Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2025-03-19 CVE-2024-13933 The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.
network
low complexity
CWE-352
8.8
2025-03-15 CVE-2025-1530 Cross-Site Request Forgery (CSRF) vulnerability in Tripetto
The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.0.9.
network
low complexity
tripetto CWE-352
4.3
2025-03-14 CVE-2024-13913 The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83.
network
low complexity
CWE-352
8.8
2025-03-14 CVE-2025-1764 The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1.
network
high complexity
CWE-352
7.5
2025-03-11 CVE-2025-28857 Cross-Site Request Forgery (CSRF) vulnerability in Rankchecker
Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration allows Stored XSS.
network
low complexity
rankchecker CWE-352
6.1
2025-03-11 CVE-2025-28859 Cross-Site Request Forgery (CSRF) vulnerability in Codevibrant Maintenance Notice
Cross-Site Request Forgery (CSRF) vulnerability in CodeVibrant Maintenance Notice allows Cross Site Request Forgery.
network
low complexity
codevibrant CWE-352
8.8
2025-03-11 CVE-2025-28860 Cross-Site Request Forgery (CSRF) vulnerability in Ppdpurveyor Google News Editors Picks Feed Generator
Cross-Site Request Forgery (CSRF) vulnerability in PPDPurveyor Google News Editors Picks Feed Generator allows Stored XSS.
network
low complexity
ppdpurveyor CWE-352
6.1
2025-03-11 CVE-2025-28861 Cross-Site Request Forgery (CSRF) vulnerability in Bhzad WP Jquery Persian Datepicker 0.1.0
Cross-Site Request Forgery (CSRF) vulnerability in bhzad WP jQuery Persian Datepicker allows Stored XSS.
network
low complexity
bhzad CWE-352
6.1
2025-03-11 CVE-2025-28862 Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Comment Date and Gravatar Remover 1.0
Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Comment Date and Gravatar remover allows Cross Site Request Forgery.
network
low complexity
venugopal CWE-352
8.8
2025-03-11 CVE-2025-28863 Cross-Site Request Forgery (CSRF) vulnerability in Carlosminatti Delete Original Image
Cross-Site Request Forgery (CSRF) vulnerability in Carlos Minatti Delete Original Image allows Cross Site Request Forgery.
network
low complexity
carlosminatti CWE-352
8.8