Total
6243 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25982 | 2024-08-01 | 4.3 Medium | ||
| The link to update all installed language packs did not include the necessary token to prevent a CSRF risk. | ||||
| CVE-2024-25932 | 2024-08-01 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Manish Kumar Agarwal Change Table Prefix.This issue affects Change Table Prefix: from n/a through 2.0. | ||||
| CVE-2024-25904 | 2024-08-01 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in David Stockl TinyMCE and TinyMCE Advanced Professsional Formats and Styles.This issue affects TinyMCE and TinyMCE Advanced Professsional Formats and Styles: from n/a through 1.1.2. | ||||
| CVE-2024-25905 | 2024-08-01 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18. | ||||
| CVE-2024-25930 | 2024-08-01 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2. | ||||
| CVE-2024-25692 | 2024-08-01 | 5.4 Medium | ||
| There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and Integrity vectors is limited and of low severity. | ||||
| CVE-2024-25418 | 1 Flusity | 1 Flusity | 2024-08-01 | 8.8 High |
| flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php. | ||||
| CVE-2024-25419 | 1 Flusity | 1 Flusity | 2024-08-01 | 8.8 High |
| flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php. | ||||
| CVE-2024-25417 | 1 Flusity | 1 Flusity | 2024-08-01 | 8.8 High |
| flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php. | ||||
| CVE-2024-24837 | 2024-08-01 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0. | ||||
| CVE-2024-24843 | 2024-08-01 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in PowerPack Addons for Elementor PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a before 2.10.8. | ||||
| CVE-2024-24872 | 2024-08-01 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5. | ||||
| CVE-2024-24849 | 2024-08-01 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. | ||||
| CVE-2024-24820 | 1 Icinga | 1 Icinga | 2024-08-01 | 8.3 High |
| Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being. | ||||
| CVE-2024-24802 | 2024-08-01 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in John Tendik JTRT Responsive Tables.This issue affects JTRT Responsive Tables: from n/a through 4.1.9. | ||||
| CVE-2024-24819 | 1 Icinga | 1 Icingaweb2-module-incubator | 2024-08-01 | 5.3 Medium |
| icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipfl\Web\Form` is the base for various concrete form implementations [1] and provides protection against cross site request forgery (CSRF) by default. This is done by automatically adding an element with a CSRF token to any form, unless explicitly disabled, but even if enabled, the CSRF token (sent during a client's submission of a form relying on it) is not validated. This enables attackers to perform changes on behalf of a user which, unknowingly, interacts with a prepared link or website. The version 0.22.0 is available to remedy this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-24702 | 2024-08-01 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Matt Martz & Andy Stratton Page Restrict.This issue affects Page Restrict: from n/a through 2.5.5. | ||||
| CVE-2024-24708 | 2024-08-01 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.19. | ||||
| CVE-2024-24705 | 2024-08-01 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.This issue affects Accessibility: from n/a through 1.0.6. | ||||
| CVE-2024-24706 | 1 Forumone | 1 Wp-cfm | 2024-08-01 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8. | ||||