Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11341 | 2024-12-05 | N/A | 4.3 MEDIUM | ||
| The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings_page() function. This makes it possible for unauthenticated attackers to update the plugin's settings and redirect all site visitors via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-11743 | 1 Mayurik | 1 Best House Rental Management System | 2024-12-04 | N/A | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=delete_user of the component POST Request Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11673 | 1 1000projects | 1 Bookstore Management System | 2024-12-04 | N/A | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in 1000 Projects Bookstore Management System 1.0. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-47879 | 1 Openrefine | 1 Openrefine | 2024-12-04 | N/A | 8.8 HIGH |
| OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `preview-expression` command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can contain arbitrary Clojure or Python code. The attacker must know a valid project ID of a project that contains at least one row, and the attacker must convince the victim to open a malicious webpage. Version 3.8.3 fixes the issue. | |||||
| CVE-2024-10832 | 2024-12-04 | N/A | 6.1 MEDIUM | ||
| The Posti Shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.10.3. This is due to missing or incorrect nonce validation on the generate_notices_html() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-11813 | 2024-12-04 | N/A | 6.1 MEDIUM | ||
| The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation on the amin_chat_button_settings_page() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-53710 | 2024-12-02 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ITERAS ITERAS allows Stored XSS.This issue affects ITERAS: from n/a through 1.7.0. | |||||
| CVE-2024-53753 | 2024-12-02 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in CultBooking CultBooking Hotel Booking Engine allows Stored XSS.This issue affects CultBooking Hotel Booking Engine: from n/a through 2.1. | |||||
| CVE-2024-53711 | 2024-12-02 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Jean-Marc BIANCA Hotlink2Watermark allows Stored XSS.This issue affects Hotlink2Watermark: from n/a through 0.3.2. | |||||
| CVE-2024-53755 | 2024-12-02 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Andrea Pernici Third Party Cookie Eraser allows Stored XSS.This issue affects Third Party Cookie Eraser: from n/a through 1.0.2. | |||||
| CVE-2024-53715 | 2024-12-02 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Simple Travel Map allows Stored XSS.This issue affects Simple Travel Map: from n/a through 0.1. | |||||
| CVE-2024-53769 | 2024-12-02 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Ludovic RIAUDEL Custom Post Type to Map Store allows Stored XSS.This issue affects Custom Post Type to Map Store: from n/a through 1.1.0. | |||||
| CVE-2024-53729 | 2024-12-02 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Plumeria Web Design Blizzard Quotes allows Stored XSS.This issue affects Blizzard Quotes: from n/a through 1.3. | |||||
| CVE-2024-53775 | 2024-12-02 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in TannerRitchie Web Applications/DancePress DancePress (TRWA) allows Cross Site Request Forgery.This issue affects DancePress (TRWA): from n/a through 3.1.11. | |||||
| CVE-2024-52477 | 2024-12-02 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in No-nonsense Labs Document & Data Automation allows Stored XSS.This issue affects Document & Data Automation: from n/a through 1.6.1. | |||||
| CVE-2024-53770 | 2024-12-02 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Peter MacIntyre RingCentral Communications allows Stored XSS.This issue affects RingCentral Communications: from n/a through 1.6.1. | |||||
| CVE-2024-53779 | 2024-12-02 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Max Engel Yahoo! WebPlayer allows Stored XSS.This issue affects Yahoo! WebPlayer: from n/a through 2.0.6. | |||||
| CVE-2024-53789 | 2024-12-02 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Ritesh Sanap Advanced What should we write next about allows Stored XSS.This issue affects Advanced What should we write next about: from n/a through 1.0.3. | |||||
| CVE-2024-53720 | 2024-12-02 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ole1986 , MachineITSvcs WP-ISPConfig 3 allows Stored XSS.This issue affects WP-ISPConfig 3: from n/a through 1.5.6. | |||||
| CVE-2024-53782 | 2024-12-02 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in CMSaccount Photo Video Store allows Cross-Site Scripting (XSS).This issue affects Photo Video Store: from n/a through 21.07. | |||||