Skip to main content
CVE-2025-67471 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Cross Site Request Forgery.This issue affects Quick Contact Form: from n/a through <= 8.2.5.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-67469 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in kubiq PDF Thumbnail Generator pdf-thumbnail-generator allows Cross Site Request Forgery.This issue affects PDF Thumbnail Generator: from n/a through <= 1.4.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-67465 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Cross Site Request Forgery.This issue affects Simple Link Directory: from n/a through <= 8.8.3.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-66531 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Cross Site Request Forgery.This issue affects Salon booking system: from n/a through <= 10.30.3.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-66529 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.6.3.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-64256 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Folio simple-folio allows Cross Site Request Forgery.This issue affects Simple Folio: from n/a through <= 1.1.0.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-67598 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through <= 3.4.1.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-67596 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Cross Site Request Forgery.This issue affects Business Directory: from n/a through <= 6.4.19.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-67595 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.82.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-67593 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.48.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-67591 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in jegtheme JNews Paywall jnews-paywall allows Cross Site Request Forgery.This issue affects JNews Paywall: from n/a through < 12.0.1.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-67590 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through <= 2.4.3.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-62103 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in wpmediadownload Media Library File Download media-download allows Cross Site Request Forgery.This issue affects Media Library File Download: from n/a through <= 1.4.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-63060 MEDIUM This Month

Cross-site request forgery in KALLYAS WordPress theme versions before 4.25.0 allows authenticated attackers to perform unauthorized actions on behalf of legitimate users without their knowledge or consent. The vulnerability requires user interaction (UI:N indicates no additional user interaction beyond authentication) and affects only confidentiality with low impact. While CVSS scores 4.3 (medium severity), the EPSS score of 0.02% (5th percentile) indicates minimal real-world exploitation likelihood despite public awareness.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-62734 MEDIUM This Month

Cross-site request forgery (CSRF) in WordPress Media Library Downloader plugin versions up to 1.4.0 allows unauthenticated attackers to perform unauthorized actions on behalf of logged-in site administrators or users via crafted web requests. The vulnerability requires user interaction (UI:R) and has limited scope-affecting only integrity (I:L) with no confidentiality or availability impact. EPSS exploitation probability is very low at 0.02% (5th percentile), indicating minimal real-world exploitation likelihood despite the public disclosure.

WordPress PHP CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-63012 MEDIUM This Month

Cross-site request forgery in ThimPress WP Hotel Booking plugin version 2.2.8 and earlier allows unauthenticated remote attackers to perform unauthorized actions on behalf of authenticated users through crafted requests. The vulnerability requires user interaction (clicking a malicious link) and results in limited information disclosure, with a CVSS score of 4.3. Exploitation probability is very low per EPSS (0.02% percentile 5%), suggesting this is a lower-priority vulnerability despite public researcher disclosure.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-63058 MEDIUM This Month

Custom Field Template WordPress plugin through version 2.7.6 exposes sensitive system information to high-privilege local users via embedded data retrieval, allowing administrators to access confidential data they should not have access to. The vulnerability requires high administrative privileges and local access, limiting real-world exploitation risk despite the complete confidentiality impact. EPSS probability is minimal at 0.02%, indicating low likelihood of opportunistic exploitation.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-62869 MEDIUM This Month

Broken access control in the Gravitec.net Web Push Notifications WordPress plugin versions 2.9.17 and earlier allows authenticated users to modify push notification settings and content without proper authorization checks, enabling privilege escalation or manipulation of notifications intended for administrator-only configuration. The vulnerability requires valid WordPress user credentials but does not enforce role-based access controls on sensitive endpoints, granting low-privileged users unintended modification capabilities.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-64787 LOW Monitor

Improper verification of cryptographic signatures in Adobe Acrobat Reader versions up to 24.001.30264, 20.005.30803, and 25.001.20982 allows local attackers to bypass cryptographic protections and gain limited unauthorized write access to PDF documents. The vulnerability requires user interaction with a malicious or crafted PDF containing an improperly signed element. With a CVSS score of 3.3 and local attack vector, this represents a low-severity security feature bypass affecting document integrity verification.

Jwt Attack Authentication Bypass Adobe
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-64786 LOW Monitor

Improper verification of cryptographic signatures in Adobe Acrobat Reader and Acrobat DC versions up to 24.001.30273, 25.001.20982, and 20.005.30803 allows local attackers to bypass security features and gain limited unauthorized write access to PDF documents. Exploitation requires user interaction with a malicious or specially crafted cryptographic signature embedded in a PDF file. No active exploitation has been confirmed at the time of analysis.

Jwt Attack Authentication Bypass Adobe
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-64254 LOW Monitor

Missing Authorization vulnerability in Ronald Huereca Photo Block photo-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Block: from n/a through <= 1.5.1.

Authentication Bypass
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2025-64255 LOW Monitor

Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.0.8.

Authentication Bypass
NVD
CVSS 3.1
2.7
EPSS
0.1%

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam REHub Framework rehub-framework allows Stored XSS.This issue affects REHub Framework: from n/a through < 19.9.9.7.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows DOM-Based XSS.This issue affects ListingPro Lead Form: from n/a through <= 1.0.7.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%

Cross-Site Request Forgery (CSRF) vulnerability in photoboxone SMTP Mail smtp-mail allows Cross Site Request Forgery.This issue affects SMTP Mail: from n/a through <= 1.3.51.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy