Filtered by CWE-352
Total 6245 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-32096 2024-08-02 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in DAEV.Tech WP Migration Plugin DB & Files – WP Synchro.This issue affects WP Migration Plugin DB & Files – WP Synchro: from n/a through 1.11.2.
CVE-2024-32088 2024-08-02 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.15.20.
CVE-2024-32085 2024-08-02 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a before 5.20.0.
CVE-2024-32095 2024-08-02 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in MultiParcels MultiParcels Shipping For WooCommerce.This issue affects MultiParcels Shipping For WooCommerce: from n/a before 1.16.9.
CVE-2024-32089 2024-08-02 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7.
CVE-2024-31986 1 Xwiki 1 Xwiki 2024-08-02 9.1 Critical
XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, apply the patch manually by modifying the `Scheduler.WebHome` page.
CVE-2024-31985 2024-08-02 5.4 Medium
XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in any content as an image. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, manually apply the patch by modifying the `Scheduler.WebHome` page.
CVE-2024-31933 2024-08-02 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.35.
CVE-2024-31939 2024-08-02 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3.
CVE-2024-31938 2024-08-02 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Themeinwp NewsXpress.This issue affects NewsXpress: from n/a through 1.0.7.
CVE-2024-31923 2024-08-02 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in PluginOps Feather Login Page.This issue affects Feather Login Page: from n/a through 1.1.5.
CVE-2024-31944 2024-08-02 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping – Live Rates and Access Points.This issue affects WooCommerce UPS Shipping – Live Rates and Access Points: from n/a through 2.2.4.
CVE-2024-31940 2024-08-02 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in RedNao Extra Product Options Builder for WooCommerce.This issue affects Extra Product Options Builder for WooCommerce: from n/a through 1.2.104.
CVE-2024-31941 2024-08-02 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Media Player.This issue affects CP Media Player: from n/a through 1.1.3.
CVE-2024-31922 2024-08-02 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Anton Aleksandrov WordPress Hosting Benchmark tool.This issue affects WordPress Hosting Benchmark tool: from n/a through 1.3.6.
CVE-2024-31943 2024-08-02 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2.
CVE-2024-31936 2024-08-02 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6.
CVE-2024-31935 2024-08-02 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6.
CVE-2024-31932 2024-08-02 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28.
CVE-2024-31942 2024-08-02 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.2.