High
CVE-2024-53762
Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook fastbook-responsive-appointment-booking-and-scheduling-system allows Stored XSS.This issue affects FastBook: from n/a through…
Tag: Cross-Site Request Forgery (CSRF)
All CVEs associated with "Cross-Site Request Forgery (CSRF)". Page 23/80 • 9568 CVEs.
Subscribe CVEs: RSS for “Cross-Site Request Forgery (CSRF)” · RSS (High+Critical only)
About “Cross-Site Request Forgery (CSRF)”
A curated feed of “Cross-Site Request Forgery (CSRF)”-related CVEs appears below. We currently track 9568 CVEs for this tag (all time). In the last 365 days, 1403 were published. Average CVSS is 6.4 (all time; 5.6 over 365d), and 37% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-352 - Cross-Site Request Forgery (CSRF), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2024-12-02
Medium
CVE-2024-53761
Cross-Site Request Forgery (CSRF) vulnerability in P Roy WP Revisions Manager wp-revisions-manager allows Cross Site Request Forgery.This issue affects WP Revisions Manager: from n/a through <= 1.0.2.
High
CVE-2024-53755
Cross-Site Request Forgery (CSRF) vulnerability in Andrea Pernici Third Party Cookie Eraser third-party-cookie-eraser allows Stored XSS.This issue affects Third Party Cookie Eraser: from n/a through…
High
CVE-2024-53754
Cross-Site Request Forgery (CSRF) vulnerability in Irish_Cathal Out Of Stock Badge out-of-stock-badge allows Cross Site Request Forgery.This issue affects Out Of Stock Badge: from n/a through <= 2.0.
High
CVE-2024-53753
Cross-Site Request Forgery (CSRF) vulnerability in CultBooking CultBooking Hotel Booking Engine cultbooking-booking-engine allows Stored XSS.This issue affects CultBooking Hotel Booking Engine: from…
Medium
CVE-2024-53751
Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online build-app-online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through <= 1.0.23.
High
CVE-2024-53730
Cross-Site Request Forgery (CSRF) vulnerability in springthistle April's Call Posts aprils-call-posts allows Stored XSS.This issue affects April's Call Posts: from n/a through <= 2.1.1.
High
CVE-2024-53729
Cross-Site Request Forgery (CSRF) vulnerability in plumwd Blizzard Quotes blizzard-quotes allows Stored XSS.This issue affects Blizzard Quotes: from n/a through <= 1.3.
High
CVE-2024-53728
Cross-Site Request Forgery (CSRF) vulnerability in Oliver Lindner Protect Your Content protect-your-content allows Stored XSS.This issue affects Protect Your Content: from n/a through <= 1.0.2.
High
CVE-2024-53727
Cross-Site Request Forgery (CSRF) vulnerability in Lars Koudal LinkLaunder SEO linklaunder-seo-plugin allows Stored XSS.This issue affects LinkLaunder SEO: from n/a through <= 0.92.1.
High
CVE-2024-53726
Cross-Site Request Forgery (CSRF) vulnerability in RealtyCandy.com RealtyCandy IDX Broker Extended realtycandy-idx-broker-extended allows Stored XSS.This issue affects RealtyCandy IDX Broker Extended…
High
CVE-2024-53725
Cross-Site Request Forgery (CSRF) vulnerability in aMiT Post Hits Counter hits-counter allows Reflected XSS.This issue affects Post Hits Counter: from n/a through <= 2.8.23.
High
CVE-2024-53724
Cross-Site Request Forgery (CSRF) vulnerability in ronnybull IceStats icestats allows Stored XSS.This issue affects IceStats: from n/a through <= 1.3.
High
CVE-2024-53723
Cross-Site Request Forgery (CSRF) vulnerability in acbaltaci Google Plus Share and +1 Button google-plus-share-and-plusone-button allows Stored XSS.This issue affects Google Plus Share and +1 Button:…
High
CVE-2024-53722
Cross-Site Request Forgery (CSRF) vulnerability in rockemmusic Favicon My Blog favicon-my-blog allows Stored XSS.This issue affects Favicon My Blog: from n/a through <= 1.0.2.
High
CVE-2024-53720
Cross-Site Request Forgery (CSRF) vulnerability in ole1986 WP-ISPConfig 3 wp-ispconfig3 allows Stored XSS.This issue affects WP-ISPConfig 3: from n/a through <= 1.5.6.
