Total
9192 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-25168 | 1 Blackandwhitedigital | 1 Bookpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Black and White BookPress – For Book Authors book-press allows Cross-Site Scripting (XSS).This issue affects BookPress – For Book Authors: from n/a through <= 1.2.7. | ||||
| CVE-2025-25166 | 1 Gabrieldarezzo | 1 Inlocation | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation inlocation allows Stored XSS.This issue affects InLocation: from n/a through <= 1.8. | ||||
| CVE-2025-25160 | 1 Markbarnes | 1 Style Tweaker | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker style-tweaker allows Stored XSS.This issue affects Style Tweaker: from n/a through <= 0.11. | ||||
| CVE-2025-25156 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Stanko Metodiev Quote Comments quote-comments allows Stored XSS.This issue affects Quote Comments: from n/a through <= 3.0.0. | ||||
| CVE-2025-25154 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in scweber Custom Comment Notifications custom-comment-notifications allows Stored XSS.This issue affects Custom Comment Notifications: from n/a through <= 1.0.8. | ||||
| CVE-2025-25153 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in djjmz Simple Auto Tag simple-auto-tag allows Stored XSS.This issue affects Simple Auto Tag: from n/a through <= 1.1. | ||||
| CVE-2025-25152 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in LukaszWiecek Smart DoFollow smart-dofollow allows Stored XSS.This issue affects Smart DoFollow: from n/a through <= 1.0.2. | ||||
| CVE-2025-25149 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Danillo Nunes Login-box login-box allows Stored XSS.This issue affects Login-box: from n/a through <= 2.0.4. | ||||
| CVE-2025-25148 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in ElbowRobo Read More Copy Link read-more-copy-link allows Stored XSS.This issue affects Read More Copy Link: from n/a through <= 1.0.2. | ||||
| CVE-2025-25147 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Phillip.Gooch Auto SEO auto-seo allows Stored XSS.This issue affects Auto SEO: from n/a through <= 2.5.6. | ||||
| CVE-2025-25146 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in saleandro Songkick Concerts and Festivals songkick-concerts-and-festivals allows Cross Site Request Forgery.This issue affects Songkick Concerts and Festivals: from n/a through <= 0.9.7. | ||||
| CVE-2025-25145 | 2026-04-23 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics infusionsoft-web-tracker allows Cross Site Request Forgery.This issue affects Infusionsoft Analytics: from n/a through <= 2.0. | ||||
| CVE-2025-25143 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ibasit GlobalQuran globalquran allows Cross Site Request Forgery.This issue affects GlobalQuran: from n/a through <= 1.0. | ||||
| CVE-2025-25140 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile simple-user-profile allows Stored XSS.This issue affects Simple User Profile: from n/a through <= 1.9. | ||||
| CVE-2025-25139 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Cynob IT Consultancy WP Custom Post RSS Feed wp-custom-post-rss-feed allows Stored XSS.This issue affects WP Custom Post RSS Feed: from n/a through <= 1.0.0. | ||||
| CVE-2025-25138 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rishi On Page SEO + Whatsapp Chat Button ops-robots-txt allows Stored XSS.This issue affects On Page SEO + Whatsapp Chat Button: from n/a through <= 2.0.0. | ||||
| CVE-2025-25137 | 2026-04-23 | 6.5 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in kareemsultan Social Links social-links allows Stored XSS.This issue affects Social Links: from n/a through <= 1.0.11. | ||||
| CVE-2025-25135 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar customize-wpadmin allows Stored XSS.This issue affects Custom Links On Admin Dashboard Toolbar: from n/a through <= 3.3. | ||||
| CVE-2025-25128 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in orlandolac Facilita Form Tracker facilita-form-tracker allows Stored XSS.This issue affects Facilita Form Tracker: from n/a through <= 1.0. | ||||
| CVE-2025-25126 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in zmseo ZMSEO zmseo allows Stored XSS.This issue affects ZMSEO: from n/a through <= 1.14.1. | ||||