56013 matches found
CVE-2025-62061
Cross-Site Request Forgery CSRF vulnerability in impleCode Product Catalog Simple post-type-x.This issue affects Product Catalog Simple: from n/a through = 1.8.4...
CVE-2025-60208
Cross-Site Request Forgery CSRF vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages: from n/a through = 2.0.9...
CVE-2025-49917
Server-Side Request Forgery SSRF vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Server Side Request Forgery.This issue affects Icegram Express Pro: from n/a through = 5.9.5...
CVE-2025-60208 WordPress Advanced Custom Fields : CPT Options Pages plugin <= 2.0.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages: from n/a through = 2.0.9...
CVE-2025-60132 WordPress Video Blogster Lite Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Stored XSS.This issue affects Video Blogster Lite: from n/a through = 1.2...
CVE-2025-49917 WordPress Icegram Express Pro plugin <= 5.9.5 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Server Side Request Forgery.This issue affects Icegram Express Pro: from n/a through = 5.9.5...
CVE-2025-49374 WordPress Captcha.eu plugin <= 1.0.61 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in captcha.eu Captcha.eu captcha-eu allows Server Side Request Forgery.This issue affects Captcha.eu: from n/a through = 1.0.61...
EUVD-2025-35350
The PixelYourSite – Your smart PIXEL TAG & API Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 11.1.2. This is due to missing or incorrect nonce validation on the adminEnableGdprAjax function. This makes it possible for unauthenticate...
CVE-2025-10588 PixelYourSite <= 11.1.2 – Cross-Site Request Forgery to GDPR Options Modification
The PixelYourSite – Your smart PIXEL TAG & API Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 11.1.2. This is due to missing or incorrect nonce validation on the adminEnableGdprAjax function. This makes it possible for unauthenticate...
CVE-2025-10588
CVE-2025-10588 affects PixelYourSite – Your smart PIXEL (TAG) & API Manager (WordPress) up to version 11.1.2. The issue is a Cross-Site Request Forgery (CSRF) vulnerability caused by missing or incorrect nonce validation in the adminEnableGdprAjax() function, enabling unauthenticated attackers to...
WordPress plugin Video Blogster Lite 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress Plugin Icegram Express Pro 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
WordPress plugin UPC/EAN/GTIN Code Generator 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
CVE-2025-11536
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wpajaximportelementortemplate action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to ma...
Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice
Impact This vulnerability allows malicious actors to force the application server to send HTTP requests to both external and internal servers. In certain cases, this may lead to access to internal resources such as databases, file systems, or other services that are not supposed to be directly...
WordPress Bard theme <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Bard versions = 1.6...
WordPress Hercules Core plugin <= 7.4 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Bonds in WordPress Plugin Hercules Core versions = 7.4...
WordPress Task Scheduler plugin server-side request forgery vulnerability
WordPress Task Scheduler plugin is mainly used to manage and optimize the timed tasks in WordPress such as update checking, cache cleaning, etc., common plugins include WP-Crontrol and WPCron. WordPress Task Scheduler plugin has a server-side request forgery vulnerability, the vulnerability stems...
CVE-2025-62763
Zimbra Collaboration ZCS before 10.1.12 allows SSRF because of the configuration of the chat proxy...
CVE-2025-62763
CVE-2025-62763 affects Zimbra Collaboration (ZCS) before 10.1.12. The root cause is a misconfiguration of the chat proxy that enables SSRF. The CVSS base metrics indicate a Network attack with Low complexity, Privileges Required: Low, and no user interaction, with partial impact on integrity. The...