Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-20093 | 1 W3eden | 1 Download Manager | 2025-03-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.
|
|||||
| CVE-2022-34347 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A | 4.2 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
|
|||||
| CVE-2022-36288 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A | 5.4 MEDIUM |
|
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
|
|||||
| CVE-2024-13647 | 1 Themesawesome | 1 Sakolawp | 2025-03-21 | N/A | 4.3 MEDIUM |
|
The School Management System – SakolaWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the 'save_exam_setting' and 'delete_exam_setting' actions. This makes it possible for unauthenticated attackers to update exam settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2015-10130 | 1 I13websolution | 1 Team Circle Image Slider With Lightbox | 2025-03-21 | N/A | 5.3 MEDIUM |
|
The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the circle_thumbnail_slider_with_lightbox_image_management_func() function. This makes it possible for unauthenticated attackers to edit image data which can be used to inject malicious JavaScript, along with deleting images, and uploading malicious files via a forged request granted they can trick a site administrator ...
Show More |
|||||
| CVE-2023-22375 | 1 Planex | 2 Cs-wmv02g, Cs-wmv02g Firmware | 2025-03-20 | N/A | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability only affects products that are no longer supported by the developer.
|
|||||
| CVE-2022-29557 | 1 Relx | 1 Firco Compliance Link | 2025-03-20 | N/A | 8.8 HIGH |
|
LexisNexis Firco Compliance Link 3.7 allows CSRF.
|
|||||
| CVE-2024-34814 | 1 Brizy | 1 Unyson | 2025-03-20 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFuse Unyson.This issue affects Unyson: from n/a through 2.7.29.
|
|||||
| CVE-2021-33396 | 1 Baijiacms Project | 1 Baijiacms | 2025-03-20 | N/A | 6.5 MEDIUM |
|
Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php.
|
|||||
| CVE-2023-47652 | 1 Flamescorpion | 1 Auto Affiliate Links | 2025-03-20 | N/A | 7.1 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links allows Stored XSS.This issue affects Auto Affiliate Links: from n/a through 6.4.2.4.
|
|||||
| CVE-2023-22689 | 1 Flamescorpion | 1 Auto Affiliate Links | 2025-03-20 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions.
|
|||||
| CVE-2023-25973 | 1 Flamescorpion | 1 Auto Affiliate Links | 2025-03-20 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3.0.2 versions.
|
|||||
| CVE-2024-9365 | 2025-03-20 | N/A | 6.5 MEDIUM | ||
|
A Cross-Site Request Forgery (CSRF) vulnerability in polyaxon/polyaxon v2.4.0 allows attackers to perform unauthorized actions in the context of the victim's browser. This includes creating projects, model versions, and artifact versions, or changing settings. The impact of this vulnerability includes potential data loss and service disruption.
|
|||||
| CVE-2024-8489 | 2025-03-20 | N/A | 8.8 HIGH | ||
|
A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery (CSRF) due to overly permissive CORS headers. This issue affects the latest commit on the main branch (21161fe). The vulnerability permits an attacker to access all backend endpoints, including the `api/file` endpoint, enabling the reading of arbitrary files on the target's local file system through CSRF.
|
|||||
| CVE-2024-8065 | 2025-03-20 | N/A | 8.1 HIGH | ||
|
A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of danswer-ai/danswer allows attackers to perform unauthorized actions in the context of the victim's browser. This includes connecting the victim's application with a malicious Slack Bot, inviting users, and deleting chats, among other actions. The application does not implement any CSRF protection, making it susceptible to these attacks.
|
|||||
| CVE-2024-6841 | 2025-03-20 | N/A | 6.5 MEDIUM | ||
|
A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest commit (56b782bcefd2e59b19cd7ba7878b95f54884f502) of the vanna-ai/vanna repository. Two endpoints in the built-in web app that provide SQL functionality are implemented as simple GET requests, making them susceptible to CSRF attacks. This vulnerability allows an attacker to run arbitrary SQL commands via CSRF without the target intending to expose the web app to the network or other users. The impact is limited to data altera ...
