Total
6245 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24395 | 1 Wpplugin | 1 Contact Form 7 Redirect \& Thank You Page | 2024-10-18 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 Redirect & Thank You Page plugin <= 1.0.3 versions. | ||||
| CVE-2023-34028 | 1 Pluginus | 1 Wolf - Wordpress Posts Bulk Editor And Manager Professional | 2024-10-18 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions. | ||||
| CVE-2023-23795 | 1 Web-settler | 1 Form Builder | 2024-10-18 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder plugin <= 1.9.9.0 versions. | ||||
| CVE-2024-48758 | 1 Dingfanzu | 1 Cms | 2024-10-18 | 6.1 Medium |
| dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code | ||||
| CVE-2024-9351 | 2024-10-18 | 4.3 Medium | ||
| The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the quiz 'create_module' function. This makes it possible for unauthenticated attackers to create draft quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-48048 | 2024-10-18 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WSIFY – Sales can fly Wsify Widget allows Stored XSS.This issue affects Wsify Widget: from n/a through 1.0. | ||||
| CVE-2024-48037 | 2024-10-18 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.4.2. | ||||
| CVE-2024-48047 | 2024-10-18 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Razon Komar Pal Linked Variation for WooCommerce allows Cross Site Request Forgery.This issue affects Linked Variation for WooCommerce: from n/a through 1.0.5. | ||||
| CVE-2024-48031 | 2024-10-18 | 6.5 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Sumit Surai Featured Posts with Multiple Custom Groups (FPMCG) allows Cross Site Request Forgery.This issue affects Featured Posts with Multiple Custom Groups (FPMCG): from n/a through 4.0. | ||||
| CVE-2024-48038 | 2024-10-18 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Hans Matzen wp-Monalisa allows Cross Site Request Forgery.This issue affects wp-Monalisa: from n/a through 6.4. | ||||
| CVE-2024-49304 | 2024-10-18 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.1. | ||||
| CVE-2024-49313 | 2024-10-18 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in RudeStan VKontakte Wall Post allows Stored XSS.This issue affects VKontakte Wall Post: from n/a through 2.0. | ||||
| CVE-2024-9352 | 2024-10-18 | 4.3 Medium | ||
| The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the custom form 'create_module' function. This makes it possible for unauthenticated attackers to create draft forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2018-16966 | 1 Filemanagerpro | 1 File Manager | 2024-10-18 | N/A |
| There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. | ||||
| CVE-2023-35917 | 1 Woocommerce | 1 Paypal Payments | 2024-10-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions. | ||||
| CVE-2023-22673 | 1 Magenet | 1 Website Monetization | 2024-10-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Monetization by MageNet plugin <= 1.0.29.1 versions. | ||||
| CVE-2024-45693 | 1 Apache | 1 Cloudstack | 2024-10-17 | 8 High |
| Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account takeover, disruption, exposure of sensitive data and compromise integrity of the resources owned by the user account that are managed by the platform. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1 Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. | ||||
| CVE-2023-3579 | 1 Hadsky | 1 Hadsky | 2024-10-17 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in HadSky 7.11.8. Affected by this issue is some unknown functionality of the component User Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233372. | ||||
| CVE-2024-8507 | 1 Filemanagerpro | 1 File Manager | 2024-10-17 | 8.8 High |
| The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mk_file_folder_manager' ajax action. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-22287 | 1 Ludek | 1 Better Anchor Links | 2024-10-17 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting (XSS).This issue affects Better Anchor Links: from n/a through 1.7.5. | ||||