Skip to main content

CSRF

8445 CVEs technique

Monthly

CVE-2025-46522 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Billy Bryant Tabs allows Stored XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46520 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in alphasis Related Posts via Taxonomies allows Stored XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46516 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in silencecm Twitter Card Generator allows Stored XSS.0.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46514 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery Automatic Popup allows Stored XSS.3.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46513 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite allows Cross Site Request Forgery.3.324. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-46512 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Shamim Hasan Custom Functions Plugin allows Stored XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46510 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in harrysudana Contact Form 7 Calendar allows Stored XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46508 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao Advanced lazy load allows Stored XSS.6.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46507 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimetypes allows Stored XSS.1.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46506 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Lora77 WpZon - Amazon Affiliate Plugin allows Reflected XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46504 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Olar Marius Vasaio QR Code allows Stored XSS.2.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46502 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Matthee LSD Custom taxonomy and category meta allows Cross Site Request Forgery.3.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-46498 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in nghialuu Zalo Official Live Chat allows Cross Site Request Forgery.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-46497 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics allows Stored XSS.3.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46495 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in tomontoast Drop Caps allows Stored XSS.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-46492 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog allows Stored XSS.4.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46466 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in felixtz Modern Polls allows Stored XSS.0.10. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46465 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in John Weissberg Print Science Designer allows Stored XSS.3.155. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46462 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Trân Minh-Quân WPVN allows Cross Site Request Forgery.7.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-46457 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in digontoahsan Wp Custom CMS Block allows Stored XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46452 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News allows Stored XSS.5.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46450 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan allows Stored XSS.0.3.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46442 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Casey Johnson Loan Calculator allows Stored XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46439 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Plugin Central allows Path Traversal.5.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal CSRF
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-46436 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Sebastian Echeverry SCSS-Library allows Cross Site Request Forgery.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-46435 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting allows Stored XSS.2.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39381 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS.8.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-3907 PHP MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.0.0 before 4.3.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Search Api Solr Drupal
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-31328 MEDIUM This Month

SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP CSRF
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-46251 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Cross Site Request Forgery.3.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46249 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery.6.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-46246 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers allows Cross Site Request Forgery.3.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-46245 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer allows Cross Site Request Forgery.0.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-46243 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows Cross Site Request Forgery.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-46241 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar allows SQL Injection.3.92. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi CSRF
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-46231 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit allows Cross Site Request Forgery.7.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-3843 MEDIUM POC This Month

A vulnerability was found in panhainan DS-Java 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Java Ds Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3808 MEDIUM POC This Month

A vulnerability has been found in zhenfeng13 My-BBS 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF My Bbs
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2111 HIGH This Week

The Insert Headers And Footers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-3284 MEDIUM This Month

The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28355 MEDIUM POC This Month

Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE CSRF Personal Management System
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2025-29722 MEDIUM POC This Month

A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Commercify
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-28101 MEDIUM POC This Month

An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flaskblog
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-39455 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ip2location IP2Location Variables allows Reflected XSS.9.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39453 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in algol.plus Advanced Dynamic Pricing for WooCommerce allows Cross Site Request Forgery.9.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-39443 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery.9.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-39442 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in MessageMetric Review Wave - Google Places Reviews allows Stored XSS.4.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39441 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Dashboard Notepads allows Stored XSS.2.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39440 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover allows Stored XSS.2.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39438 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer allows Cross Site Request Forgery.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-39437 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize allows Cross Site Request Forgery.8.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-39435 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in davidfcarr My Marginalia allows Stored XSS.0.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39433 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in beke_ro Bknewsticker allows Stored XSS.0.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39431 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Aaron Forgue Amazon Showcase WordPress Plugin allows Stored XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39430 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Alexander Rauscha mLanguage allows Stored XSS.6.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39426 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in illow illow - Cookies Consent allows Cross Site Request Forgery.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-39425 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in pixelgrade Style Manager allows Cross Site Request Forgery.2.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-39424 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in simplemaps Simple Maps allows Stored XSS.98. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39423 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Jenst Add to Header allows Stored XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39422 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in PResponsive WP Social Bookmarking allows Stored XSS.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39421 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mustafa KUCUK WP Sticky Side Buttons allows Stored XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39419 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in David Miller Revision Diet allows Stored XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39418 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ajayver RSS Manager allows Stored XSS.06. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39417 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Eslam Mahmoud Redirect wordpress to welcome or landing page allows Stored XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39416 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ichi translit it!. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39415 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links allows Stored XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39414 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mike spam-stopper allows Stored XSS.1.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-32655 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in DevriX Restrict User Registration allows Stored XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-32606 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Listings for Buildium allows Stored XSS.1.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-32546 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP allows Reflected XSS.5.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-32545 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in SOFTAGON WooCommerce Products without featured images allows Reflected XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39472 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WPWeb WooCommerce Social Login allows Cross Site Request Forgery.8.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-39601 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote Code Inclusion.4.1. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP CSRF
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-39600 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for WooCommerce and QuickBooks allows Cross Site Request Forgery.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-39593 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in EverAccounting Ever Accounting allows Cross Site Request Forgery.1.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-39564 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Shipping for WooCommerce allows Cross Site Request Forgery.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-39563 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Payments for WooCommerce allows Cross Site Request Forgery.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-39548 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Right Click Disable OR Ban allows Stored XSS.1.17. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39547 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Internal Link Optimiser allows Stored XSS.1.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39546 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in quomodosoft ElementsReady Addons for Elementor allows Cross Site Request Forgery.6.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-39544 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi WP Tools allows Path Traversal.18. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal CSRF
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-39530 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in dsky Site Search 360 allows Stored XSS.1.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39517 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Basic Interactive World Map allows Cross Site Request Forgery.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-39512 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Yuya Hoshino Bulk Term Editor allows Cross Site Request Forgery.1.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-3687 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Oasys
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-13452 MEDIUM This Month

