Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE	CVE	VULNERABILITY TITLE	RISK
2025-05-07	CVE-2025-20195	A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. network low complexity CWE-352	4.3
2025-05-06	CVE-2025-4337	The AHAthat Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. network low complexity CWE-352	4.3
2025-05-03	CVE-2025-4188	The Advanced Reorder Image Text Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. network low complexity CWE-352	6.1
2025-05-03	CVE-2025-4198	The Alink Tap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. network low complexity CWE-352	6.1
2025-05-03	CVE-2025-4199	The Abundatrade Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.02. network low complexity CWE-352	6.1
2025-05-02	CVE-2024-11142	Cross-Site Request Forgery (CSRF) vulnerability in Proticaret Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.This issue affects Proticaret E-Commerce: before v6.0 NOTE: According to the vendor, fixing process is still ongoing for v4.05. network low complexity proticaret CWE-352	8.8
2025-05-01	CVE-2025-1305	Cross-Site Request Forgery (CSRF) vulnerability in Spicethemes Newsblogger The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. network low complexity spicethemes CWE-352	8.8
2025-05-01	CVE-2025-2168	The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1. network low complexity CWE-352	4.3
2025-04-22	CVE-2025-31328	SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. network low complexity CWE-352	4.6
2025-04-22	CVE-2025-46231	Cross-Site Request Forgery (CSRF) vulnerability in Servit Affiliate-Toolkit Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit allows Cross Site Request Forgery. network low complexity servit CWE-352	8.8