Total
8664 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1142 | 1 Phpgurukul | 1 News Portal | 2026-01-20 | 4.3 Medium |
| A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-1051 | 2 Satollo, Wordpress | 2 Newsletter – Send Awesome Emails From Wordpress, Wordpress | 2026-01-20 | 4.3 Medium |
| The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hook_newsletter_action() function. This makes it possible for unauthenticated attackers to unsubscribe newsletter subscribers via a forged request granted they can trick a logged-in user into performing an action such as clicking on a link. | ||||
| CVE-2026-1148 | 1 Sourcecodester | 1 Patients Waiting Area Queue Management System | 2026-01-20 | 4.3 Medium |
| A vulnerability was determined in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This vulnerability affects unknown code. Executing a manipulation can lead to cross-site request forgery. It is possible to launch the attack remotely. | ||||
| CVE-2025-69021 | 2 Ays-pro, Wordpress | 2 Popup Box, Wordpress | 2026-01-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 6.0.7. | ||||
| CVE-2025-68998 | 2 Heateor, Wordpress | 2 Social Login, Wordpress | 2026-01-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Heateor Support Heateor Social Login heateor-social-login allows Cross Site Request Forgery.This issue affects Heateor Social Login: from n/a through <= 1.1.39. | ||||
| CVE-2025-68885 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Page Carbajal Custom Post Status allows Stored XSS.This issue affects Custom Post Status: from n/a through 1.1.0. | ||||
| CVE-2025-68601 | 2 Rustaurius, Wordpress | 2 Five Star Restaurant Reservations, Wordpress | 2026-01-20 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Cross Site Request Forgery.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.7. | ||||
| CVE-2025-68584 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Constantin Boiangiu Vimeotheque codeflavors-vimeo-video-post-lite allows Cross Site Request Forgery.This issue affects Vimeotheque: from n/a through <= 2.3.5.2. | ||||
| CVE-2025-68583 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Tikweb Management Fast User Switching fast-user-switching allows Cross Site Request Forgery.This issue affects Fast User Switching: from n/a through <= 1.4.10. | ||||
| CVE-2025-68580 | 2 Pluginsware, Wordpress | 2 Advanced Classifieds & Directory Pro, Wordpress | 2026-01-20 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in pluginsware Advanced Classifieds & Directory Pro advanced-classifieds-and-directory-pro allows Cross Site Request Forgery.This issue affects Advanced Classifieds & Directory Pro: from n/a through <= 3.2.9. | ||||
| CVE-2025-68573 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link simple-keyword-to-link allows Cross Site Request Forgery.This issue affects Simple Keyword to Link: from n/a through <= 1.5. | ||||
| CVE-2025-68567 | 2 Wordpress, Wphocus | 2 Wordpress, My Auctions Allegro | 2026-01-20 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Cross Site Request Forgery.This issue affects My auctions allegro: from n/a through <= 3.6.32. | ||||
| CVE-2025-68529 | 2 Rhys Wynne, Wordpress | 2 Wp Email Capture, Wordpress | 2026-01-20 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Cross Site Request Forgery.This issue affects WP Email Capture: from n/a through <= 3.12.5. | ||||
| CVE-2025-68083 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Meks Meks Quick Plugin Disabler meks-quick-plugin-disabler allows Cross Site Request Forgery.This issue affects Meks Quick Plugin Disabler: from n/a through <= 1.0. | ||||
| CVE-2025-68082 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in SEMrush CY LTD Semrush Content Toolkit semrush-contentshake allows Cross Site Request Forgery.This issue affects Semrush Content Toolkit: from n/a through <= 1.1.32. | ||||
| CVE-2025-67625 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in tmtraderunner Trade Runner traderunner allows Cross Site Request Forgery.This issue affects Trade Runner: from n/a through <= 3.14. | ||||
| CVE-2025-67622 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in titopandub Evergreen Post Tweeter evergreen-post-tweeter allows Stored XSS.This issue affects Evergreen Post Tweeter: from n/a through <= 1.8.9. | ||||
| CVE-2025-67598 | 2 Supportcandy, Wordpress | 2 Supportcandy, Wordpress | 2026-01-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through <= 3.4.1. | ||||
| CVE-2025-67596 | 2 Strategy11, Wordpress | 2 Business Directory Plugin, Wordpress | 2026-01-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Cross Site Request Forgery.This issue affects Business Directory: from n/a through <= 6.4.19. | ||||
| CVE-2025-67595 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2026-01-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.82. | ||||