High
CVE-2024-53719
Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Zajax – Ajax Navigation zajax-ajax-navigation allows Stored XSS.This issue affects Zajax – Ajax Navigation: from n/a through <= 0.4.
High
CVE-2024-53718
Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi Feed Reader multi-feed-reader allows Stored XSS.This issue affects Multi Feed Reader: from n/a through <= 2.2.4.
High
CVE-2024-53717
Cross-Site Request Forgery (CSRF) vulnerability in yonisink yPHPlista yphplista allows Stored XSS.This issue affects yPHPlista: from n/a through <= 1.1.1.
High
CVE-2024-53716
Cross-Site Request Forgery (CSRF) vulnerability in overtrue wp auto top wp-auto-top allows Stored XSS.This issue affects wp auto top: from n/a through <= 2.9.3.
High
CVE-2024-53715
Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Simple Travel Map simple-travel-map allows Stored XSS.This issue affects Simple Travel Map: from n/a through <= 0.1.
High
CVE-2024-53714
Cross-Site Request Forgery (CSRF) vulnerability in Irish_Cathal Continue Shopping From Cart continue-shopping-from-cart-page allows Stored XSS.This issue affects Continue Shopping From Cart: from n/a…
High
CVE-2024-53713
Cross-Site Request Forgery (CSRF) vulnerability in rickota Silverlight Video Player smooth-streaming-player allows Stored XSS.This issue affects Silverlight Video Player: from n/a through <= 1.0.
High
CVE-2024-53712
Cross-Site Request Forgery (CSRF) vulnerability in kevmimcc Kevin's kevins-plugin allows Stored XSS.This issue affects Kevin's: from n/a through <= 2.0.0.
High
CVE-2024-53711
Cross-Site Request Forgery (CSRF) vulnerability in tranchesdunet Hotlink2Watermark hotlink2watermark allows Stored XSS.This issue affects Hotlink2Watermark: from n/a through <= 0.3.2.
High
CVE-2024-53710
Cross-Site Request Forgery (CSRF) vulnerability in ITERAS ITERAS iteras allows Stored XSS.This issue affects ITERAS: from n/a through <= 1.8.0.
Medium
CVE-2024-53707
Cross-Site Request Forgery (CSRF) vulnerability in ahmeti Ahmeti Wp Güzel Sözler ahmeti-wp-guzel-sozler allows Cross Site Request Forgery.This issue affects Ahmeti Wp Güzel Sözler: from n/a through <…
Medium
CVE-2024-52479
Cross-Site Request Forgery (CSRF) vulnerability in Astoundify Jobify jobify allows Cross Site Request Forgery.This issue affects Jobify: from n/a through < 4.3.0.
High
CVE-2024-52477
Cross-Site Request Forgery (CSRF) vulnerability in docxpresso Document & Data Automation document-data-automation allows Stored XSS.This issue affects Document & Data Automation: from n/a through <=…
2024-12-01
High
CVE-2024-53750
Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2.
2024-11-30
High
CVE-2024-53778
Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs essential-breadcrumbs allows Stored XSS.This issue affects Essential Breadcrumbs: from n/a through <= 1.1.1.
2024-11-29
Medium
CVE-2024-11014
Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack th…
2024-11-28
High
CVE-2024-53736
Cross-Site Request Forgery (CSRF) vulnerability in Jason Grim Custom Shortcode Sidebars custom-shortcode-sidebars allows Stored XSS.This issue affects Custom Shortcode Sidebars: from n/a through <= 1…
High
CVE-2024-53734
Cross-Site Request Forgery (CSRF) vulnerability in Jamie O Idealien Category Enhancements idealien-category-enhancements allows Stored XSS.This issue affects Idealien Category Enhancements: from n/a…
High
CVE-2024-53732
Cross-Site Request Forgery (CSRF) vulnerability in wpwox Footer Flyout Widget footer-flyout-widget allows Stored XSS.This issue affects Footer Flyout Widget: from n/a through <= 1.1.
