Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (9404 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-23227 1 Php Everywhere Project 1 Php Everywhere 2025-02-20 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP Everywhere plugin <= 2.0.2 versions.
CVE-2021-44777 1 Email Tracker Project 1 Email Tracker 2025-02-20 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions <= 5.2.6).
CVE-2022-23983 1 Wp-buy 1 Wp Content Copy Protection \& No Right Click 2025-02-20 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4).
CVE-2022-25599 1 Spiffyplugins 1 Spiffy Calendar 2025-02-20 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0).
CVE-2022-25608 1 Yooslider 1 Yoo Slider 2025-02-20 5.4 Medium
Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action.
CVE-2022-25615 1 Stylemixthemes 1 Eroom - Zoom Meetings \& Webinar 2025-02-20 4.3 Medium
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion.
CVE-2022-25614 1 Stylemixthemes 1 Eroom - Zoom Meetings \& Webinar 2025-02-20 4.3 Medium
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings.
CVE-2021-36914 1 Claderaform 1 Calderawp License Manager 2025-02-20 6.1 Medium
Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11.
CVE-2022-27847 1 Yooslider 1 Yoo Slider 2025-02-20 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates.
CVE-2022-27846 1 Yooslider 1 Yoo Slider 2025-02-20 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider.
CVE-2022-27850 1 Plugin-planet 1 Simple Ajax Chat 2025-02-20 5.4 Medium
Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message.
CVE-2022-27851 1 Dineshkarki 1 Use Any Font 2025-02-20 5.4 Medium
Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key.
CVE-2022-23976 1 Accesspressthemes 1 Access Demo Importer 2025-02-20 8.1 High
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media).
CVE-2022-23975 1 Accesspressthemes 1 Access Demo Importer 2025-02-20 6.5 Medium
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin.
CVE-2022-27860 1 Footer-text Project 1 Footer-text 2025-02-20 6.1 Medium
Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin <= 2.0.3 on WordPress.
CVE-2022-29413 1 Hermit Project 1 Hermit 2025-02-20 4.7 Medium
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress via &title parameter.
CVE-2022-29412 1 Hermit Project 1 Hermit 2025-02-20 5.4 Medium
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source.
CVE-2022-29414 1 Wpkube 1 Subscribe To Comments Reloaded 2025-02-20 5.4 Medium
Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription.
CVE-2022-29451 1 Rarathemes 1 Rara One Click Demo Import 2025-02-20 8.8 High
Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory.
CVE-2022-29429 1 Code Snippets Extended Project 1 Code Snippets Extended 2025-02-20 8.8 High
Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery.