Total
8308 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-57978 | 1 Wordpress | 1 Wordpress | 2025-09-25 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in themespride Advanced Appointment Booking & Scheduling allows Cross Site Request Forgery. This issue affects Advanced Appointment Booking & Scheduling: from n/a through 1.9. | ||||
| CVE-2025-57977 | 3 Woocommerce, Wordpress, Wpdesk | 3 Woocommerce, Wordpress, Flexible Pdf Invoices | 2025-09-25 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible PDF Invoices for WooCommerce & WordPress allows Cross Site Request Forgery. This issue affects Flexible PDF Invoices for WooCommerce & WordPress: from n/a through 6.0.13. | ||||
| CVE-2025-8711 | 1 Ivanti | 5 Connect Secure, Neurons For Secure Access, Policy Secure and 2 more | 2025-09-24 | 5.4 Medium |
| CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute limited actions on behalf of the victim user. User interaction is required. | ||||
| CVE-2025-55147 | 1 Ivanti | 5 Connect Secure, Neurons For Secure Access, Policy Secure and 2 more | 2025-09-24 | 8.8 High |
| CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute sensitive actions on behalf of the victim user. User interaction is required | ||||
| CVE-2022-2355 | 1 Easy Username Updater Project | 1 Easy Username Updater | 2025-09-24 | 5.7 Medium |
| The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin | ||||
| CVE-2025-57960 | 2 Travelmap, Wordpress | 2 Travelmap, Wordpress | 2025-09-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in TravelMap Travel Map allows Cross Site Request Forgery. This issue affects Travel Map: from n/a through 1.0.3. | ||||
| CVE-2025-57927 | 2 Stephanie Leary, Wordpress | 2 Dashboard Notepad, Wordpress | 2025-09-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Dashboard Notepad allows Cross Site Request Forgery. This issue affects Dashboard Notepad: from n/a through 1.42. | ||||
| CVE-2025-57924 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6. | ||||
| CVE-2025-58956 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System allows Stored XSS. This issue affects WP Attractive Donations System: from n/a through n/a. | ||||
| CVE-2025-57902 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Md Taufiqur Rahman RIS Version Switcher – Downgrade or Upgrade WP Versions Easily allows Cross Site Request Forgery. This issue affects RIS Version Switcher – Downgrade or Upgrade WP Versions Easily: from n/a through 1.0. | ||||
| CVE-2025-58259 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in scriptsbundle Nokri allows Cross Site Request Forgery. This issue affects Nokri: from n/a through 1.6.4. | ||||
| CVE-2025-58014 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker allows Cross Site Request Forgery. This issue affects Quiz Maker: from n/a through 6.7.0.61. | ||||
| CVE-2025-57942 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 9.0. | ||||
| CVE-2025-57934 | 2 Lws, Wordpress | 2 Affiliation, Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Aurélien LWS LWS Affiliation allows Cross Site Request Forgery. This issue affects LWS Affiliation: from n/a through 2.3.6. | ||||
| CVE-2025-57933 | 2 Piotnet, Wordpress | 2 Piotnet Forms, Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in piotnetdotcom Piotnet Forms allows Cross Site Request Forgery. This issue affects Piotnet Forms: from n/a through 1.0.30. | ||||
| CVE-2025-57930 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in kanwei_doublethedonation Double the Donation allows Cross Site Request Forgery. This issue affects Double the Donation: from n/a through 2.0.0. | ||||
| CVE-2025-57905 | 3 Amin, Woocommerce, Wordpress | 3 Agreeme Checkboxes, Woocommerce, Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Amin Y AgreeMe Checkboxes For WooCommerce allows Cross Site Request Forgery. This issue affects AgreeMe Checkboxes For WooCommerce: from n/a through 1.1.3. | ||||
| CVE-2025-53451 | 2 Mihdan, Wordpress | 2 No External Links Project, Wordpress | 2025-09-23 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in mihdan Mihdan: No External Links allows Cross Site Request Forgery. This issue affects Mihdan: No External Links: from n/a through 5.1.4. | ||||
| CVE-2025-59568 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Zoho Flow Zoho Flow allows Cross Site Request Forgery. This issue affects Zoho Flow: from n/a through 2.14.1. | ||||
| CVE-2025-57915 | 2 Tochat Be, Wordpress | 2 Tochat Be, Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in César Martín TOCHAT.BE allows Cross Site Request Forgery. This issue affects TOCHAT.BE: from n/a through 1.3.4. | ||||