2024-11-27
Medium
CVE-2024-10521
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validati…
2024-11-26
Medium
CVE-2024-11743
A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=delete_u…
Medium
CVE-2024-11342
The Skt NURCaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing or incorrect nonce validation in the skt-nurc-a…
2024-11-25
Medium
CVE-2024-11673
A vulnerability, which was classified as problematic, has been found in 1000 Projects Bookstore Management System 1.0. This issue affects some unknown processing. The manipulation leads to cross-site…
2024-11-23
High
CVE-2024-11415
The WP-Orphanage Extended plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the wporp…
2024-11-22
Medium
CVE-2024-9665
Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User…
High
CVE-2024-11601
The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) plugin for WordPress is vulnerable to Cross-Site…
2024-11-21
Medium
CVE-2024-8157
The Alphabetical List WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Medium
CVE-2024-5029
The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logge…
Medium
CVE-2024-11416
The WIP Incoming Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the save_op…
Medium
CVE-2024-10726
The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing nonce validation on the setting…
2024-11-20
High
CVE-2024-52451
Cross-Site Request Forgery (CSRF) vulnerability in aaronrobbins Post Ideas post-ideas allows SQL Injection.This issue affects Post Ideas: from n/a through <= 2.
High
CVE-2024-52446
Cross-Site Request Forgery (CSRF) vulnerability in Buying Buddy Buying Buddy IDX CRM buying-buddy-idx-crm allows Object Injection.This issue affects Buying Buddy IDX CRM: from n/a through <= 1.2.8.
2024-11-19
Medium
CVE-2024-52392
Cross-Site Request Forgery (CSRF) vulnerability in w3speedster W3SPEEDSTER w3speedster-wp.This issue affects W3SPEEDSTER: from n/a through <= 7.25.
Medium
CVE-2024-51669
Cross-Site Request Forgery (CSRF) vulnerability in Kalmang Dynamic Widgets dynamic-widgets.This issue affects Dynamic Widgets: from n/a through <= 1.6.4.
Medium
CVE-2022-47424
Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0…
High
CVE-2024-52421
Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Popup Window Maker easy-popup-lightbox-maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through <= 2.0.
Medium
CVE-2024-52420
Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Disable Admin Notices individually disable-admin-notices allows Cross Site Request Forgery.This issue affects Disable Admin Notices indivi…
Critical
CVE-2024-52402
Cross-Site Request Forgery (CSRF) vulnerability in gunghoinc Exclusive Content Password Protect exclusive-content-password-protect allows Upload a Web Shell to a Web Server.This issue affects Exclusi…
Critical
CVE-2024-52401
Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog DownloadManager hacklog-downloadmanager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager:…
High
CVE-2024-52388
Cross-Site Request Forgery (CSRF) vulnerability in mikeage Hebrew Date hebrewdates allows Stored XSS.This issue affects Hebrew Date: from n/a through <= 2.1.0.
Medium
CVE-2024-51686
Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Manage User Columns manage-user-columns allows Cross Site Request Forgery.This issue affects Manage User Columns: from n/a through <=…
High
CVE-2024-51657
Cross-Site Request Forgery (CSRF) vulnerability in Woopy Plugins SmartLink Dynamic URLs smartlink-dinamic-urls allows Stored XSS.This issue affects SmartLink Dynamic URLs: from n/a through <= 1.1.0.
High
CVE-2024-51656
Cross-Site Request Forgery (CSRF) vulnerability in litefeel Flash Show And Hide Box flash-show-and-hide-box allows Stored XSS.This issue affects Flash Show And Hide Box: from n/a through <= 1.6.
High
CVE-2024-51655
Cross-Site Request Forgery (CSRF) vulnerability in microkid Custom Author URL author-slug allows Stored XSS.This issue affects Custom Author URL: from n/a through <= 2.0.1.
High
CVE-2024-51654
Cross-Site Request Forgery (CSRF) vulnerability in Eric Allen APK Downloader apk-downloader allows Stored XSS.This issue affects APK Downloader: from n/a through <= 1.0.0.
High
CVE-2024-51653
Cross-Site Request Forgery (CSRF) vulnerability in akira1891 UPDATE NOTIFICATIONS update-notifications allows Stored XSS.This issue affects UPDATE NOTIFICATIONS: from n/a through <= 0.3.4.
High
CVE-2024-51652
Cross-Site Request Forgery (CSRF) vulnerability in marckocher Skip To skip-to allows Stored XSS.This issue affects Skip To: from n/a through <= 2.0.0.
