CVE-2025-49353

Cross-Site Request Forgery CSRF vulnerability in Marcin Kijak Noindex by Path noindex-by-path allows Stored XSS.This issue affects Noindex by Path: from n/a through = 1.0...

CVE-2025-7688

CVE-2025-7688 affects the WordPress Add User Meta plugin (versions ≤ 1.0.1). The vulnerability is a Cross-Site Forgery risk caused by missing or incorrect nonce validation on the add-user-meta page, enabling unauthenticated attackers to forge requests that update settings and inject stored script...

The vulnerability of the XML2PDF library, related to insufficient validation of requests on the server side, allows a attacker to perform an SSRF attack.

The vulnerability of the XML2PDF library is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack by sending a specially crafted HTTP request...

CVE-2023-2271

The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack...

PT-2023-21274 · Prestashop · Tshirtecommerce

Name of the Vulnerable Software and Affected Versions: tshirtecommerce aka Custom Product Designer version 2.1.4 for PrestaShop Description: An issue allows a remote attacker to forge an HTTP request with the file name parameter in the "tshirtecommerce/ajax.php?type=svg" endpoint to traverse...