Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-2911 | 2024-09-09 | N/A | N/A | ||
| A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8414 | 1 Munyweki | 1 Insurance Management System | 2024-09-06 | N/A | 4.3 MEDIUM |
| A vulnerability has been found in SourceCodester Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-42792 | 1 Lopalopa | 1 Music Management System | 2024-09-05 | N/A | 3.5 LOW |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page. | |||||
| CVE-2023-6503 | 1 Paulgriffinpetty | 1 Wp Plugin Lister | 2024-09-05 | N/A | 5.4 MEDIUM |
| The WP Plugin Lister WordPress plugin through 2.1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||
| CVE-2023-46777 | 1 Featherplugins | 1 Custom Login Page \| Temporary Users \| Rebrand Login \| Login Captcha | 2024-09-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin <= 1.1.3 versions. | |||||
| CVE-2023-46775 | 1 Zixn | 1 Original Texts Yandex Webmaster | 2024-09-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin <= 1.18 versions. | |||||
| CVE-2023-46776 | 1 Josie | 1 Auto Excerpt Everywhere | 2024-09-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin <= 1.5 versions. | |||||
| CVE-2023-47182 | 1 Nazmulhossainnihal | 1 Login Screen Manager | 2024-09-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin <= 3.5.2 versions. | |||||
| CVE-2023-46778 | 1 Thefreewindows | 1 Auto Limit Posts Reloaded | 2024-09-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in TheFreeWindows Auto Limit Posts Reloaded plugin <= 2.5 versions. | |||||
| CVE-2023-32093 | 1 Tpginc | 1 Tpg Redirect | 2024-09-04 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Criss Swaim TPG Redirect plugin <= 1.0.7 versions. | |||||
| CVE-2023-32125 | 1 Danielpowney | 1 Multi Rating | 2024-09-04 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions. | |||||
| CVE-2023-34171 | 1 Esiteq | 1 Wp Report Post | 2024-09-04 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2 versions. | |||||
| CVE-2023-32500 | 1 Xtemos | 1 Woodmart | 2024-09-04 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme <= 7.1.1 versions. | |||||
| CVE-2023-32501 | 1 Vikwp | 1 Vikbooking Hotel Booking Engine \& Pms | 2024-09-04 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.6.1 versions. | |||||
| CVE-2024-43947 | 1 Dineshkarki | 1 Wp Armour Extended | 2024-09-04 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26. | |||||
| CVE-2024-6751 | 1 Wpwebinfotech | 1 Social Auto Poster | 2024-09-03 | N/A | 6.5 MEDIUM |
| The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options. | |||||
| CVE-2023-32602 | 1 Lokalyze | 1 Call Me Now | 2024-09-03 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in LOKALYZE CALL ME NOW plugin <= 3.0 versions. | |||||
| CVE-2024-8319 | 1 Themeific | 1 Tourfic | 2024-09-03 | N/A | 4.3 MEDIUM |
| The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tf_order_status_email_resend_function, tf_visitor_details_edit_function, tf_checkinout_details_edit_function, tf_order_status_edit_function, tf_order_bulk_action_edit_function, tf_remove_room_order_ids, and tf_delete_old_review_fields functions. This makes it possible for unauthenticated attackers to resend order status emails, update visitor/order details, edit check-in/out details, edit order status, perform bulk order status updates, remove room order IDs, and delete old review fields, respectively, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-22593 | 1 Flycms Project | 1 Flycms | 2024-08-30 | N/A | 8.8 HIGH |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save | |||||
| CVE-2024-42793 | 1 Lopalopa | 1 Music Management System | 2024-08-30 | N/A | 8.0 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page. | |||||