Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25379 | 1 07fly | 1 07flycms | 2025-04-15 | N/A | 9.6 CRITICAL |
|
Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component.
|
|||||
| CVE-2024-57611 | 1 07fly | 1 07flycms | 2025-04-15 | N/A | 3.5 LOW |
|
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId.
|
|||||
| CVE-2024-57159 | 1 07fly | 1 07flycms | 2025-04-15 | N/A | 3.5 LOW |
|
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html.
|
|||||
| CVE-2024-33651 | 1 Mf Gig Calendar Project | 1 Mf Gig Calendar | 2025-04-15 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through 1.2.1.
|
|||||
| CVE-2025-2871 | 2025-04-15 | N/A | 4.3 MEDIUM | ||
|
The WordPress Mega Menu – QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajax_dismiss_notice() function. This makes it possible for unauthenticated attackers to update any user meta to a value of one, including wp_capabilities which could result in a privilege deescalation of an administrator, via a forged request granted they can trick a site administrator into per ...
Show More |
|||||
| CVE-2025-30965 | 2025-04-15 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Cross Site Request Forgery. This issue affects WPJobBoard: from n/a through n/a.
|
|||||
| CVE-2025-27009 | 2025-04-15 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro allows Stored XSS.This issue affects My auctions allegro: from n/a through 3.6.20.
|
|||||
| CVE-2024-34957 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 5.4 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.
|
|||||
| CVE-2024-34958 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 6.5 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add
|
|||||
| CVE-2024-35011 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 5.4 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close.
|
|||||
| CVE-2024-35012 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 6.3 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.
|
|||||
| CVE-2024-35039 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 3.8 LOW |
|
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.
|
|||||
| CVE-2024-35108 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 8.8 HIGH |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.
|
|||||
| CVE-2024-35109 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 6.5 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.
|
|||||
| CVE-2024-36670 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 8.8 HIGH |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del
|
|||||
| CVE-2024-39019 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 5.4 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/idcProData_deal.php?mudi=del
|
|||||
| CVE-2024-39020 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 6.3 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/vpsApiData_deal.php?mudi=rev&nohrefStr=close
|
|||||
| CVE-2024-39021 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 5.4 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApiData_deal.php?mudi=del
|
|||||
| CVE-2024-39022 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 8.8 HIGH |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/infoSys_deal.php?mudi=deal
|
|||||
| CVE-2024-39023 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 8.8 HIGH |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/info_deal.php?mudi=add&nohrefStr=close
|
|||||
| CVE-2024-39119 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 5.4 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close.
|
|||||
| CVE-2024-39153 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 4.7 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN.
|
|||||
| CVE-2024-39154 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 8.8 HIGH |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN.
|
|||||
| CVE-2024-39155 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 6.8 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add.
|
|||||
| CVE-2024-39156 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 3.8 LOW |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.
|
|||||
| CVE-2024-39157 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 3.8 LOW |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.
|
|||||
| CVE-2024-39158 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 8.8 HIGH |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet.
|
|||||
| CVE-2024-40035 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 5.9 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.
|
|||||
| CVE-2024-40038 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 5.3 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev
|
|||||
| CVE-2024-40328 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 6.3 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6
|
|||||
| CVE-2024-40329 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 8.8 HIGH |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup
|
|||||
| CVE-2024-40331 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 8.8 HIGH |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup
|
|||||
| CVE-2024-33829 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 5.4 MEDIUM |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.
|
|||||
| CVE-2024-35010 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 8.8 HIGH |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6.
|
|||||
| CVE-2024-35009 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 8.8 HIGH |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.
|
|||||
| CVE-2024-33830 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 8.1 HIGH |
|
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache.
|
|||||
| CVE-2022-46491 | 1 Nbnbk Project | 1 Nbnbk | 2025-04-15 | N/A | 6.5 MEDIUM |
|
A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts.
|
|||||
| CVE-2022-2846 | 1 Dwbooster | 1 Calendar Event Multi View | 2025-04-15 | N/A | 4.3 MEDIUM |
|
The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it.
|
|||||
| CVE-2022-46853 | 1 Radiustheme | 1 The Post Grid | 2025-04-15 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 5.0.4 versions.
|
|||||
| CVE-2022-4124 | 1 Popup Manager Project | 1 Popup Manager | 2025-04-14 | N/A | 4.3 MEDIUM |
|
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them
|
|||||