Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-28 | CVE-2024-13521 | Cross-Site Request Forgery (CSRF) vulnerability in Ilghera Mailup Auto Subscription The MailUp Auto Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. | 5.4 |
| 2025-01-27 | CVE-2025-24742 | Cross-Site Request Forgery (CSRF) vulnerability in Codecabin WP GO Maps Cross-Site Request Forgery (CSRF) vulnerability in WP Go Maps (formerly WP Google Maps) WP Go Maps. | 8.8 |
| 2025-01-26 | CVE-2024-11641 | Cross-Site Request Forgery (CSRF) vulnerability in Vikwp Vikbooking Hotel Booking Engine & PMS The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. | 8.8 |
| 2025-01-25 | CVE-2024-13709 | The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. | 4.3 |
| 2025-01-24 | CVE-2024-13683 | Cross-Site Request Forgery (CSRF) vulnerability in Sperse Automate HUB The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.0. | 4.3 |
| 2025-01-23 | CVE-2024-13511 | Cross-Site Request Forgery (CSRF) vulnerability in Variation Swatches for Woocommerce Project Variation Swatches for Woocommerce The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2, contains a vulnerability due to improper nonce verification in its settings reset functionality. | 4.3 |
| 2025-01-21 | CVE-2024-13444 | The wp-greet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2. | 6.1 |
| 2025-01-21 | CVE-2024-12005 | Cross-Site Request Forgery (CSRF) vulnerability in Infinitescript Wp-Bibtex The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. | 6.1 |
| 2025-01-18 | CVE-2024-12385 | Cross-Site Request Forgery (CSRF) vulnerability in Kevonadonis WP Abstracts The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. | 6.1 |
| 2025-01-18 | CVE-2024-13317 | The ShipWorks Connector for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. | 4.3 |