Total
9197 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-67467 | 2 Stellarwp, Wordpress | 2 Givewp, Wordpress | 2026-04-24 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give allows Cross Site Request Forgery.This issue affects GiveWP: from n/a through <= 4.13.1. | ||||
| CVE-2025-59009 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Astoundify Listify listify allows Cross Site Request Forgery.This issue affects Listify: from n/a through <= 3.2.5. | ||||
| CVE-2025-64237 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Graham Quick Interest Slider quick-interest-slider allows Cross Site Request Forgery.This issue affects Quick Interest Slider: from n/a through <= 3.1.5. | ||||
| CVE-2025-64239 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Yoav Farhi RTL Tester rtl-tester allows Cross Site Request Forgery.This issue affects RTL Tester: from n/a through <= 1.2. | ||||
| CVE-2025-64240 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in freshchat Freshchat freshchat allows Cross Site Request Forgery.This issue affects Freshchat: from n/a through <= 2.3.4. | ||||
| CVE-2025-68082 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in SEMrush CY LTD Semrush Content Toolkit semrush-contentshake allows Cross Site Request Forgery.This issue affects Semrush Content Toolkit: from n/a through <= 1.1.32. | ||||
| CVE-2025-68083 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Meks Meks Quick Plugin Disabler meks-quick-plugin-disabler allows Cross Site Request Forgery.This issue affects Meks Quick Plugin Disabler: from n/a through <= 1.0. | ||||
| CVE-2025-62950 | 2 Contest Gallery, Wordpress | 2 Contest Gallery, Wordpress | 2026-04-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through <= 28.0.0. | ||||
| CVE-2025-64262 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through <= 3.0.0. | ||||
| CVE-2025-64271 | 2 Hasthemes, Wordpress | 2 Wp Plugin Manager, Wordpress | 2026-04-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes WP Plugin Manager wp-plugin-manager allows Cross Site Request Forgery.This issue affects WP Plugin Manager: from n/a through <= 1.4.7. | ||||
| CVE-2025-62739 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Cross Site Request Forgery.This issue affects Add Custom Codes: from n/a through <= 4.80. | ||||
| CVE-2025-62762 | 2 Photoboxone, Wordpress | 2 Smtp Mail, Wordpress | 2026-04-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in photoboxone SMTP Mail smtp-mail allows Cross Site Request Forgery.This issue affects SMTP Mail: from n/a through <= 1.3.51. | ||||
| CVE-2025-68584 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Constantin Boiangiu Vimeotheque codeflavors-vimeo-video-post-lite allows Cross Site Request Forgery.This issue affects Vimeotheque: from n/a through <= 2.3.5.2. | ||||
| CVE-2025-69021 | 2 Ays-pro, Wordpress | 2 Popup Box, Wordpress | 2026-04-24 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 6.0.7. | ||||
| CVE-2025-31413 | 2 Bdthemes, Wordpress | 2 Element Pack Elementor Addons, Wordpress | 2026-04-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13. | ||||
| CVE-2026-24374 | 2 Metagauss, Wordpress | 2 Registrationmagic, Wordpress | 2026-04-24 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Cross Site Request Forgery.This issue affects RegistrationMagic: from n/a through <= 6.0.6.9. | ||||
| CVE-2026-24384 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in launchinteractive Merge + Minify + Refresh merge-minify-refresh allows Cross Site Request Forgery.This issue affects Merge + Minify + Refresh: from n/a through <= 2.14. | ||||
| CVE-2026-39371 | 2 Redwoodjs, Rwsdk | 2 Sdk, Redwoodsdk | 2026-04-24 | 8.1 High |
| RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this allowed cross-site GET navigations to trigger state-changing functions, because browsers send SameSite=Lax cookies on top-level GET requests. This affected all server functions -- both serverAction() handlers and bare exported functions in "use server" files. This vulnerability is fixed in 1.0.6. | ||||
| CVE-2026-3191 | 2 Teckel, Wordpress | 2 Minify Html, Wordpress | 2026-04-24 | 5.4 Medium |
| The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12. This is due to missing or incorrect nonce validation on the 'minify_html_menu_options' function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2026-34904 | 2 Analytify, Wordpress | 2 Simple Social Media Share Buttons, Wordpress | 2026-04-24 | 7.5 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request Forgery.This issue affects Simple Social Media Share Buttons: from n/a through 6.2.0. | ||||