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in perrinalexandre05 AffiEasy affieasy.This issue affects AffiEasy: from n/a through <= 1.1.4. | ||||
| CVE-2025-23677 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in DSmidge HTTP to HTTPS link changer by Eyga.net https-links-in-content allows Stored XSS.This issue affects HTTP to HTTPS link changer by Eyga.net: from n/a through <= 0.2.4. | ||||
| CVE-2025-23720 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Marco Castelluccio Web Push web-push allows Stored XSS.This issue affects Web Push: from n/a through <= 1.4.0. | ||||
| CVE-2025-60145 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in yonifre Lenix scss compiler lenix-scss-compiler allows Cross Site Request Forgery.This issue affects Lenix scss compiler: from n/a through <= 1.2. | ||||
| CVE-2024-32451 | 2 Wordpress, Wpwax | 2 Wordpress, Legal Pages | 2026-04-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.4.2. | ||||
| CVE-2024-53779 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in 8bitkid Yahoo! WebPlayer yahoo-media-player allows Stored XSS.This issue affects Yahoo! WebPlayer: from n/a through <= 2.0.6. | ||||
| CVE-2025-14903 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing nonce validation on the scs_backend function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-54391 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in mattwalters WordPress Filter wordpress-filter allows Stored XSS.This issue affects WordPress Filter: from n/a through <= 1.4.1. | ||||
| CVE-2025-60139 | 2 Joovii, Wordpress | 2 Sendle Shipping, Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Cross Site Request Forgery.This issue affects Sendle Shipping: from n/a through <= 6.02. | ||||
| CVE-2024-54386 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart: from n/a through <= 3.9. | ||||
| CVE-2025-60137 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Post Featured Video post-featured-video allows Cross Site Request Forgery.This issue affects Post Featured Video: from n/a through <= 1.7. | ||||
| CVE-2024-54205 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Paloma Paloma Widget postman-widget allows Cross Site Request Forgery.This issue affects Paloma Widget: from n/a through <= 1.14. | ||||
| CVE-2024-54226 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in karlkiesinger Country Blocker country-blocker allows Stored XSS.This issue affects Country Blocker: from n/a through <= 3.2. | ||||
| CVE-2025-23715 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in RaymondDesign Post & Page Notes post-page-notes allows Stored XSS.This issue affects Post & Page Notes: from n/a through <= 0.1.1. | ||||
| CVE-2025-31915 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Cross Site Request Forgery.This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through <= 1.0.3. | ||||
| CVE-2025-64237 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Graham Quick Interest Slider quick-interest-slider allows Cross Site Request Forgery.This issue affects Quick Interest Slider: from n/a through <= 3.1.5. | ||||
| CVE-2025-64240 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in freshchat Freshchat freshchat allows Cross Site Request Forgery.This issue affects Freshchat: from n/a through <= 2.3.4. | ||||