Total
6245 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3579 | 1 Hadsky | 1 Hadsky | 2024-10-17 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in HadSky 7.11.8. Affected by this issue is some unknown functionality of the component User Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233372. | ||||
| CVE-2024-8507 | 1 Filemanagerpro | 1 File Manager | 2024-10-17 | 8.8 High |
| The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mk_file_folder_manager' ajax action. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-22287 | 1 Ludek | 1 Better Anchor Links | 2024-10-17 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting (XSS).This issue affects Better Anchor Links: from n/a through 1.7.5. | ||||
| CVE-2023-22694 | 1 Bigcontact Contact Page Project | 1 Bigcontact Contact Page | 2024-10-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Arian Khosravi, Norik Davtian BigContact Contact Page plugin <= 1.5.8 versions. | ||||
| CVE-2023-23869 | 1 Digitalinspiration | 1 Google Xml Sitemap For Mobile | 2024-10-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Mobile plugin <= 1.6.1 versions. | ||||
| CVE-2023-24405 | 1 Wpplugin | 1 Paypal \& Stripe Add-on | 2024-10-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3 versions. | ||||
| CVE-2023-23804 | 1 Hasthemes | 1 Ht Feed | 2024-10-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed plugin <= 1.2.7 versions. | ||||
| CVE-2023-23704 | 1 Pixelgrade | 1 Comments Rating | 2024-10-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.6 versions. | ||||
| CVE-2023-28995 | 1 Configurable Tag Cloud Project | 1 Configurable Tag Cloud | 2024-10-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Configurable Tag Cloud (CTC) plugin <= 5.2 versions. | ||||
| CVE-2023-23993 | 1 Lionscripts | 1 Ip Blocker Lite | 2024-10-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com LionScripts: IP Blocker Lite plugin <= 11.1.1 versions. | ||||
| CVE-2023-28986 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2024-10-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin <= 2.9.20 versions. | ||||
| CVE-2024-47828 | 1 Ampache | 1 Ampache | 2024-10-17 | 5.3 Medium |
| ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. This vulnerability can be exploited by creating a malicious script with an arbitrary playlist ID belonging to another user. When the user submits the request, their playlist will be deleted. Any User with active sessions who are tricked into submitting a malicious request are impacted, as their playlists or other objects could be deleted without their consent. | ||||
| CVE-2024-6649 | 1 Oretnom23 | 1 Employee And Visitor Gate Pass Logging System | 2024-10-17 | 4.3 Medium |
| A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is the function save_users of the file Users.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271057 was assigned to this vulnerability. | ||||
| CVE-2021-4425 | 1 Wpmudev | 1 Defender Security | 2024-10-17 | 4.3 Medium |
| The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to verify a one time login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2020-36836 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2024-10-16 | 8.8 High |
| The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server. | ||||
| CVE-2024-47846 | 2 Mediawiki, Wikimedia | 2 Cargo, Mediawiki-cargo | 2024-10-16 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | ||||
| CVE-2024-41344 | 1 Codeigniter | 1 Codeigniter | 2024-10-16 | 7.5 High |
| A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges. | ||||
| CVE-2024-48278 | 1 Phpgurukul | 1 User Registration And Login And User Management System | 2024-10-16 | 5.5 Medium |
| Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php. | ||||
| CVE-2020-36839 | 2024-10-16 | 8.3 High | ||
| The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative actions, such as adding pages to the site and/or replacing site content with malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-9649 | 2024-10-16 | 4.3 Medium | ||
| The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. This is due to missing or incorrect nonce validation on the wp_ulike_delete_history_api() function. This makes it possible for unauthenticated attackers to delete engagements via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||