High
CVE-2024-51650
Cross-Site Request Forgery (CSRF) vulnerability in scottmydollarplancom Random Featured Post random-featured-post-plugin allows Stored XSS.This issue affects Random Featured Post: from n/a through <=…
High
CVE-2024-51649
Cross-Site Request Forgery (CSRF) vulnerability in Patrick Lumumba Mobilize mobilize allows Stored XSS.This issue affects Mobilize: from n/a through <= 3.0.7.
High
CVE-2024-51648
Cross-Site Request Forgery (CSRF) vulnerability in hands01 e-shops e-shops-cart2 allows Reflected XSS.This issue affects e-shops: from n/a through <= 1.0.3.
High
CVE-2024-51645
Cross-Site Request Forgery (CSRF) vulnerability in themefusecom ThemeFuse Maintenance Mode themefuse-maintenance-mode allows Stored XSS.This issue affects ThemeFuse Maintenance Mode: from n/a through…
High
CVE-2024-51644
Cross-Site Request Forgery (CSRF) vulnerability in samwilson Addressbook addressbook allows Stored XSS.This issue affects Addressbook: from n/a through <= 1.1.3.
High
CVE-2024-51643
Cross-Site Request Forgery (CSRF) vulnerability in ragaskar Amazon Associate Filter amazon-associate-filter allows Stored XSS.This issue affects Amazon Associate Filter: from n/a through <= 0.4.
High
CVE-2024-51642
Cross-Site Request Forgery (CSRF) vulnerability in ivan9146 Seo Free seo-free allows Stored XSS.This issue affects Seo Free: from n/a through <= 1.4.
High
CVE-2024-51641
Cross-Site Request Forgery (CSRF) vulnerability in Juan Camilo Advanced PDF Generator advanced-pdf-generator allows Stored XSS.This issue affects Advanced PDF Generator: from n/a through <= 0.4.0.
High
CVE-2024-51640
Cross-Site Request Forgery (CSRF) vulnerability in Matt Rude MDR Webmaster Tools mdr-webmaster-tools allows Stored XSS.This issue affects MDR Webmaster Tools: from n/a through <= 1.1.
High
CVE-2024-51639
Cross-Site Request Forgery (CSRF) vulnerability in Hints Naver Blog naver-blog-api allows Stored XSS.This issue affects Naver Blog: from n/a through <= 1.0.
High
CVE-2024-51638
Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Awesome Shortcodes For Genesis awesome-shortcodes-for-genesis allows Stored XSS.This issue affects Awesome Shortcodes For Genesis:…
High
CVE-2024-51637
Cross-Site Request Forgery (CSRF) vulnerability in sroyalty Admin SMS Alert admin-sms-alert allows Stored XSS.This issue affects Admin SMS Alert: from n/a through <= 1.1.0.
High
CVE-2024-51636
Cross-Site Request Forgery (CSRF) vulnerability in Z.com byGMO GMO Social Connection gmo-social-connection allows Cross-Site Scripting (XSS).This issue affects GMO Social Connection: from n/a through…
High
CVE-2024-51635
Cross-Site Request Forgery (CSRF) vulnerability in Garmur While Loading while-it-is-loading allows Stored XSS.This issue affects While Loading: from n/a through <= 3.0.
High
CVE-2024-51634
Cross-Site Request Forgery (CSRF) vulnerability in a.ankit Webriti Custom Login webriti-custom-login-page allows Reflected XSS.This issue affects Webriti Custom Login: from n/a through <= 0.3.
High
CVE-2024-51633
Cross-Site Request Forgery (CSRF) vulnerability in ivycat Simple Page Specific Sidebars page-specific-sidebars allows Stored XSS.This issue affects Simple Page Specific Sidebars: from n/a through <=…
High
CVE-2024-51632
Cross-Site Request Forgery (CSRF) vulnerability in Sam Hoe SH Slideshow sh-slideshow allows Stored XSS.This issue affects SH Slideshow: from n/a through <= 4.3.
High
CVE-2024-51631
Cross-Site Request Forgery (CSRF) vulnerability in Md Eftakhairul Islam Sticky Social Bar sticky-social-bar allows Cross Site Request Forgery.This issue affects Sticky Social Bar: from n/a through <=…
High
CVE-2024-50534
Cross-Site Request Forgery (CSRF) vulnerability in techdabang World Prayer Time world-prayer-time allows Stored XSS.This issue affects World Prayer Time: from n/a through <= 2.0.
