Total
6244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0807 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2024-10-22 | N/A |
| The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638. | ||||
| CVE-2023-52431 | 2 Plack\, Plack Middleware | 2 \, Xsrf Block Package For Perl | 2024-10-21 | 8.8 High |
| The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled). | ||||
| CVE-2021-4422 | 1 Wpexperts | 1 Post Smtp Mailer | 2024-10-21 | 4.3 Medium |
| The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport() function. This makes it possible for unauthenticated attackers to trigger a CSV export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-38885 | 1 Os4ed | 1 Opensis | 2024-10-21 | 8.8 High |
| OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request. | ||||
| CVE-2023-28023 | 1 Hcltech | 1 Bigfix Webui | 2024-10-21 | 4.9 Medium |
| A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). | ||||
| CVE-2013-1692 | 2 Mozilla, Redhat | 5 Firefox, Thunderbird, Thunderbird Esr and 2 more | 2024-10-21 | N/A |
| Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site. | ||||
| CVE-2014-8638 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2024-10-21 | N/A |
| The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site. | ||||
| CVE-2018-12364 | 4 Canonical, Debian, Mozilla and 1 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2024-10-21 | N/A |
| NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | ||||
| CVE-2023-5006 | 1 Sarveshmrao | 1 Wp Discord Invite | 2024-10-21 | 6.5 Medium |
| The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request. | ||||
| CVE-2024-22817 | 1 Flycms Project | 1 Flycms | 2024-10-21 | 8.8 High |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte | ||||
| CVE-2023-25449 | 1 Cformsii Project | 1 Cformsii | 2024-10-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bastian Germann cformsII plugin <= 15.0.4 versions. | ||||
| CVE-2023-25450 | 1 Givewp | 1 Givewp | 2024-10-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions. | ||||
| CVE-2023-27634 | 1 Intrepidity Project | 1 Intrepidity | 2024-10-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions. | ||||
| CVE-2023-47024 | 1 Ncratleos | 1 Terminal Handler | 2024-10-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types. | ||||
| CVE-2024-39628 | 1 Ninjaforms | 1 Ninja Forms | 2024-10-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6. | ||||
| CVE-2024-0624 | 1 Strangerstudios | 1 Paid Memberships Pro | 2024-10-18 | 5.3 Medium |
| The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_update_level_order() function. This makes it possible for unauthenticated attackers to update the order of levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-25055 | 1 Digitalinspiration | 1 Google Xml Sitemap For Videos | 2024-10-18 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin <= 2.6.1 versions. | ||||
| CVE-2023-34373 | 1 Zephyr Project Manager Project | 1 Zephyr Project Manager | 2024-10-18 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions. | ||||
| CVE-2023-6946 | 1 Unalignedcode | 1 Autotitle | 2024-10-18 | 8.8 High |
| The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | ||||
| CVE-2023-24395 | 1 Wpplugin | 1 Contact Form 7 Redirect \& Thank You Page | 2024-10-18 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 Redirect & Thank You Page plugin <= 1.0.3 versions. | ||||