145 matches found
PT-2025-20156 · Unknown · Truebooker
Name of the Vulnerable Software and Affected Versions: TrueBooker versions 1.0.7 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user. Recommendations: For versions 1.0.7 and earlier, update to a...
PT-2025-17661 · Drupal · Drupal Search Api Solr
Name of the Vulnerable Software and Affected Versions: Drupal Search API Solr versions 0.0.0 through 4.3.8 Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed. This issue can be exploited to perform actions on behalf of another...
CVE-2025-32546
CVE-2025-32546 describes a CSRF-to-Reflected XSS on the WordPress plugin “All push notification for WP.” Affected versions are
PT-2025-17215 · Unknown · Commercify
Name of the Vulnerable Software and Affected Versions: Commercify version 1.0 Description: A CSRF issue allows remote attackers to perform unauthorized actions on behalf of authenticated users due to missing CSRF protection on sensitive endpoints. Recommendations: For Commercify version 1.0,...
CVE-2025-32498
Cross-Site Request Forgery CSRF vulnerability in oleglark VKontakte Cross-Post vkontakte-cross-post allows Stored XSS.This issue affects VKontakte Cross-Post: from n/a through = 0.3.2...
CVE-2025-31391
CVE-2025-31391 corresponds to a CSRF-triggered Stored XSS in the WordPress plugin “Script Compressor.” Public docs indicate the affected product is Script Compressor (versions up to 1.7.1 as per initial description) and that the underlying issue combines Cross-Site Request Forgery with stored XSS...
PT-2025-15731 · Woocommerce · Pagopar – Woocommerce Gateway
Name of the Vulnerable Software and Affected Versions: Pagopar - Grupo M S.A. Pagopar – WooCommerce Gateway versions through 2.7.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability and Stored XSS in Pagopar – WooCommerce Gateway. Recommendations: For versions...
PT-2025-15022 · Unknown · Qr Code Tag For Wc
Name of the Vulnerable Software and Affected Versions: QR Code Tag for WC versions 1.9.36 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the QR Code Tag for WC, allowing unauthorized actions to be performed on behalf of a user. Recommendations: For versions 1.9.36 and...
BIT-JOOMLA-2020-35615 [20201106] - Core - CSRF in com_privacy emailexport feature
An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of comprivacy causes a CSRF vulnerability...
BIT-JOOMLA-2020-15700
An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajaxinstall endpoint of cominstaller causes a CSRF vulnerability...
PT-2025-14271 · Infoway Llc · Ebook Downloader
Name of the Vulnerable Software and Affected Versions: Infoway LLC Ebook Downloader versions 1.0 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Ebook Downloader, allowing unauthorized actions to be performed on behalf of a user without their knowledge. Recommendation...
CVE-2025-31474 WordPress WP Database Optimizer plugin <= 1.2.1.3 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in matthewprice1178 WP Database Optimizer wp-database-optimizer allows Cross Site Request Forgery.This issue affects WP Database Optimizer: from n/a through = 1.2.1.3...
CVE-2025-30558 WordPress ANAC XML Render plugin <= 1.5.7 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in EnzoCostantini55 ANAC XML Render anac-xml-render allows Stored XSS.This issue affects ANAC XML Render: from n/a through = 1.5.7...
CVE-2025-30546 WordPress Cackle plugin <= 4.33 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in boroV Cackle cackle allows Cross Site Request Forgery.This issue affects Cackle: from n/a through = 4.33...
CVE-2025-23978
CVE-2025-23978 details (FlashCounter WordPress plugin): CSRF leads to Stored XSS in FlashCounter, affecting versions up to 1.1.8. Connected sources confirm the vendor/plugin vulnerability and affected range, with no public patch/version fix provided in the supplied documents. Monitor for updates ...
GitLab 10.6 < 16.9.7 / 16.10 < 16.10.5 / 16.11 < 16.11.2 (CVE-2024-1211)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: ReDoS in branch search when using wildcards ReDoS in markdown render pipeline Redos on Discord integrations Redos on Google Chat Integration Denial of Service Attack via Pin Menu DoS b...
CVE-2025-22719 WordPress VikAppointments Services Booking Calendar plugin <= 1.2.16 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikAppointments Services Booking Calendar vikappointments allows Stored XSS.This issue affects VikAppointments Services Booking Calendar: from n/a through = 1.2.16...
CVE-2025-23113
An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML injection payload in the alert-title. Once...
CVE-2025-23113
An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML injection payload in the alert-title. Once...
CVE-2025-23113
CVE-2025-23113 affects REDCap 14.9.6. The issue is a CSRF vulnerability in the logout functionality triggered during a CSV upload of alert configuration. An HTML injection payload placed in the alert-title can be sent by an attacker; when the victim views the uploaded data and clicks the alert-ti...