Total
6244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43710 | 1 Gxsoftware | 1 Xperiencentral | 2024-10-23 | 8.8 High |
| Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields. | ||||
| CVE-2020-36750 | 1 Ewww | 1 Image Optimizer | 2024-10-23 | 4.3 Medium |
| The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. This is due to missing or incorrect nonce validation on the ewww_ngg_bulk_init() function. This makes it possible for unauthenticated attackers to perform bulk image optimization via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-39153 | 1 Jenkins | 1 Gitlab Authentication | 2024-10-23 | 5.4 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account. | ||||
| CVE-2023-39156 | 1 Jenkins | 1 Bazaar | 2024-10-23 | 5.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags. | ||||
| CVE-2020-21881 | 1 Duxcms Project | 1 Duxcms | 2024-10-22 | 6.5 Medium |
| Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add. | ||||
| CVE-2024-49629 | 1 Androidbubbles | 1 Endless Posts Navigation | 2024-10-22 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Fahad Mahmood Endless Posts Navigation allows Stored XSS.This issue affects Endless Posts Navigation: from n/a through 2.2.7. | ||||
| CVE-2023-33534 | 2 Guanzhou Tozed Kangwei Intelligent Technology, Sztozed | 3 Zlts10g, Zlt S10g, Zlt S10g Firmware | 2024-10-22 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G_3.11.6 allows attackers to takeover user accounts via sending a crafted POST request to /goform/goform_set_cmd_process. | ||||
| CVE-2024-47634 | 2 Majas-lapu-izstrade, Woocommerce | 2 Cartbounty, Streamline.lv | 2024-10-22 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty – Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a through 8.2. | ||||
| CVE-2024-49250 | 1 Dublue | 1 Table Of Contents Plus | 2024-10-22 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through 2408. | ||||
| CVE-2024-49272 | 1 Wpwebinfotech | 1 Social Auto Poster | 2024-10-22 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WPWeb Social Auto Poster allows Cross Site Request Forgery.This issue affects Social Auto Poster: from n/a through 5.3.15. | ||||
| CVE-2024-49274 | 1 Infomaniak | 1 Vod Infomaniak | 2024-10-22 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Infomaniak Staff VOD Infomaniak allows Cross Site Request Forgery.This issue affects VOD Infomaniak: from n/a through 1.5.7. | ||||
| CVE-2024-49275 | 1 Northernbeacheswebsites | 1 Ideapush | 2024-10-22 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson IdeaPush allows Cross Site Request Forgery.This issue affects IdeaPush: from n/a through 8.69. | ||||
| CVE-2024-49290 | 1 Boxystudio | 1 Cooked | 2024-10-22 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0. | ||||
| CVE-2024-49306 | 1 Wp-buy | 1 Wp Content Copy Protection \& No Right Click | 2024-10-22 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WP-buy WP Content Copy Protection & No Right Click allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through 3.5.9. | ||||
| CVE-2024-49627 | 1 Noorsplugin | 1 Wordpress Image Seo | 2024-10-22 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Noor Alam WordPress Image SEO allows Cross Site Request Forgery.This issue affects WordPress Image SEO: from n/a through 1.1.4. | ||||
| CVE-2024-49628 | 1 Whiletrue | 1 Most And Least Read Posts Widget | 2024-10-22 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WhileTrue Most And Least Read Posts Widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.18. | ||||
| CVE-2024-49615 | 1 Henriquerodrigues | 1 Safetyforms | 2024-10-22 | 8.2 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Henrique Rodrigues SafetyForms allows Blind SQL Injection.This issue affects SafetyForms: from n/a through 1.0.0. | ||||
| CVE-2023-4047 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Enterprise Linux and 4 more | 2024-10-22 | 8.8 High |
| A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | ||||
| CVE-2022-1617 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-10-22 | 6.1 Medium |
| The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them | ||||
| CVE-2023-35030 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-10-22 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter. | ||||