Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47677 | 2 Level1, Realtek | 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit | 2024-07-11 | N/A | 8.8 HIGH |
| A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2023-45651 | 1 Marcomilesi | 1 Wp Attachments | 2024-07-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11. | |||||
| CVE-2023-27433 | 1 Yasglobal | 1 Make Paths Relative | 2024-07-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Make Paths Relative allows Cross Site Request Forgery.This issue affects Make Paths Relative: from n/a through 1.3.0. | |||||
| CVE-2024-37923 | 2024-07-09 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Cliengo – Chatbot.This issue affects Cliengo – Chatbot: from n/a through 3.0.1. | |||||
| CVE-2024-5767 | 1 Sitetweet Project | 1 Sitetweet | 2024-07-09 | N/A | 8.8 HIGH |
| The sitetweet WordPress plugin through 0.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | |||||
| CVE-2024-4969 | 1 Devnath Verma | 1 Widget Bundle | 2024-07-08 | N/A | 4.3 MEDIUM |
| The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack | |||||
| CVE-2024-2233 | 1 2code | 1 Himer | 2024-07-08 | N/A | 4.3 MEDIUM |
| The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group | |||||
| CVE-2024-2235 | 1 2code | 1 Himer | 2024-07-08 | N/A | 4.3 MEDIUM |
| The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack | |||||
| CVE-2024-2376 | 1 2code | 1 Wpqa Builder | 2024-07-08 | N/A | 8.8 HIGH |
| The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | |||||
| CVE-2024-2040 | 1 2code | 1 Himer | 2024-07-08 | N/A | 4.3 MEDIUM |
| The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack | |||||
| CVE-2023-28696 | 1 Themeist | 1 I Recommend This | 2024-07-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend This allows Cross Site Request Forgery.This issue affects I Recommend This: from n/a through 3.9.0. | |||||
| CVE-2023-26531 | 1 Wbolt | 1 All-in-one Search Automatic Push Management | 2024-07-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in ??? ?????????????-??Baidu/Google/Bing/IndexNow/Yandex/?? allows Cross Site Request Forgery.This issue affects ?????????????-??Baidu/Google/Bing/IndexNow/Yandex/??: from n/a through 4.2.7. | |||||
| CVE-2024-5943 | 1 Kylephillips | 1 Nested Pages | 2024-07-05 | N/A | 8.8 HIGH |
| The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for unauthenticated attackers to call local php files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-4543 | 1 Yeken | 1 Snippet Shortcodes | 2024-07-03 | N/A | 4.3 MEDIUM |
| The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-24524 | 1 Flusity | 1 Flusity | 2024-07-03 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component. | |||||
| CVE-2021-45785 | 1 Trudesk Project | 1 Trudesk | 2024-07-03 | N/A | 6.5 MEDIUM |
| TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage. | |||||
| CVE-2024-35772 | 1 Presscustomizr | 1 Hueman | 2024-06-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects Hueman: from n/a through 3.7.24. | |||||
| CVE-2024-35771 | 1 Presscustomizr | 1 Customizr | 2024-06-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through 4.4.21. | |||||
| CVE-2024-35770 | 1 Davekiss | 1 Vimeography | 2024-06-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.This issue affects Vimeography: Vimeo Video Gallery WordPress Plugin: from n/a through 2.4.1. | |||||
| CVE-2024-37230 | 1 Rarathemes | 1 Book Landing Page | 2024-06-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through 1.2.3. | |||||