Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-51638 | 2024-11-19 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Awesome Shortcodes For Genesis allows Stored XSS.This issue affects Awesome Shortcodes For Genesis: from n/a through .8. | |||||
| CVE-2024-51648 | 2024-11-19 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Hands, Inc e-shops allows Reflected XSS.This issue affects e-shops: from n/a through 1.0.3. | |||||
| CVE-2024-51657 | 2024-11-19 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Woopy Plugins SmartLink Dynamic URLs allows Stored XSS.This issue affects SmartLink Dynamic URLs: from n/a through 1.1.0. | |||||
| CVE-2024-50534 | 2024-11-19 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Syed Umair Hussain Shah World Prayer Time allows Stored XSS.This issue affects World Prayer Time: from n/a through 2.0. | |||||
| CVE-2024-51643 | 2024-11-19 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rajan Agaskar Amazon Associate Filter allows Stored XSS.This issue affects Amazon Associate Filter: from n/a through 0.4. | |||||
| CVE-2024-51644 | 2024-11-19 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Sam Wilson Addressbook allows Stored XSS.This issue affects Addressbook: from n/a through 1.1.3. | |||||
| CVE-2024-51655 | 2024-11-19 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Microkid Custom Author URL allows Stored XSS.This issue affects Custom Author URL: from n/a through 2.0.1. | |||||
| CVE-2024-51653 | 2024-11-19 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Mario Spinaci UPDATE NOTIFICATIONS allows Stored XSS.This issue affects UPDATE NOTIFICATIONS: from n/a through 0.3.4. | |||||
| CVE-2024-52402 | 2024-11-19 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Cliconomics Exclusive Content Password Protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content Password Protect: from n/a through 1.1.0. | |||||
| CVE-2024-52388 | 2024-11-19 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Mike “Mikeage” Miller Hebrew Date allows Stored XSS.This issue affects Hebrew Date: from n/a through 2.1.0. | |||||
| CVE-2024-52420 | 2024-11-19 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Disable Admin Notices individually allows Cross Site Request Forgery.This issue affects Disable Admin Notices individually: from n/a through 1.3.5. | |||||
| CVE-2022-47424 | 2024-11-19 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1. | |||||
| CVE-2024-51679 | 1 Appointmind | 1 Appointmind | 2024-11-19 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in GentleSource Appointmind allows Stored XSS.This issue affects Appointmind: from n/a through 4.0.0. | |||||
| CVE-2023-0737 | 1 Wallabag | 1 Wallabag | 2024-11-19 | N/A | 6.5 MEDIUM |
| wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4. | |||||
| CVE-2021-4164 | 1 Janeczku | 1 Calibre-web | 2024-11-19 | 6.8 MEDIUM | 8.8 HIGH |
| calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-25965 | 1 Janeczku | 1 Calibre-web | 2024-11-19 | 6.8 MEDIUM | 8.8 HIGH |
| In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application. | |||||
| CVE-2024-52415 | 2024-11-18 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Skpstorm SK WP Settings Backup allows Object Injection.This issue affects SK WP Settings Backup: from n/a through 1.0. | |||||
| CVE-2024-11118 | 2024-11-18 | N/A | 5.3 MEDIUM | ||
| The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePluginSettings() function. This makes it possible for unauthenticated attackers to make changes to plugin settings and clear up all the error logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-11143 | 1 Kognetiks | 1 Kognetiks Chatbot | 2024-11-18 | N/A | 4.3 MEDIUM |
| The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation on the update_assistant, add_new_assistant, and delete_assistant functions. This makes it possible for unauthenticated attackers to modify assistants via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-11125 | 1 Get-simple | 1 Getsimplecms | 2024-11-15 | N/A | 4.3 MEDIUM |
| A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||