Total
9105 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9944 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Professional Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the watch_for_contact_form_submit function. This makes it possible for unauthenticated attackers to trigger test email sending via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-38764 | 2026-04-15 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Marsian allows Cross Site Request Forgery.This issue affects i-transform: from n/a through 3.0.9. | ||||
| CVE-2024-53713 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in rickota Silverlight Video Player smooth-streaming-player allows Stored XSS.This issue affects Silverlight Video Player: from n/a through <= 1.0. | ||||
| CVE-2025-13685 | 2 Ays-pro, Wordpress | 2 Photo Gallery, Wordpress | 2026-04-15 | 4.3 Medium |
| The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.8. This is due to missing nonce verification on the bulk action functionality in the 'process_bulk_action()' function. This makes it possible for unauthenticated attackers to perform bulk operations (delete, publish, or unpublish galleries) via a forged request granted they can trick an administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-53726 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in RealtyCandy.com RealtyCandy IDX Broker Extended realtycandy-idx-broker-extended allows Stored XSS.This issue affects RealtyCandy IDX Broker Extended: from n/a through <= 1.5.1. | ||||
| CVE-2024-53729 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in plumwd Blizzard Quotes blizzard-quotes allows Stored XSS.This issue affects Blizzard Quotes: from n/a through <= 1.3. | ||||
| CVE-2024-53732 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in wpwox Footer Flyout Widget footer-flyout-widget allows Stored XSS.This issue affects Footer Flyout Widget: from n/a through <= 1.1. | ||||
| CVE-2025-30967 | 2026-04-15 | 9.6 Critical | ||
| Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a. | ||||
| CVE-2024-31424 | 1 Idehweb | 1 Login With Phone Number | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.6.93. | ||||
| CVE-2018-25151 | 1 Ecessa | 1 Wanworx Wvr-30 | 2026-04-15 | 4.3 Medium |
| Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an authenticated administrator into loading the page. | ||||
| CVE-2026-25014 | 2 Themelooks, Wordpress | 2 Enter Addons, Wordpress | 2026-04-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through <= 2.3.2. | ||||
| CVE-2024-48047 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Razon Komar Pal Linked Variation for WooCommerce linked-variation-for-woocommerce allows Cross Site Request Forgery.This issue affects Linked Variation for WooCommerce: from n/a through <= 1.0.5. | ||||
| CVE-2024-37925 | 2026-04-15 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in BUDDYBOSS LLC BuddyBoss Theme allows Cross Site Request Forgery.This issue affects BuddyBoss Theme: from n/a through 2.4.61. | ||||
| CVE-2025-29005 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Cross Site Request Forgery.This issue affects HR Management Lite: from n/a through <= 3.6. | ||||
| CVE-2025-58859 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Add to Feedly add-to-feedly allows Stored XSS.This issue affects Add to Feedly: from n/a through <= 1.2.11. | ||||
| CVE-2024-11342 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The Skt NURCaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing or incorrect nonce validation in the skt-nurc-admin.php file. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-9634 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Plugin updates blocker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the pub_save action handler. This makes it possible for unauthenticated attackers to disable or enable plugin updates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-9617 | 2 Evidentlycube, Wordpress | 2 Publish Approval Plugin, Wordpress | 2026-04-15 | 5.3 Medium |
| The Publish approval plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the publish_save_option function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-53779 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in 8bitkid Yahoo! WebPlayer yahoo-media-player allows Stored XSS.This issue affects Yahoo! WebPlayer: from n/a through <= 2.0.6. | ||||
| CVE-2025-28984 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce subscriptions-renewal-reminders allows Cross Site Request Forgery.This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through <= 1.4.1. | ||||