High
CVE-2024-50533
Cross-Site Request Forgery (CSRF) vulnerability in David Garcia Domain Sharding domain-sharding allows Stored XSS.This issue affects Domain Sharding: from n/a through <= 1.2.1.
Medium
CVE-2024-43338
Cross-Site Request Forgery (CSRF) vulnerability in Automattic Crowdsignal Dashboard – Polls, Surveys & more polldaddy allows Cross Site Request Forgery.This issue affects Crowdsignal Dashboard – Poll…
2024-11-18
High
CVE-2024-52424
Cross-Site Request Forgery (CSRF) vulnerability in sureshdsk wp-login customizer wp-login-customizer allows Stored XSS.This issue affects wp-login customizer: from n/a through <= 1.0.
High
CVE-2024-48962
Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. T…
Low
CVE-2024-5030
The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a…
2024-11-16
High
CVE-2024-52415
Cross-Site Request Forgery (CSRF) vulnerability in skipstorm SK WP Settings Backup sk-wp-settings-backup allows Object Injection.This issue affects SK WP Settings Backup: from n/a through <= 1.0.
Medium
CVE-2024-6628
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to mi…
Medium
CVE-2024-11118
The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePlu…
2024-11-15
High
CVE-2022-20853
A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack o…
Medium
CVE-2023-0737
wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in ve…
2024-11-14
High
CVE-2024-51679
Cross-Site Request Forgery (CSRF) vulnerability in gentlesource Appointmind appointmind allows Stored XSS.This issue affects Appointmind: from n/a through <= 4.0.0.
High
CVE-2024-51659
Cross-Site Request Forgery (CSRF) vulnerability in GeekRMX Twitter @Anywhere Plus twitter-anywhere-plus allows Stored XSS.This issue affects Twitter @Anywhere Plus: from n/a through <= 2.0.
High
CVE-2024-51658
Cross-Site Request Forgery (CSRF) vulnerability in Henrik Hoff WP Course Manager wp-course-manager allows Stored XSS.This issue affects WP Course Manager: from n/a through <= 1.3.
Medium
CVE-2024-51156
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'.
High
CVE-2024-51687
Cross-Site Request Forgery (CSRF) vulnerability in Platform.ly Platform.ly Official platformly allows Stored XSS.This issue affects Platform.ly Official: from n/a through <= 1.1.3.
High
CVE-2024-51684
Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu W3P SEO wp-perfect-plugin allows Stored XSS.This issue affects W3P SEO: from n/a through < 1.8.6.
High
CVE-2024-51688
Cross-Site Request Forgery (CSRF) vulnerability in fraudlabspro FraudLabs Pro SMS Verification fraudlabs-pro-sms-verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from…
Medium
CVE-2024-47914
VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF)
2024-11-13
Medium
CVE-2024-11143
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation…
Medium
CVE-2024-10593
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.…
2024-11-12
Medium
CVE-2024-28731
Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwar…
Medium
CVE-2021-27701
SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery (CSRF) via the Socifi wifi portal. The application does not contain a CSRF token and request validation. An attacker can Add…
Medium
CVE-2024-11125
A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request…
2024-11-11
Medium
CVE-2024-51489
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another…
Medium
CVE-2024-51488
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulner…
High
CVE-2024-51487
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog.…
High
CVE-2024-51485
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins.…
High
CVE-2024-51484
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controlle…
2024-11-09
High
CVE-2024-51647
Cross-Site Request Forgery (CSRF) vulnerability in Chaser324 Featured Posts Scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through 1.25.
High
CVE-2024-51630
Cross-Site Request Forgery (CSRF) vulnerability in Lars Schenk Responsive Flickr Gallery responsive-flickr-gallery allows Stored XSS.This issue affects Responsive Flickr Gallery: from n/a through <=…
2024-11-08
High
CVE-2024-52002
Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. Please refer to the linked GHSA for the complet…
Medium
CVE-2024-51157
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.html.
Critical
CVE-2024-50966
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin.
2024-11-07
High
CVE-2019-20460
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests don't require (anti-)CSRF tokens or other mechanisms for validating that the request is from a legitimate so…
High
CVE-2020-11919
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection.
High
CVE-2024-48950
An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication.
High
CVE-2024-43434
The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability.
2024-11-05
High
CVE-2024-51382
Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform…