Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2025-03-07 CVE-2025-0748 The Homey theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.3.
network
low complexity
CWE-352
4.3
2025-03-06 CVE-2025-1383 Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podcast Publisher
The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2.
network
low complexity
podlove CWE-352
4.3
2025-03-05 CVE-2025-1463 The Spreadsheet Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2.
network
low complexity
CWE-352
4.3
2025-03-05 CVE-2025-0990 The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.4.
network
low complexity
CWE-352
4.3
2025-03-05 CVE-2025-1435 The bbPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.11.
network
low complexity
CWE-352
6.3
2025-03-04 CVE-2024-13682 Cross-Site Request Forgery (CSRF) vulnerability in Wpswings Wallet System for Woocommerce
The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2.
network
low complexity
wpswings CWE-352
4.3
2025-03-04 CVE-2025-1306 Cross-Site Request Forgery (CSRF) vulnerability in Spicethemes Newscrunch
The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4.
network
low complexity
spicethemes CWE-352
8.8
2025-03-04 CVE-2025-1891 Cross-Site Request Forgery (CSRF) vulnerability in Qzw1210 Shishuocms 1.1
A vulnerability was found in shishuocms 1.1 and classified as problematic.
network
low complexity
qzw1210 CWE-352
8.8
2025-03-01 CVE-2024-13518 The Simple:Press Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.10.11.
network
low complexity
CWE-352
4.3
2025-02-28 CVE-2025-1506 Cross-Site Request Forgery (CSRF) vulnerability in Wpmet WP Social Login and Register Social Counter
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.0.
network
low complexity
wpmet CWE-352
4.3