Total
7960 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46522 | 1 Wordpress | 1 Wordpress | 2025-04-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Billy Bryant Tabs allows Stored XSS. This issue affects Tabs: from n/a through 4.0.3. | ||||
| CVE-2025-46512 | 1 Wordpress | 1 Wordpress | 2025-04-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Shamim Hasan Custom Functions Plugin allows Stored XSS. This issue affects Custom Functions Plugin: from n/a through 1.1. | ||||
| CVE-2025-46465 | 1 Wordpress | 1 Wordpress | 2025-04-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in John Weissberg Print Science Designer allows Stored XSS. This issue affects Print Science Designer: from n/a through 1.3.155. | ||||
| CVE-2025-46530 | 1 Wordpress | 1 Wordpress | 2025-04-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Attachment allows Stored XSS. This issue affects Hacklog Remote Attachment: from n/a through 1.3.2. | ||||
| CVE-2025-39381 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This issue affects KiotViet Sync: from n/a through 1.8.4. | ||||
| CVE-2025-46513 | 2 Codebangers, Wordpress | 2 All In One Time Clock Lite, Wordpress | 2025-04-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite allows Cross Site Request Forgery. This issue affects All in One Time Clock Lite: from n/a through 1.3.324. | ||||
| CVE-2025-46439 | 1 Wordpress | 1 Wordpress | 2025-04-29 | 7.4 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Plugin Central allows Path Traversal. This issue affects Plugin Central: from n/a through 2.5.1. | ||||
| CVE-2025-46516 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in silencecm Twitter Card Generator allows Stored XSS. This issue affects Twitter Card Generator: from n/a through 1.0.5. | ||||
| CVE-2025-46547 | 2025-04-29 | 5.4 Medium | ||
| In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue. | ||||
| CVE-2025-46506 | 1 Wordpress | 1 Wordpress | 2025-04-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Lora77 WpZon – Amazon Affiliate Plugin allows Reflected XSS. This issue affects WpZon – Amazon Affiliate Plugin: from n/a through 1.3. | ||||
| CVE-2025-46435 | 1 Wordpress | 1 Wordpress | 2025-04-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting allows Stored XSS. This issue affects Time Based Greeting: from n/a through 2.2.2. | ||||
| CVE-2025-46508 | 1 Wordpress | 1 Wordpress | 2025-04-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao Advanced lazy load allows Stored XSS. This issue affects Advanced lazy load: from n/a through 1.6.0. | ||||
| CVE-2025-46504 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Olar Marius Vasaio QR Code allows Stored XSS. This issue affects Vasaio QR Code: from n/a through 1.2.5. | ||||
| CVE-2025-46466 | 2025-04-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in felixtz Modern Polls allows Stored XSS. This issue affects Modern Polls: from n/a through 1.0.10. | ||||
| CVE-2025-46436 | 1 Wordpress | 1 Wordpress | 2025-04-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Sebastian Echeverry SCSS-Library allows Cross Site Request Forgery. This issue affects SCSS-Library: from n/a through 0.4.1. | ||||
| CVE-2025-3997 | 2025-04-29 | 4.3 Medium | ||
| A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-profile-ajax-1 of the component Personal Information Page. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-46085 | 1 Frogcms Project | 1 Frogcms | 2025-04-28 | 8.8 High |
| FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename | ||||
| CVE-2024-46362 | 1 Frogcms Project | 1 Frogcms | 2025-04-28 | 8.8 High |
| FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory | ||||
| CVE-2024-20368 | 1 Cisco | 1 Identity Services Engine | 2025-04-28 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user. | ||||
| CVE-2024-27717 | 1 Eskooly | 2 Eskooly, Web Product | 2025-04-28 | 6.5 Medium |
| Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component. | ||||