Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 8145 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-39564 2025-04-16 N/A 6.5 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Shipping for WooCommerce allows Cross Site Request Forgery. This issue affects Conditional Shipping for WooCommerce: from n/a through 3.4.0.
CVE-2025-39530 2025-04-16 N/A 7.1 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in dsky Site Search 360 allows Stored XSS. This issue affects Site Search 360: from n/a through 2.1.7.
CVE-2023-51525 1 Wpsimplebookingcalendar 1 Wp Simple Booking Calendar 2025-04-15 N/A 5.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg WP Simple Booking Calendar.This issue affects WP Simple Booking Calendar: from n/a through 2.0.8.4.
CVE-2024-30482 1 B-website 1 Simple Revisions Delete 2025-04-15 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Brice CAPOBIANCO Simple Revisions Delete.This issue affects Simple Revisions Delete: from n/a through 1.5.3.
CVE-2025-25379 1 07fly 1 07flycms 2025-04-15 N/A 9.6 CRITICAL
Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component.
CVE-2024-57611 1 07fly 1 07flycms 2025-04-15 N/A 3.5 LOW
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId.
CVE-2024-57159 1 07fly 1 07flycms 2025-04-15 N/A 3.5 LOW
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html.
CVE-2024-33651 1 Mf Gig Calendar Project 1 Mf Gig Calendar 2025-04-15 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through 1.2.1.
CVE-2025-2871 2025-04-15 N/A 4.3 MEDIUM
The WordPress Mega Menu – QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajax_dismiss_notice() function. This makes it possible for unauthenticated attackers to update any user meta to a value of one, including wp_capabilities which could result in a privilege deescalation of an administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2025-30965 2025-04-15 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Cross Site Request Forgery. This issue affects WPJobBoard: from n/a through n/a.
CVE-2025-3561 2025-04-15 5.0 MEDIUM 4.3 MEDIUM
A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-27009 2025-04-15 N/A 7.1 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro allows Stored XSS.This issue affects My auctions allegro: from n/a through 3.6.20.
CVE-2024-34957 1 Idccms 1 Idccms 2025-04-15 N/A 5.4 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.
CVE-2024-34958 1 Idccms 1 Idccms 2025-04-15 N/A 6.5 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add
CVE-2024-35011 1 Idccms 1 Idccms 2025-04-15 N/A 5.4 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close.
CVE-2024-35012 1 Idccms 1 Idccms 2025-04-15 N/A 6.3 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.
CVE-2024-35039 1 Idccms 1 Idccms 2025-04-15 N/A 3.8 LOW
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.
CVE-2024-35108 1 Idccms 1 Idccms 2025-04-15 N/A 8.8 HIGH
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.
CVE-2024-35109 1 Idccms 1 Idccms 2025-04-15 N/A 6.5 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.
CVE-2024-36670 1 Idccms 1 Idccms 2025-04-15 N/A 8.8 HIGH
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del