Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30787 | 2025-03-27 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup allows Stored XSS. This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through 5.25.08. | |||||
| CVE-2025-30862 | 2025-03-27 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi reCAPTCHA for all allows Cross Site Request Forgery. This issue affects reCAPTCHA for all: from n/a through 2.22. | |||||
| CVE-2025-30815 | 2025-03-27 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Cross Site Request Forgery. This issue affects Hesabfa Accounting: from n/a through 2.1.8. | |||||
| CVE-2025-30811 | 2025-03-27 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify allows Cross Site Request Forgery. This issue affects ValidateCertify: from n/a through 1.6.1. | |||||
| CVE-2023-23750 | 1 Joomla | 1 Joomla\! | 2025-03-26 | N/A | 6.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. | |||||
| CVE-2023-25015 | 2 Clockwork Web Project, Rubyonrails | 2 Clockwork Web, Rails | 2025-03-26 | N/A | 6.5 MEDIUM |
| Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | |||||
| CVE-2024-4382 | 1 Wielebenwir | 1 Commonsbooking | 2025-03-26 | N/A | 6.5 MEDIUM |
| The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks | |||||
| CVE-2021-36443 | 1 Txjia | 1 Imcat | 2025-03-26 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification. | |||||
| CVE-2021-36569 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-03-26 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2. | |||||
| CVE-2021-36570 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-03-26 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---. | |||||
| CVE-2021-36444 | 1 Txjia | 1 Imcat | 2025-03-26 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page. | |||||
| CVE-2021-37234 | 1 Modern Honey Network Project | 1 Modern Honey Network | 2025-03-26 | N/A | 6.5 MEDIUM |
| Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API. | |||||
| CVE-2022-47130 | 1 Creativeitem | 1 Academy Lms | 2025-03-26 | N/A | 4.3 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page. | |||||
| CVE-2022-47131 | 1 Creativeitem | 1 Academy Lms | 2025-03-26 | N/A | 4.8 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page. | |||||
| CVE-2024-42616 | 1 Pligg | 1 Pligg Cms | 2025-03-26 | N/A | 8.8 HIGH |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=remove&widget=Statistics | |||||
| CVE-2024-38276 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-03-26 | N/A | 8.8 HIGH |
| Incorrect CSRF token checks resulted in multiple CSRF risks. | |||||
| CVE-2024-37118 | 1 Uncannyowl | 1 Uncanny Automator | 2025-03-26 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through 5.3. | |||||
| CVE-2025-1530 | 1 Tripetto | 1 Tripetto | 2025-03-25 | N/A | 4.3 MEDIUM |
| The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.0.9. This is due to missing nonce validation. This makes it possible for unauthenticated attackers to delete arbitrary results via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-42584 | 1 Siamonhasan | 1 Warehouse Inventory System | 2025-03-25 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in the component delete_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | |||||
| CVE-2024-45987 | 1 Online Voting System Project | 1 Online Voting System | 2025-03-25 | N/A | 6.5 MEDIUM |
| Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent or knowledge. The attack leverages the user's active session to perform the unauthorized action, compromising the integrity of the voting process. | |||||