Total
8237 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58991 | 3 Cristiano Zanca, Woocommerce, Wordpress | 3 Woocommerce Booking Bundle Hours, Woocommerce, Wordpress | 2025-09-11 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4. | ||||
| CVE-2025-58975 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.1.1. | ||||
| CVE-2025-9888 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 4.3 Medium |
| The Maspik – Ultimate Spam Protection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.6. This is due to missing or incorrect nonce validation on the clear_log function. This makes it possible for unauthenticated attackers to clear all spam logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-9622 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 4.3 Medium |
| The WP Blast | SEO & Performance Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.6. This is due to missing or incorrect nonce validation on multiple administrative actions in the Settings class. This makes it possible for unauthenticated attackers to trigger cache purging, sitemap clearing, plugin data purging, and score resetting operations via forged requests granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-20326 | 1 Cisco | 1 Unified Communications Manager | 2025-09-10 | 4.3 Medium |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. | ||||
| CVE-2025-21193 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-09-09 | 6.5 Medium |
| Active Directory Federation Server Spoofing Vulnerability | ||||
| CVE-2025-42923 | 1 Sap | 1 Fiori | 2025-09-09 | 4.3 Medium |
| Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no impact on confidentiality and availability of the application. | ||||
| CVE-2025-50586 | 1 Daycloud | 1 Studentmanage | 2025-09-09 | 6.5 Medium |
| StudentManage v1.0 was discovered to contain Cross-Site Request Forgery (CSRF). | ||||
| CVE-2025-54598 | 1 Bevy | 2 Bevy, Event Service | 2025-09-09 | 6.5 Medium |
| The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI. | ||||
| CVE-2025-48104 | 1 Wordpress | 1 Wordpress | 2025-09-09 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in ericzane Floating Window Music Player allows Stored XSS. This issue affects Floating Window Music Player: from n/a through 3.4.2. | ||||
| CVE-2025-54174 | 1 Opensolution | 1 Quick.cms | 2025-09-08 | 4.3 Medium |
| QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | ||||
| CVE-2025-54541 | 1 Opensolution | 1 Quick.cms | 2025-09-08 | 4.3 Medium |
| QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | ||||
| CVE-2025-58801 | 1 Wordpress | 1 Wordpress | 2025-09-08 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in KCS Responder allows Cross Site Request Forgery. This issue affects Responder: from n/a through 4.3.8. | ||||
| CVE-2025-58800 | 2025-09-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Steve Truman WP Email Template allows Cross Site Request Forgery. This issue affects WP Email Template: from n/a through 2.8.3. | ||||
| CVE-2025-58806 | 2025-09-08 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in imjoehaines WordPress Error Monitoring by Bugsnag allows Stored XSS. This issue affects WordPress Error Monitoring by Bugsnag: from n/a through 1.6.3. | ||||
| CVE-2025-58804 | 2025-09-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in brijrajs WooCommerce Single Page Checkout allows Cross Site Request Forgery. This issue affects WooCommerce Single Page Checkout: from n/a through 1.2.7. | ||||
| CVE-2025-58802 | 2025-09-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in michalzagdan TrustMate.io – WooCommerce integration allows Cross Site Request Forgery. This issue affects TrustMate.io – WooCommerce integration: from n/a through 1.14.0. | ||||
| CVE-2025-27003 | 2 Fullworksplugins, Wordpress | 2 Quick Paypal Payments, Wordpress | 2025-09-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in fullworks Quick Paypal Payments allows Cross Site Request Forgery. This issue affects Quick Paypal Payments: from n/a through 5.7.46. | ||||
| CVE-2025-58843 | 1 Wordpress | 1 Wordpress | 2025-09-07 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Auto Last Youtube Video allows Stored XSS. This issue affects Auto Last Youtube Video: from n/a through 1.0.7. | ||||
| CVE-2025-58848 | 1 Wordpress | 1 Wordpress | 2025-09-07 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in aakash1911 WP likes allows Reflected XSS. This issue affects WP likes: from n/a through 3.1.1. | ||||