Total
7680 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-28900 | 2025-03-11 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in webgarb TabGarb Pro allows Stored XSS. This issue affects TabGarb Pro: from n/a through 2.6. | |||||
| CVE-2025-28897 | 2025-03-11 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Steveorevo Domain Theme allows Stored XSS. This issue affects Domain Theme: from n/a through 1.3. | |||||
| CVE-2025-28894 | 2025-03-11 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in frucomerci List of Posts from each Category plugin for WordPress allows Stored XSS. This issue affects List of Posts from each Category plugin for WordPress: from n/a through 2.0. | |||||
| CVE-2025-28892 | 2025-03-11 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in a2rocklobster FTP Sync allows Stored XSS. This issue affects FTP Sync: from n/a through 1.1.6. | |||||
| CVE-2025-28891 | 2025-03-11 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in jazzigor price-calc allows Stored XSS. This issue affects price-calc: from n/a through 0.6.3. | |||||
| CVE-2025-28887 | 2025-03-11 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Fastmover Plugins Last Updated Column allows Cross Site Request Forgery. This issue affects Plugins Last Updated Column: from n/a through 0.1.3. | |||||
| CVE-2025-28886 | 2025-03-11 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in xjb REST API TO MiniProgram allows Cross Site Request Forgery. This issue affects REST API TO MiniProgram: from n/a through 4.7.1. | |||||
| CVE-2025-28884 | 2025-03-11 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Kumar WP Bulk Post Duplicator allows Cross Site Request Forgery. This issue affects WP Bulk Post Duplicator: from n/a through 1.2. | |||||
| CVE-2025-28883 | 2025-03-11 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables allows Stored XSS. This issue affects WP Compare Tables: from n/a through 1.0.5. | |||||
| CVE-2025-28881 | 2025-03-11 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in mg12 Mobile Themes allows Cross Site Request Forgery. This issue affects Mobile Themes: from n/a through 1.1.1. | |||||
| CVE-2024-34807 | 1 Codebard | 1 Fast Custom Social Share | 2025-03-11 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in CodeBard Fast Custom Social Share by CodeBard.This issue affects Fast Custom Social Share by CodeBard: from n/a through 1.1.2. | |||||
| CVE-2024-1976 | 1 Marketingoptimizer | 1 Marketing Optimizer | 2025-03-11 | N/A | 4.3 MEDIUM |
| The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via the admin/main-settings-page.php file. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-54139 | 1 Combodo | 1 Itop | 2025-03-11 | N/A | 7.9 HIGH |
| Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the `_table_id` parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the issue. | |||||
| CVE-2024-0592 | 1 Never5 | 1 Related Posts | 2025-03-11 | N/A | 5.4 MEDIUM |
| The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handle_create_link() function. This makes it possible for unauthenticated attackers to add related posts to other posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This ultimately makes it possible for attackers to view draft and password protected posts. | |||||
| CVE-2023-48790 | 2025-03-11 | N/A | 7.5 HIGH | ||
| A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests. | |||||
| CVE-2024-1889 | 1 Sma | 4 Clcon-10, Clcon-10 Firmware, Clcon-s-10 and 1 more | 2025-03-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected device. | |||||
| CVE-2024-49779 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-03-11 | N/A | 4.3 MEDIUM |
| IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote attacker could exploit this vulnerability to bypass security restrictions and gain unauthorized access to the vulnerable application. | |||||
| CVE-2024-0827 | 1 Hammadh | 1 Play.ht | 2025-03-11 | N/A | 4.3 MEDIUM |
| The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-0830 | 1 Najeebmedia | 1 Comments Extra Fields | 2025-03-11 | N/A | 4.3 MEDIUM |
| The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. As a result, they may modify comment form fields and update plugin settings. | |||||
| CVE-2025-27912 | 2025-03-11 | N/A | 8.8 HIGH | ||
| An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or (2) when username/password or Active Directory authentication is in use and a user visits a compromised/malicious site under the same effective top-level domain as the Seq server. Exploitation of the vulnerability allows the attacker to conduct impersonation attacks and perform actions in Seq on behalf of the targeted user. | |||||