Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43117 | 1 Wpmudev | 1 Hummingbird | 2024-09-18 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1.
|
|||||
| CVE-2024-8120 | 1 Imagerecycle | 1 Imagerecycle Pdf \& Image Compression | 2024-09-17 | N/A | 4.3 MEDIUM |
|
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14. This is due to missing or incorrect nonce validation on several functions in the class/class-image-otimizer.php file. This makes it possible for unauthenticated attackers to update plugin settings along with performing other actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a li ...
Show More |
|||||
| CVE-2024-43255 | 1 Stormhillmedia | 1 Mybook Table Bookstore | 2024-09-17 | N/A | 6.1 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore allows Cross-Site Scripting (XSS).This issue affects MyBookTable Bookstore: from n/a through 3.3.9.
|
|||||
| CVE-2024-6017 | 1 Scriptonite | 1 Music Request Manager | 2024-09-13 | N/A | 6.1 MEDIUM |
|
The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
|
|||||
| CVE-2024-7420 | 1 Xyzscripts | 1 Insert Php Code Snippet | 2024-09-13 | N/A | 6.5 MEDIUM |
|
The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation in the /admin/snippets.php file. This makes it possible for unauthenticated attackers to activate/deactivate and delete code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2023-3408 | 1 Bricksbuilder | 1 Bricks | 2024-09-13 | N/A | 4.3 MEDIUM |
|
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'save_settings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including enabling a setting which allows lower-privileged users such as contributors to perform code execution, via a forged request granted they can trick a site administrator into performing an action such as c ...
Show More |
|||||
| CVE-2023-3409 | 1 Bricksbuilder | 1 Bricks | 2024-09-13 | N/A | 4.3 MEDIUM |
|
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2024-43325 | 1 Naiches | 1 Dark Mode For Wp Dashboard | 2024-09-12 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in Naiche Dark Mode for WP Dashboard.This issue affects Dark Mode for WP Dashboard: from n/a through 1.2.3.
|
|||||
| CVE-2024-43316 | 1 Checkoutplugins | 1 Stripe Payments For Woocommerce | 2024-09-12 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1.
|
|||||
| CVE-2024-43299 | 1 Softaculous | 1 Speedycache | 2024-09-12 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Team SpeedyCache.This issue affects SpeedyCache: from n/a through 1.1.8.
|
|||||
| CVE-2024-43295 | 1 Wpdataaccess | 1 Wp Data Access | 2024-09-12 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Passionate Programmers B.V. WP Data Access.This issue affects WP Data Access: from n/a through 5.5.7.
|
|||||
| CVE-2024-43287 | 1 Sendinblue | 1 Newsletter\, Smtp\, Email Marketing And Subscribe | 2024-09-12 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.82.
|
|||||
| CVE-2024-43269 | 1 Wpbackitup | 1 Backup And Restore Wordpress | 2024-09-12 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in WPBackItUp Backup and Restore WordPress.This issue affects Backup and Restore WordPress: from n/a through 1.50.
|
|||||
| CVE-2024-43265 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2024-09-12 | N/A | 3.5 LOW |
|
Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.3.1.
|
|||||
| CVE-2024-6852 | 1 Ngothang | 1 Wp Multitasking | 2024-09-11 | N/A | 4.3 MEDIUM |
|
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|
|||||
| CVE-2024-6853 | 1 Ngothang | 1 Wp Multitasking | 2024-09-11 | N/A | 4.3 MEDIUM |
|
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack
|
|||||
| CVE-2024-6855 | 1 Ngothang | 1 Wp Multitasking | 2024-09-11 | N/A | 4.3 MEDIUM |
|
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack
|
|||||
| CVE-2024-6856 | 1 Ngothang | 1 Wp Multitasking | 2024-09-11 | N/A | 4.3 MEDIUM |
|
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|
|||||
| CVE-2024-6925 | 1 Themetechmount | 1 Truebooker | 2024-09-11 | N/A | 4.3 MEDIUM |
|
The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
|
|||||
| CVE-2024-8414 | 1 Munyweki | 1 Insurance Management System | 2024-09-06 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability has been found in SourceCodester Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-42792 | 1 Lopalopa | 1 Music Management System | 2024-09-05 | N/A | 3.5 LOW |
|
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page.
|
|||||
| CVE-2024-8319 | 1 Themeific | 1 Tourfic | 2024-09-03 | N/A | 4.3 MEDIUM |
|
The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tf_order_status_email_resend_function, tf_visitor_details_edit_function, tf_checkinout_details_edit_function, tf_order_status_edit_function, tf_order_bulk_action_edit_function, tf_remove_room_order_ids, and tf_delete_old_review_fields functions. This makes it possible for unauthenticated attackers to resend order ...
Show More |
|||||
| CVE-2024-42793 | 1 Lopalopa | 1 Music Management System | 2024-08-30 | N/A | 8.0 HIGH |
|
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.
|
|||||
| CVE-2024-8200 | 1 Smashballoon | 1 Reviews Feed | 2024-08-30 | N/A | 4.3 MEDIUM |
|
The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'update_api_key' function. This makes it possible for unauthenticated attackers to update an API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2024-45264 | 1 Skyss | 1 Arfa-cms | 2024-08-30 | N/A | 8.8 HIGH |
|
A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges.
|
|||||
| CVE-2024-43336 | 1 Wpusermanager | 1 Wp User Manager | 2024-08-27 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager.This issue affects WP User Manager: from n/a through 2.9.10.
|
|||||
| CVE-2024-43337 | 1 Getbrave | 1 Brave | 2024-08-27 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.7.0.
|
|||||
| CVE-2024-43339 | 1 Webinarpress | 1 Webinarpress | 2024-08-27 | N/A | 6.1 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress allows Cross-Site Scripting (XSS).This issue affects WebinarPress: from n/a through 1.33.20.
|
|||||
| CVE-2024-43340 | 1 Advancedformintegration | 1 Advanced Form Integration | 2024-08-27 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Nasirahmed Advanced Form Integration.This issue affects Advanced Form Integration: from n/a through 1.89.4.
|
|||||
| CVE-2024-43356 | 1 Bobbingwide | 1 Oik | 2024-08-27 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide.This issue affects oik: from n/a through 4.12.0.
|
|||||
| CVE-2024-40886 | 1 Mattermost | 1 Mattermost | 2024-08-23 | N/A | 8.8 HIGH |
|
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console.
|
|||||
| CVE-2024-39744 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2024-08-23 | N/A | 4.3 MEDIUM |
|
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
|
|||||
| CVE-2024-42604 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | N/A | 8.8 HIGH |
|
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3
|
|||||
| CVE-2024-42608 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | N/A | 8.8 HIGH |
|
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php.
|
|||||
| CVE-2024-42579 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-21 | N/A | 8.8 HIGH |
|
A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
|
|||||
| CVE-2024-42577 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-21 | N/A | 8.8 HIGH |
|
A Cross-Site Request Forgery (CSRF) in the component add_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
|
|||||
| CVE-2024-42580 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-21 | N/A | 8.8 HIGH |
|
A Cross-Site Request Forgery (CSRF) in the component edit_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
|
|||||
| CVE-2024-42581 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-21 | N/A | 8.8 HIGH |
|
A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
|
|||||
| CVE-2024-42582 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-21 | N/A | 8.8 HIGH |
|
A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
|
|||||
| CVE-2024-42583 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-21 | N/A | 8.8 HIGH |
|
A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
|
|||||