CVE & Exploit Intelligence Database

CVE-2025-52783 7.1 HIGH EPSS 0.00

Cross-Site Request Forgery (CSRF) vulnerability in themelocation Change Cart button Colors WooCommerce allows Stored XSS. This issue affects Change Cart button Colors WooCommerce: from n/a through 1.0.

CWE-352 Jun 20, 2025

CVE-2025-52781 7.1 HIGH EPSS 0.00

Cross-Site Request Forgery (CSRF) vulnerability in Beee TinyNav allows Stored XSS. This issue affects TinyNav: from n/a through 1.4.

CWE-352 Jun 20, 2025

CVE-2025-52780 7.1 HIGH EPSS 0.00

Cross-Site Request Forgery (CSRF) vulnerability in Mohammad Parsa Logo Manager For Samandehi allows Stored XSS. This issue affects Logo Manager For Samandehi: from n/a through 0.5.

CWE-352 Jun 20, 2025

CVE-2025-52772 7.1 HIGH EPSS 0.00

Cross-Site Request Forgery (CSRF) vulnerability in Adnan Haque (a11n) Virtual Moderator allows Cross-Site Scripting (XSS). This issue affects Virtual Moderator: from n/a through 1.4.

CWE-352 Jun 20, 2025

CVE-2025-52711 4.3 MEDIUM EPSS 0.00

Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8.

CWE-352 Jun 20, 2025

CVE-2025-50044 6.5 MEDIUM EPSS 0.00

Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager allows Cross Site Request Forgery. This issue affects Real Estate Manager: from n/a through 7.3.

CWE-352 Jun 20, 2025

CVE-2025-50036 6.5 MEDIUM EPSS 0.00

Cross-Site Request Forgery (CSRF) vulnerability in Yamna Khawaja Mailing Group Listserv allows Cross Site Request Forgery. This issue affects Mailing Group Listserv: from n/a through 3.0.5.

CWE-352 Jun 20, 2025

CVE-2025-49977 4.3 MEDIUM EPSS 0.00

Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory WP Inventory Manager allows Cross Site Request Forgery. This issue affects WP Inventory Manager: from n/a through 2.3.4.

CWE-352 Jun 20, 2025

CVE-2025-49975 4.3 MEDIUM EPSS 0.00

Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.4.0.

CWE-352 Jun 20, 2025

CVE-2025-49972 4.3 MEDIUM EPSS 0.00

Cross-Site Request Forgery (CSRF) vulnerability in David Wood TM Replace Howdy allows Cross Site Request Forgery. This issue affects TM Replace Howdy: from n/a through 1.4.2.

CWE-352 Jun 20, 2025

CVE-2025-49968 4.3 MEDIUM EPSS 0.00

Cross-Site Request Forgery (CSRF) vulnerability in Oganro XML Travel Portal Widget allows Cross Site Request Forgery. This issue affects XML Travel Portal Widget: from n/a through 2.0.

CWE-352 Jun 20, 2025

CVE-2025-49967 4.3 MEDIUM EPSS 0.00

Cross-Site Request Forgery (CSRF) vulnerability in marcusjansen Live Sports Streamthunder allows Cross Site Request Forgery. This issue affects Live Sports Streamthunder: from n/a through 2.1.

CWE-352 Jun 20, 2025

CVE-2025-49966 4.3 MEDIUM EPSS 0.00

Cross-Site Request Forgery (CSRF) vulnerability in Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API allows Cross Site Request Forgery. This issue affects Oganro Travel Portal Search Widget for HotelBeds APITUDE API: from n/a through 1.0.

CWE-352 Jun 20, 2025

CVE-2025-49965 4.3 MEDIUM EPSS 0.00

Cross-Site Request Forgery (CSRF) vulnerability in Oganro PixelBeds Channel Manager and Hotel Booking Engine allows Cross Site Request Forgery. This issue affects PixelBeds Channel Manager and Hotel Booking Engine: from n/a through 1.0.

CWE-352 Jun 20, 2025

CVE-2025-49964 4.3 MEDIUM EPSS 0.00

Cross-Site Request Forgery (CSRF) vulnerability in indgeek ClipLink allows Cross Site Request Forgery. This issue affects ClipLink: from n/a through 1.1.

CWE-352 Jun 20, 2025

CVE-2025-6341 4.3 MEDIUM EPSS 0.00

A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CWE-862 Jun 20, 2025

CVE-2025-6284 4.3 MEDIUM EPSS 0.00

A vulnerability was found in PHPGurukul Car Rental Portal 3.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CWE-862 Jun 19, 2025

CVE-2024-54172 4.3 MEDIUM EPSS 0.00

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

CWE-352 Jun 18, 2025

CVE-2025-49865 4.3 MEDIUM EPSS 0.00

Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.0.1.

CWE-352 Jun 17, 2025

CVE-2025-49856 4.3 MEDIUM EPSS 0.00

Cross-Site Request Forgery (CSRF) vulnerability in CyberChimps Responsive Plus allows Cross Site Request Forgery. This issue affects Responsive Plus: from n/a through 3.2.2.

CWE-352 Jun 17, 2025