Total
8143 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39417 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Eslam Mahmoud Redirect wordpress to welcome or landing page allows Stored XSS. This issue affects Redirect wordpress to welcome or landing page: from n/a through 2.0. | |||||
| CVE-2025-32545 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in SOFTAGON WooCommerce Products without featured images allows Reflected XSS. This issue affects WooCommerce Products without featured images: from n/a through 0.1. | |||||
| CVE-2025-39438 | 2025-04-17 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer allows Cross Site Request Forgery. This issue affects Theme Changer: from n/a through 1.3. | |||||
| CVE-2025-39455 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ip2location IP2Location Variables allows Reflected XSS. This issue affects IP2Location Variables: from n/a through 2.9.5. | |||||
| CVE-2025-39440 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover allows Stored XSS. This issue affects Broken Links Remover: from n/a through 1.2.2. | |||||
| CVE-2025-39424 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in simplemaps Simple Maps allows Stored XSS. This issue affects Simple Maps: from n/a through 0.98. | |||||
| CVE-2025-39426 | 2025-04-17 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in illow illow – Cookies Consent allows Cross Site Request Forgery. This issue affects illow – Cookies Consent: from n/a through 0.2.0. | |||||
| CVE-2025-39453 | 2025-04-17 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in algol.plus Advanced Dynamic Pricing for WooCommerce allows Cross Site Request Forgery. This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.9.3. | |||||
| CVE-2025-39437 | 2025-04-17 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize allows Cross Site Request Forgery. This issue affects Anthologize: from n/a through 0.8.3. | |||||
| CVE-2025-32655 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in DevriX Restrict User Registration allows Stored XSS. This issue affects Restrict User Registration: from n/a through 1.0.1. | |||||
| CVE-2025-39415 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links allows Stored XSS. This issue affects Social Media Links: from n/a through 1.0.3. | |||||
| CVE-2025-39414 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Mike spam-stopper allows Stored XSS. This issue affects spam-stopper: from n/a through 3.1.3. | |||||
| CVE-2025-39418 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ajayver RSS Manager allows Stored XSS. This issue affects RSS Manager: from n/a through 0.06. | |||||
| CVE-2025-39443 | 2025-04-17 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.9.0. | |||||
| CVE-2025-39433 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in beke_ro Bknewsticker allows Stored XSS. This issue affects Bknewsticker: from n/a through 1.0.5. | |||||
| CVE-2025-39442 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in MessageMetric Review Wave – Google Places Reviews allows Stored XSS. This issue affects Review Wave – Google Places Reviews: from n/a through 1.4.7. | |||||
| CVE-2025-32606 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Listings for Buildium allows Stored XSS. This issue affects Listings for Buildium: from n/a through 0.1.4. | |||||
| CVE-2023-52072 | 1 Flycms Project | 1 Flycms | 2025-04-17 | N/A | 8.8 HIGH |
| FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte. | |||||
| CVE-2023-50931 | 1 Savignano | 1 S\/notify | 2025-04-17 | N/A | 8.3 HIGH |
| An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Bitbucket, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be. | |||||
| CVE-2023-42234 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | N/A | 5.4 MEDIUM |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function. | |||||