The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.29. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF XSS
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-30967 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-26903 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery allows Cross Site Request Forgery.1.4.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-26748 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP CSRF
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-21576 MEDIUM PATCH This Month

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Oracle CSRF Commerce Platform
NVD
CVSS 3.1
5.4
EPSS
0.1%
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Billy Bryant Tabs allows Stored XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in alphasis Related Posts via Taxonomies allows Stored XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in silencecm Twitter Card Generator allows Stored XSS.0.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery Automatic Popup allows Stored XSS.3.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite allows Cross Site Request Forgery.3.324. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Shamim Hasan Custom Functions Plugin allows Stored XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in harrysudana Contact Form 7 Calendar allows Stored XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao Advanced lazy load allows Stored XSS.6.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimetypes allows Stored XSS.1.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Lora77 WpZon - Amazon Affiliate Plugin allows Reflected XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Olar Marius Vasaio QR Code allows Stored XSS.2.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Matthee LSD Custom taxonomy and category meta allows Cross Site Request Forgery.3.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in nghialuu Zalo Official Live Chat allows Cross Site Request Forgery.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics allows Stored XSS.3.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in tomontoast Drop Caps allows Stored XSS.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog allows Stored XSS.4.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in felixtz Modern Polls allows Stored XSS.0.10. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in John Weissberg Print Science Designer allows Stored XSS.3.155. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Trân Minh-Quân WPVN allows Cross Site Request Forgery.7.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in digontoahsan Wp Custom CMS Block allows Stored XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News allows Stored XSS.5.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan allows Stored XSS.0.3.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Casey Johnson Loan Calculator allows Stored XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Plugin Central allows Path Traversal.5.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal CSRF
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Sebastian Echeverry SCSS-Library allows Cross Site Request Forgery.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting allows Stored XSS.2.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS.8.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.0.0 before 4.3.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Search Api Solr Drupal
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP CSRF
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Cross Site Request Forgery.3.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery.6.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Elementor
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers allows Cross Site Request Forgery.3.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer allows Cross Site Request Forgery.0.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows Cross Site Request Forgery.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar allows SQL Injection.3.92. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi CSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit allows Cross Site Request Forgery.7.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in panhainan DS-Java 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Java Ds Java
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in zhenfeng13 My-BBS 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF My Bbs
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

The Insert Headers And Footers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress CSRF PHP
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
EPSS 0% CVSS 4.7
MEDIUM POC This Month

Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE CSRF Personal Management System
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM POC This Month

A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Commercify
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flaskblog
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ip2location IP2Location Variables allows Reflected XSS.9.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in algol.plus Advanced Dynamic Pricing for WooCommerce allows Cross Site Request Forgery.9.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery.9.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in MessageMetric Review Wave - Google Places Reviews allows Stored XSS.4.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Dashboard Notepads allows Stored XSS.2.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover allows Stored XSS.2.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer allows Cross Site Request Forgery.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize allows Cross Site Request Forgery.8.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in davidfcarr My Marginalia allows Stored XSS.0.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in beke_ro Bknewsticker allows Stored XSS.0.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Aaron Forgue Amazon Showcase WordPress Plugin allows Stored XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Alexander Rauscha mLanguage allows Stored XSS.6.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in illow illow - Cookies Consent allows Cross Site Request Forgery.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in pixelgrade Style Manager allows Cross Site Request Forgery.2.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in simplemaps Simple Maps allows Stored XSS.98. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Jenst Add to Header allows Stored XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in PResponsive WP Social Bookmarking allows Stored XSS.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mustafa KUCUK WP Sticky Side Buttons allows Stored XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in David Miller Revision Diet allows Stored XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ajayver RSS Manager allows Stored XSS.06. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Eslam Mahmoud Redirect wordpress to welcome or landing page allows Stored XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ichi translit it!. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links allows Stored XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mike spam-stopper allows Stored XSS.1.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in DevriX Restrict User Registration allows Stored XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Listings for Buildium allows Stored XSS.1.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP allows Reflected XSS.5.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in SOFTAGON WooCommerce Products without featured images allows Reflected XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF XSS
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WPWeb WooCommerce Social Login allows Cross Site Request Forgery.8.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote Code Inclusion.4.1. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP CSRF
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for WooCommerce and QuickBooks allows Cross Site Request Forgery.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in EverAccounting Ever Accounting allows Cross Site Request Forgery.1.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Shipping for WooCommerce allows Cross Site Request Forgery.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Payments for WooCommerce allows Cross Site Request Forgery.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Right Click Disable OR Ban allows Stored XSS.1.17. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Internal Link Optimiser allows Stored XSS.1.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in quomodosoft ElementsReady Addons for Elementor allows Cross Site Request Forgery.6.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi WP Tools allows Path Traversal.18. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal CSRF
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in dsky Site Search 360 allows Stored XSS.1.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Basic Interactive World Map allows Cross Site Request Forgery.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Yuya Hoshino Bulk Term Editor allows Cross Site Request Forgery.1.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Oasys
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.29. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF XSS
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery allows Cross Site Request Forgery.1.4.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP CSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Oracle CSRF Commerce Platform
NVD
Prev Page 20 of 94 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy