Vulnerabilities (CVE)

Filtered by CWE-352
Total 8002 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-2858 1 Robbychen 1 Simple Buttons Creator 2025-05-08 N/A 4.8 MEDIUM
The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2024-2857 1 Robbychen 1 Simple Buttons Creator 2025-05-08 N/A 6.1 MEDIUM
The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins.
CVE-2024-2739 1 Mndpsingh287 1 Advanced Search 2025-05-08 N/A 8.7 HIGH
The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2024-6136 1 Tipsandtricks-hq 1 Wp Estore 2025-05-08 N/A 5.4 MEDIUM
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2022-43418 1 Jenkins 1 Katalon 2025-05-08 N/A 4.3 MEDIUM
A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2024-3472 1 Wow-company 1 Modal Window 2025-05-08 N/A 5.9 MEDIUM
The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack
CVE-2024-3471 1 Wow-company 1 Button Generator 2025-05-08 N/A 3.4 LOW
The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack
CVE-2024-2405 1 Wow-company 1 Float Menu 2025-05-08 N/A 4.5 MEDIUM
The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack.
CVE-2024-12436 1 Marvinlabs 1 Wp Customer Area 2025-05-08 N/A 4.3 MEDIUM
The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2024-12280 1 Marvinlabs 1 Wp Customer Area 2025-05-08 N/A 4.3 MEDIUM
The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack
CVE-2024-3481 1 Wow-company 1 Counter Box 2025-05-08 N/A 5.2 MEDIUM
The Counter Box WordPress plugin before 1.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks
CVE-2024-3478 1 Wow-company 1 Herd Effects 2025-05-08 N/A 6.1 MEDIUM
The Herd Effects WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks
CVE-2024-3477 1 Wow-company 1 Popup Box 2025-05-08 N/A 4.3 MEDIUM
The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks
CVE-2024-3476 1 Wow-company 1 Side Menu Lite 2025-05-08 N/A 8.8 HIGH
The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks
CVE-2024-3475 1 Wow-company 1 Sticky Buttons 2025-05-08 N/A 7.5 HIGH
The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks
CVE-2022-42199 1 Simple Exam Reviewer Management System Project 1 Simple Exam Reviewer Management System 2025-05-08 N/A 8.8 HIGH
Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List.
CVE-2025-47514 2025-05-08 N/A 7.1 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Eli ELI's Related Posts Footer Links and Widget allows Stored XSS. This issue affects ELI's Related Posts Footer Links and Widget: from n/a through 1.2.04.20.
CVE-2025-47448 2025-05-08 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking allows Cross Site Request Forgery. This issue affects WP Hotel Booking: from n/a through 2.1.9.
CVE-2025-47470 2025-05-08 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in senols GPT3 AI Content Writer allows Cross Site Request Forgery. This issue affects GPT3 AI Content Writer: from n/a through 1.9.14.
CVE-2025-47459 2025-05-08 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in XpeedStudio WP Fundraising Donation and Crowdfunding Platform allows Cross Site Request Forgery. This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through 1.7.3.