Lucene search
K

56013 matches found

NVD
NVD
added 2025/10/22 3:16 p.m.8 views

CVE-2025-62061

Cross-Site Request Forgery CSRF vulnerability in impleCode Product Catalog Simple post-type-x.This issue affects Product Catalog Simple: from n/a through = 1.8.4...

4.3CVSS0.0012EPSS
Exploits0References1
NVD
NVD
added 2025/10/22 3:15 p.m.7 views

CVE-2025-60208

Cross-Site Request Forgery CSRF vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages: from n/a through = 2.0.9...

8.8CVSS0.00186EPSS
Exploits0References1
NVD
NVD
added 2025/10/22 3:15 p.m.4 views

CVE-2025-49917

Server-Side Request Forgery SSRF vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Server Side Request Forgery.This issue affects Icegram Express Pro: from n/a through = 5.9.5...

4.4CVSS0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/22 2:32 p.m.10 views

CVE-2025-60208 WordPress Advanced Custom Fields : CPT Options Pages plugin <= 2.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages: from n/a through = 2.0.9...

8.8CVSS0.00186EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/22 2:32 p.m.4 views

CVE-2025-60132 WordPress Video Blogster Lite Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Stored XSS.This issue affects Video Blogster Lite: from n/a through = 1.2...

7.1CVSS6.3AI score0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/22 2:32 p.m.7 views

CVE-2025-49917 WordPress Icegram Express Pro plugin <= 5.9.5 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Server Side Request Forgery.This issue affects Icegram Express Pro: from n/a through = 5.9.5...

4.4CVSS0.00187EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/22 2:32 p.m.1 views

CVE-2025-49374 WordPress Captcha.eu plugin <= 1.0.61 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in captcha.eu Captcha.eu captcha-eu allows Server Side Request Forgery.This issue affects Captcha.eu: from n/a through = 1.0.61...

5.4CVSS6.7AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/22 6:40 a.m.3 views

EUVD-2025-35350

The PixelYourSite – Your smart PIXEL TAG & API Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 11.1.2. This is due to missing or incorrect nonce validation on the adminEnableGdprAjax function. This makes it possible for unauthenticate...

4.3CVSS4.8AI score0.00147EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/22 6:40 a.m.4 views

CVE-2025-10588 PixelYourSite <= 11.1.2 – Cross-Site Request Forgery to GDPR Options Modification

The PixelYourSite – Your smart PIXEL TAG & API Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 11.1.2. This is due to missing or incorrect nonce validation on the adminEnableGdprAjax function. This makes it possible for unauthenticate...

4.3CVSS4.8AI score0.00147EPSS
Exploits0References3
CVE
CVE
added 2025/10/22 6:40 a.m.12 views

CVE-2025-10588

CVE-2025-10588 affects PixelYourSite – Your smart PIXEL (TAG) & API Manager (WordPress) up to version 11.1.2. The issue is a Cross-Site Request Forgery (CSRF) vulnerability caused by missing or incorrect nonce validation in the adminEnableGdprAjax() function, enabling unauthenticated attackers to...

4.3CVSS4.8AI score0.00147EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.3 views

WordPress plugin Video Blogster Lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.1CVSS6AI score0.00116EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.2 views

WordPress Plugin Icegram Express Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

4.4CVSS7AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.5 views

WordPress plugin UPC/EAN/GTIN Code Generator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.7AI score0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/21 9:29 p.m.5 views

CVE-2025-11536

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wpajaximportelementortemplate action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to ma...

5CVSS5.8AI score0.00218EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/10/21 6:2 p.m.8 views

Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice

Impact This vulnerability allows malicious actors to force the application server to send HTTP requests to both external and internal servers. In certain cases, this may lead to access to internal resources such as databases, file systems, or other services that are not supposed to be directly...

7AI score
Exploits0References3Affected Software2
Patchstack
Patchstack
added 2025/10/21 11:22 a.m.6 views

WordPress Bard theme <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Bard versions = 1.6...

5.4CVSS7AI score0.0011EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/10/21 10:55 a.m.6 views

WordPress Hercules Core plugin <= 7.4 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Bonds in WordPress Plugin Hercules Core versions = 7.4...

4.8CVSS7AI score0.00145EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2025/10/21 12:0 a.m.4 views

WordPress Task Scheduler plugin server-side request forgery vulnerability

WordPress Task Scheduler plugin is mainly used to manage and optimize the timed tasks in WordPress such as update checking, cache cleaning, etc., common plugins include WP-Crontrol and WPCron. WordPress Task Scheduler plugin has a server-side request forgery vulnerability, the vulnerability stems...

4.4CVSS7AI score0.00217EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/21 12:0 a.m.2 views

CVE-2025-62763

Zimbra Collaboration ZCS before 10.1.12 allows SSRF because of the configuration of the chat proxy...

5CVSS6.5AI score0.00238EPSS
Exploits0References5
CVE
CVE
added 2025/10/21 12:0 a.m.14 views

CVE-2025-62763

CVE-2025-62763 affects Zimbra Collaboration (ZCS) before 10.1.12. The root cause is a misconfiguration of the chat proxy that enables SSRF. The CVSS base metrics indicate a Network attack with Low complexity, Privileges Required: Low, and no user interaction, with partial impact on integrity. The...

5CVSS6.5AI score0.00238EPSS
Exploits0References5
Rows per page
Query Builder