Total
8651 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24596 | 2026-01-23 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through <= 4.3.1. | ||||
| CVE-2024-33680 | 1 Mainwp | 1 Mainwp Child Reports | 2026-01-23 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1. | ||||
| CVE-2024-31272 | 1 Reputeinfosystems | 1 Arforms Form Builder | 2026-01-23 | 6.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. | ||||
| CVE-2024-9450 | 1 Syntacticsinc | 1 Easync | 2026-01-23 | 6.5 Medium |
| The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack | ||||
| CVE-2021-24767 | 1 Wpvibes | 1 Redirect 404 Error Page To Homepage Or Custom Page With Logs | 2026-01-23 | 6.5 Medium |
| The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack | ||||
| CVE-2024-8047 | 2 Freakingwildchild, Visual Sound | 2 Visual Sound, Visual Sound | 2026-01-23 | 5.7 Medium |
| The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-7859 | 2 Freakingwildchild, Visual Sound | 2 Visual Sound, Visual Sound | 2026-01-23 | 6.5 Medium |
| The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2021-47754 | 1 Arunna | 1 Arunna | 2026-01-23 | 5.3 Medium |
| Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users into submitting the form. | ||||
| CVE-2025-70899 | 1 Phpgurukul | 1 Online Course Registration | 2026-01-23 | 6.5 Medium |
| PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious webpage. | ||||
| CVE-2025-31413 | 2 Bdthemes, Wordpress | 2 Element Pack Elementor Addons, Wordpress | 2026-01-23 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13. | ||||
| CVE-2025-67626 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through <= 1.1. | ||||
| CVE-2026-22382 | 2 Mikado-themes, Wordpress | 2 Pawfriends - Pet Shop And Veterinary Wordpress Theme, Wordpress | 2026-01-23 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3. | ||||
| CVE-2026-22483 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross Site Request Forgery.This issue affects teachPress: from n/a through <= 9.0.12. | ||||
| CVE-2026-22360 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in AA-Team SearchAzon searchazon allows Cross Site Request Forgery.This issue affects SearchAzon: from n/a through <= 1.4. | ||||
| CVE-2026-22462 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in richardevcom Add Polylang support for Customizer add-polylang-support-for-customizer allows Cross Site Request Forgery.This issue affects Add Polylang support for Customizer: from n/a through <= 1.4.5. | ||||
| CVE-2026-22355 | 2 Gregmolnar, Wordpress | 2 Simple Xml Sitemap, Wordpress | 2026-01-23 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple XML Sitemap simple-xml-sitemap allows Stored XSS.This issue affects Simple XML Sitemap: from n/a through <= 1.3. | ||||
| CVE-2026-24549 | 2026-01-23 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory geodirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a through <= 2.8.147. | ||||
| CVE-2026-24542 | 2026-01-23 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through <= 2.1.0. | ||||
| CVE-2026-24521 | 2026-01-23 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail allows Cross Site Request Forgery.This issue affects Kama Thumbnail: from n/a through <= 3.5.1. | ||||
| CVE-2023-28749 | 1 Cminds | 1 Cm Search And Replace | 2026-01-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions. | ||||