Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2025-03-11 CVE-2025-28864 Cross-Site Request Forgery (CSRF) vulnerability in Planetstudio Builder for Contact Form 7
Cross-Site Request Forgery (CSRF) vulnerability in Planet Studio Builder for Contact Form 7 by Webconstruct allows Cross Site Request Forgery.
network
low complexity
planetstudio CWE-352
8.8
2025-03-11 CVE-2025-28866 Cross-Site Request Forgery (CSRF) vulnerability in Smerriman Login Logger
Cross-Site Request Forgery (CSRF) vulnerability in smerriman Login Logger allows Cross Site Request Forgery.
network
low complexity
smerriman CWE-352
8.8
2025-03-11 CVE-2025-28867 Cross-Site Request Forgery (CSRF) vulnerability in Stesvis Frontpage Category Filter
Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter allows Cross Site Request Forgery.
network
low complexity
stesvis CWE-352
8.8
2025-03-11 CVE-2025-28868 Cross-Site Request Forgery (CSRF) vulnerability in Condenast Ziplist Recipe
Cross-Site Request Forgery (CSRF) vulnerability in ZipList ZipList Recipe allows Cross Site Request Forgery.
network
low complexity
condenast CWE-352
8.8
2025-03-11 CVE-2024-13436 The Appsero Helper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2.
network
low complexity
CWE-352
6.1
2025-03-10 CVE-2025-24387 Cross-Site Request Forgery (CSRF) vulnerability in Otrs
A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions.
network
low complexity
otrs CWE-352
6.5
2025-03-10 CVE-2025-1926 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8.
network
low complexity
CWE-352
4.3
2025-03-08 CVE-2024-11640 Cross-Site Request Forgery (CSRF) vulnerability in E4Jconnect Vikrentcar
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2.
network
low complexity
e4jconnect CWE-352
8.8
2025-03-08 CVE-2024-13774 Cross-Site Request Forgery (CSRF) vulnerability in Wpfactory Wishlist for Woocommerce
The Wishlist for WooCommerce: Multi Wishlists Per Customer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.7.
network
low complexity
wpfactory CWE-352
6.5
2025-03-07 CVE-2024-12634 The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 2.0.59.
network
low complexity
CWE-352
6.1