CVE-2025-22503
Cross-Site Request Forgery (CSRF) vulnerability in digitalzoomstudio Admin debug wordpress – enable debug dzs-enable-debug allows Cross Site Request Forgery.This issue affects Admin debug wordpress – enable debug: from n/a through
CVE-2025-22347
Cross-Site Request Forgery (CSRF) vulnerability in bannersky BSK Forms Blacklist bsk-gravityforms-blacklist allows Blind SQL Injection.This issue affects BSK Forms Blacklist: from n/a through
CVE-2025-22343
Cross-Site Request Forgery (CSRF) vulnerability in koter84 wpSOL wpsol allows Stored XSS.This issue affects wpSOL: from n/a through
CVE-2025-22342
Cross-Site Request Forgery (CSRF) vulnerability in Jenst WP Simple Sitemap wp-simple-sitemap allows Stored XSS.This issue affects WP Simple Sitemap: from n/a through
CVE-2025-22336
Cross-Site Request Forgery (CSRF) vulnerability in Amos Lee(一刀) Wizhi Multi Filters by Wenprise wizhi-multi-filters allows Stored XSS.This issue affects Wizhi Multi Filters by Wenprise: from n/a through
CVE-2025-22328
Cross-Site Request Forgery (CSRF) vulnerability in Elevio by Dixa Elevio elevio allows Stored XSS.This issue affects Elevio: from n/a through
CVE-2025-22325
Cross-Site Request Forgery (CSRF) vulnerability in nchankov Autocompleter autocompleter allows Stored XSS.This issue affects Autocompleter: from n/a through
CVE-2025-22301
Cross-Site Request Forgery (CSRF) vulnerability in zookatron MyBookTable Bookstore mybooktable allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore: from n/a through
CVE-2025-22300
Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager pixelyoursite allows Cross Site Request Forgery.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager: from n/a thro…
CVE-2025-22297
Cross-Site Request Forgery (CSRF) vulnerability in aipost AI WP Writer ai-wp-writer allows Cross Site Request Forgery.This issue affects AI WP Writer: from n/a through
CVE-2024-49294
Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Cross Site Request Forgery.This issue affects Bus Ticket Booking with Seat Reservatio…
CVE-2024-12383
The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'bmw_display_pv_set_page' function and insuff…
CVE-2024-12322
The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the 'update_option' function. This makes it…
CVE-2024-12291
The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated a…
CVE-2024-12288
The Simple add pages or posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated att…
CVE-2024-12170
The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This makes it possible for…
CVE-2024-12557
The Transporters.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.84. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers t…
CVE-2024-12541
The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the add_chative_widget_action() function.…
CVE-2024-55076
Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password.
CVE-2024-12279
The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthent…