CVE-2024-2376

The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

EUVD-2018-9332

Malware in sbrugna...

WordPress hiWeb Export Posts plugin <= 0.9.0.0 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by johska in WordPress Plugin hiWeb Export Posts versions = 0.9.0.0...

WordPress WPShapere Lite plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Skalucy in WordPress Plugin WPShapere - WordPress admin theme versions = 1.4.1...

WordPress WP Optimizer plugin <= 2.3.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin WP Optimizer versions = 2.3.8...

CVE-2025-28981 WordPress WP Mail Options plugin <= 0.2.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Soli WP Mail Options wp-mail-options allows Stored XSS.This issue affects WP Mail Options: from n/a through = 0.2.3...

CVE-2025-4580

The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2021-24818

The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values...

CVE-2025-23533 WordPress WP Lyrics plugin <= 0.4.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in zetxek WP Lyrics wplyrics allows Stored XSS.This issue affects WP Lyrics: from n/a through = 0.4.1...

CVE-2025-23476 WordPress my-related-posts plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in isnowfy my-related-posts allows Stored XSS.This issue affects my-related-posts: from n/a through 1.1...

CVE-2024-56017 WordPress Stop Registration Spam Plugin <= 1.23 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tom Royal Stop Registration Spam allows Stored XSS.This issue affects Stop Registration Spam: from n/a through 1.23...

Comment Blacklist Updater < 1.2.0 - Cross-Site Request Forgery via update_blacklist_manual

Description The Comment Blacklist Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the 'updateblacklistmanual' function. This makes it possible for unauthenticated attackers to...

CVE-2023-24414 WordPress Robo Gallery Plugin <= 3.2.11 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin = 3.2.11 versions...

CVE-2018-20972

The companion-auto-update plugin before 3.2.1 for WordPress has CSRF...

CVE-2017-18512

The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF...