Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38457 | 1 Xenforo | 1 Xenforo | 2024-08-01 | N/A | 8.8 HIGH |
| Xenforo before 2.2.16 allows CSRF. | |||||
| CVE-2024-1845 | 1 E4jconnect | 1 Vikrentcar | 2024-08-01 | N/A | 8.8 HIGH |
| The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | |||||
| CVE-2023-49673 | 1 Jenkins | 4 Google Compute Engine, Jira, Matlab and 1 more | 2024-08-01 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password. | |||||
| CVE-2023-24048 | 1 Connectize | 2 Ac21000 G6, Ac21000 G6 Firmware | 2024-08-01 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm. | |||||
| CVE-2023-28335 | 1 Moodle | 1 Moodle | 2024-08-01 | N/A | 8.8 HIGH |
| The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. | |||||
| CVE-2023-25697 | 1 Gamipress | 1 Gamipress | 2024-07-31 | N/A | 6.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 2.5.6. | |||||
| CVE-2024-31902 | 1 Ibm | 1 Infosphere Information Server | 2024-07-31 | N/A | 8.8 HIGH |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234. | |||||
| CVE-2024-3246 | 1 Litespeedtech | 1 Litespeed Cache | 2024-07-30 | N/A | 5.4 MEDIUM |
| The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-6968 | 1 Themoneytizer | 1 The Moneytizer | 2024-07-25 | N/A | 5.4 MEDIUM |
| The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.5.20. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to to update and retrieve billing and bank details, update and reset the plugin's settings, and update languages as well as other lower-severity actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-48320 | 1 Checkmk | 1 Checkmk | 2024-07-23 | N/A | 4.3 MEDIUM |
| Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk <= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an attacker to add new visual elements to multiple pages. | |||||
| CVE-2023-6251 | 1 Checkmk | 1 Checkmk | 2024-07-23 | N/A | 3.5 LOW |
| Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. | |||||
| CVE-2024-35684 | 1 10up | 1 Elasticpress | 2024-07-18 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress.This issue affects ElasticPress: from n/a through 5.1.1. | |||||
| CVE-2024-35689 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2024-07-18 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.2.3. | |||||
| CVE-2024-4474 | 1 Onetarek | 1 Wp Logs Book | 2024-07-17 | N/A | 4.3 MEDIUM |
| The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2024-4475 | 1 Onetarek | 1 Wp Logs Book | 2024-07-17 | N/A | 4.3 MEDIUM |
| The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack | |||||
| CVE-2024-37939 | 2024-07-12 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in VolThemes Patricia Lite.This issue affects Patricia Lite: from n/a through 1.2.3. | |||||
| CVE-2024-37213 | 2024-07-12 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Team Ali2Woo Lite allows Cross-Site Scripting (XSS).This issue affects Ali2Woo Lite: from n/a through 3.3.9. | |||||
| CVE-2024-35773 | 2024-07-12 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WPJohnny, zerOneIT Comment Reply Email allows Cross-Site Scripting (XSS).This issue affects Comment Reply Email: from n/a through 1.3. | |||||
| CVE-2024-37938 | 2024-07-12 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop SociallyViral.This issue affects SociallyViral: from n/a through 1.0.10. | |||||
| CVE-2024-37940 | 2024-07-12 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Accelerator (Full, premium).This issue affects Seraphinite Accelerator (Full, premium): from n/a through 2.21.13. | |||||