Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2025-04-04 CVE-2025-32280 Cross-Site Request Forgery (CSRF) vulnerability in Wedevs WP Project Manager
Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager allows Cross Site Request Forgery.
network
low complexity
wedevs CWE-352
8.8
2025-04-04 CVE-2025-2797 The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21.
network
low complexity
CWE-352
5.4
2025-04-02 CVE-2024-56474 IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
CWE-352
4.3
2025-04-02 CVE-2025-3099 The Advanced Search by My Solr Server plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5.
network
low complexity
CWE-352
6.1
2025-03-26 CVE-2025-20228 In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).
network
low complexity
CWE-352
6.5
2025-03-25 CVE-2024-13710 The Estatebud – Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0.
network
low complexity
CWE-352
4.3
2025-03-25 CVE-2025-2319 The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08.
network
low complexity
CWE-352
8.8
2025-03-25 CVE-2025-1320 The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9.
network
low complexity
CWE-352
4.3
2025-03-22 CVE-2024-13768 The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.
network
low complexity
CWE-352
4.3
2025-03-22 CVE-2025-0807 The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.
network
low complexity
CWE-352
4.3