Show More |
|||||
| CVE-2025-1314 | 2025-03-20 | N/A | 4.3 MEDIUM | ||
|
The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5. This is due to missing or incorrect nonce validation on the ctf_clear_cache_admin() function. This makes it possible for unauthenticated attackers to reset the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2024-10521 | 1 Cimatti | 1 Wordpress Contact Forms | 2025-03-19 | N/A | 4.3 MEDIUM |
|
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the process_bulk_action function. This makes it possible for unauthenticated attackers to delete forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2025-1383 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | N/A | 4.3 MEDIUM |
|
The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajax_transcript_delete() function. This makes it possible for unauthenticated attackers to delete arbitrary episode transcripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2024-6244 | 1 Projectzealous | 1 Pz Frontend Manager | 2025-03-19 | N/A | 8.8 HIGH |
|
The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
|
|||||
| CVE-2024-30454 | 1 Veronalabs | 1 Wp Sms | 2025-03-19 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.6.2.
|
|||||
| CVE-2024-32712 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | N/A | 7.5 HIGH |
|
Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14.
|
|||||
| CVE-2023-25480 | 1 Boldgrid | 1 Post And Page Builder | 2025-03-19 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.24.1 versions.
|
|||||
| CVE-2024-56222 | 1 Codebard | 1 Codebard Help Desk | 2025-03-19 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Codebard CodeBard Help Desk allows Cross Site Request Forgery.This issue affects CodeBard Help Desk: from n/a through 1.1.1.
|
|||||
| CVE-2023-25767 | 1 Jenkins | 1 Azure Credentials | 2025-03-19 | N/A | 8.8 HIGH |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server.
|
|||||
| CVE-2024-43984 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | N/A | 9.6 CRITICAL |
|
Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.
|
|||||
| CVE-2023-23847 | 1 Jenkins | 1 Synopsys Coverity | 2025-03-19 | N/A | 3.5 LOW |
|
A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
|
|||||
| CVE-2025-28868 | 1 Condenast | 1 Ziplist Recipe | 2025-03-19 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in ZipList ZipList Recipe allows Cross Site Request Forgery. This issue affects ZipList Recipe: from n/a through 3.1.
|
|||||
| CVE-2025-28866 | 1 Smerriman | 1 Login Logger | 2025-03-19 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in smerriman Login Logger allows Cross Site Request Forgery. This issue affects Login Logger: from n/a through 1.2.1.
|
|||||
| CVE-2025-28864 | 1 Planetstudio | 1 Builder For Contact Form 7 | 2025-03-19 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Planet Studio Builder for Contact Form 7 by Webconstruct allows Cross Site Request Forgery. This issue affects Builder for Contact Form 7 by Webconstruct: from n/a through 1.2.2.
|
|||||
| CVE-2025-28863 | 1 Carlosminatti | 1 Delete Original Image | 2025-03-19 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Carlos Minatti Delete Original Image allows Cross Site Request Forgery. This issue affects Delete Original Image: from n/a through 0.4.
|
|||||
| CVE-2025-28862 | 1 Venugopal | 1 Comment Date And Gravatar Remover | 2025-03-19 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Comment Date and Gravatar remover allows Cross Site Request Forgery. This issue affects Comment Date and Gravatar remover: from n/a through 1.0.
|
|||||
| CVE-2025-28861 | 1 Bhzad | 1 Wp Jquery Persian Datepicker | 2025-03-19 | N/A | 7.1 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in bhzad WP jQuery Persian Datepicker allows Stored XSS. This issue affects WP jQuery Persian Datepicker: from n/a through 0.1.0.
|
|||||
| CVE-2025-28860 | 1 Ppdpurveyor | 1 Google News Editors Picks Feed Generator | 2025-03-19 | N/A | 7.1 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in PPDPurveyor Google News Editors Picks Feed Generator allows Stored XSS. This issue affects Google News Editors Picks Feed Generator: from n/a through 2.1.
|
|||||
| CVE-2025-28859 | 1 Codevibrant | 1 Maintenance Notice | 2025-03-19 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in CodeVibrant Maintenance Notice allows Cross Site Request Forgery. This issue affects Maintenance Notice: from n/a through 1.0.5.
|
|||||
| CVE-2025-28857 | 1 Rankchecker | 1 Rankchecker | 2025-03-19 | N/A | 7.1 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration allows Stored XSS. This issue affects Rankchecker.io Integration: from n/a through 1.0.9.
|
|||||
| CVE-2024-13933 | 2025-03-19 | N/A | 8.8 HIGH | ||
|
The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. This is due to missing or incorrect nonce validation on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore, and theme_option_rest_all functions. This makes it possible ...
Show More |
|||||
| CVE-2025-28867 | 1 Stesvis | 1 Frontpage Category Filter | 2025-03-18 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter allows Cross Site Request Forgery. This issue affects Frontpage category filter: from n/a through 1.0.2.
|
|||||
| CVE-2024-23737 | 1 Savignano | 1 S-notify | 2025-03-18 | N/A | 5.4 MEDIUM |
|
Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email.
|
|||||
| CVE-2025-2420 | 2025-03-18 | 5.0 MEDIUM | 4.3 MEDIUM | ||
|
A vulnerability classified as problematic was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
|
|||||