Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2025-03-08 CVE-2024-13774 Cross-Site Request Forgery (CSRF) vulnerability in Wpfactory Wishlist for Woocommerce
The Wishlist for WooCommerce: Multi Wishlists Per Customer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.7.
network
low complexity
wpfactory CWE-352
6.5
6.5
2025-03-07 CVE-2024-12634 The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 2.0.59.
network
low complexity
CWE-352
6.1
6.1
2025-03-07 CVE-2025-0748 The Homey theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.3.
network
low complexity
CWE-352
4.3
4.3
2025-03-06 CVE-2025-1383 Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podcast Publisher
The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2.
network
low complexity
podlove CWE-352
4.3
4.3
2025-03-05 CVE-2025-1463 The Spreadsheet Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2.
network
low complexity
CWE-352
4.3
4.3
2025-03-05 CVE-2025-0990 The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.4.
network
low complexity
CWE-352
4.3
4.3
2025-03-05 CVE-2025-1435 The bbPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.11.
network
low complexity
CWE-352
6.3
6.3
2025-03-04 CVE-2024-13682 Cross-Site Request Forgery (CSRF) vulnerability in Wpswings Wallet System for Woocommerce
The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2.
network
low complexity
wpswings CWE-352
4.3
4.3
2025-03-04 CVE-2025-1306 Cross-Site Request Forgery (CSRF) vulnerability in Spicethemes Newscrunch
The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4.
network
low complexity
spicethemes CWE-352
8.8
8.8
2025-03-04 CVE-2025-1891 Cross-Site Request Forgery (CSRF) vulnerability in Qzw1210 Shishuocms 1.1
A vulnerability was found in shishuocms 1.1 and classified as problematic.
network
low complexity
qzw1210 CWE-352
8.8
8.8