Каталоги
В сервис интегрированы наиболее популярные публичных базы знаний:
- Сертификаты СЗИ - Государственный реестр сертифицированных средств защиты информации опубликованный Федеральной службой по техническому и экспортному контролю, может быть использован для контроля актуальности используемых СЗИ в организации.
- CVE уязвимости - общедоступная публичная база уязвимостей Common Vulnerabilities and Exposures (CVE). Миссия программы CVE заключается в выявлении, определении и каталогизации публично раскрываемых уязвимостей в сфере кибербезопасности. Для каждой уязвимости в каталоге существует одна запись CVE. Уязвимости обнаруживаются, затем присваиваются и публикуются организациями по всему миру, которые сотрудничают с программой CVE. Партнеры публикуют записи CVE для единообразного описания уязвимостей. Специалисты в области информационных технологий и кибербезопасности используют записи CVE, чтобы убедиться, что они обсуждают одну и ту же проблему, и координировать свои усилия по определению приоритетности и устранению уязвимостей.
- БДУ ФСТЭК уязвимости - раздел Уязвимости Банка данных уязвимостей опубликованная Федеральной службой по техническому и экспортному контролю совместно с Государственным научно-исследовательским испытательным институтом проблем технической защиты информации. Одной из целей создания банка данных угроз безопасности информации является объединение специалистов в области информационной безопасности для решения задач повышения защищенности информационных систем.
- НКЦКИ уязвимости - общедоступная публичная база уязвимостей Национального координационного центра по компьютерным инцидентам (НКЦКИ), обеспечивающего координацию деятельности субъектов КИИ по обнаружению, предупреждению, ликвидации последствий компьютерных атак и реагированию на компьютерные инциденты.
- MITRE ATT&CK – Adversarial Tactics, Techniques & Common Knowledge – Тактики, техники и общеизвестные знания о злоумышленниках. Это основанная на реальных наблюдениях база знаний компании Mitre, содержащая описание тактик, приемов и методов, используемых киберпреступниками. База создана в 2013 году и регулярно обновляется, цель – составление структурированной матрицы используемых киберпреступниками приемов, чтобы упростить задачу реагирования на киберинциденты.
- БДУ ФСТЭК и Новая БДУ ФСТЭК – раздел Угрозы Банка данных угроз, опубликованный в 2015 году Федеральной службой по техническому и экспортному контролю и Государственным научно-исследовательским испытательным институтом проблем технической защиты информации, обязателен при моделировании угроз при построении систем защиты персональных данных, критической информационной инфраструктуры, государственных информационных систем.
CVE, БДУ ФСТЭК и НКЦКИ
Каталоги CVE уязвимости, БДУ ФСТЭК уязвимости и НКЦКИ уязвимости предоставляют дополнительный контент и обогащают информацией описание уязвимостей от сканеров в модуле Технические уязвимости.
Интерфейс каталогов идентичен и содержит следующие блоки:
- Метрики:
- Найденные уязвимости – отображает количество найденных в отчетах от сканеров уязвимостей которые связаны с уязвимостями из каталога, при нажатии на виджет перенаправляет в модуль Технические уязвимости с установленным фильтром по названию каталога (тип фильтра Группа уязвимостей);
- Уязвимые хосты – отображает количество хостов на которых обнаружены уязвимости связанные с уязвимостями из каталога, при нажатии на виджет перенаправляет в модуль Технические уязвимости с установленным фильтром по названию каталога (тип фильтра Группа уязвимостей).
- Табличную часть Каталог уязвимостей:
- Фильтр по полю Идентификатор - особенностью данного фильтра является автоматический разбор текста с последующим извлечением из текста идентификаторов. Для этого необходимо вставить произвольный текст с идентификаторами в поле и добавить в фильтр через кнопку плюс;
- Табличную часть с полями для каталогов CVE и БДУ ФСТЭК:
- Идентификатор - id уязвимости в базе уязвимостей;
- Описание - текстовое описание уязвимости;
- Обнаружено - флаг, данный статус отображается если уязвимость обнаружена в отчетах о сканировании;
- CVSS - числовая оценка уязвимости согласно источнику, с указанием даты выявления уязвимости экспертами, оценка отображается цветом согласно оценке CVSS 0.1 – 3.9 Low Зеленый,
4.0 – 6.9 Medium Желтый, 7.0 – 8.9 High Оранжевый, 9.0 – 10.0 Critical Красный.
- Табличную часть с полями для каталогов CVE :
- Дата бюллетеня - информация о дате публикации бюллетеня содержащего уязвимости;
- Идентификатор - id уязвимости в базе уязвимостей;
- Информация - текстовое описание уязвимости;
- Вектор атаки - локальный или сетевой вектор атаки;
- Обнаружено - флаг, данный статус отображается если уязвимость обнаружена в отчетах о сканировании;
- Наличие обновления - - флаг, данный статус отображается если база уязвимостей содержит информацию о наличии обновлений от производителя уязвимого ПО;
- Дата выявления - даты выявления уязвимости экспертами.
- Чекбокс «Только обнаруженные уязвимости» - устанавливает фильтр на табличную часть для отображения только обнаруженные уязвимости.
- Функционал для экспорта всех уязвимостей каталога.
- Для каталога добавляется функционал Варианты отображения:
- Бюллетени - изменяет отображение табличной части на реестр бюллетеней, отображает общее количество уязвимостей в бюллетени в поле Уязвимостей в бюллетени и статус по обнаружению в поле Обнаружено - данный статус отображается если хотя бы одна уязвимость из бюллетеня обнаружена в инфраструктуре.
- Уязвимости.
MITRE ATT&CK, БДУ ФСТЭК, Новая БДУ ФСТЭК
Данные из каталогов MITRE ATT&CK, БДУ ФСТЭК, Новая БДУ ФСТЭК могут использоваться для контекстного наполнения риска в модуле Риски.
Каждый из указанных каталогов сформирован по собственной схеме данных, которая не соответствует подходу оценки риска, используемому в сервисе. Но в основе своей указанные базы описывают все те же риски информационной безопасности, каждый под своим углом. Поэтому они добавлены в сервис и как отдельные компоненты и как основа для создания рисков, угроз или уязвимостей.
Каталоги могут использоваться в сервисе с целью:
- Облегчения процесса формирования рисков, угроз и уязвимостей;
- Обогащения информации по рискам (угрозам, уязвимостям) созданным в сервисе.
- Взгляда на компанию и оценку рисков через публичные каталоги угроз.
Сервис позволяет установить связь между объектами из каталогов и 3 типами объектов сервиса: угрозами, уязвимостями или рисками безопасности:
- Уязвимости могут быть связаны с угрозами БДУ ФСТЭК, техниками ATT&CK и способами реализации Новой БДУ ФСТЭК.
- Угрозы могут быть связаны с угрозами БДУ ФСТЭК, техниками ATT&CK, угрозами и последствиями Новой БДУ ФСТЭК.
- Риски могут быть связаны с угрозами БДУ ФСТЭК, техниками ATT&CK, угрозами, способами реализации и последствиями Новой БДУ ФСТЭК.
Такой широкий выбор возможных связей сделан потому, что объекты из каталогов угроз могут быть или угрозой или уязвимостью в контексте сервиса.
Например, УБИ.004 Угроза аппаратного сброса пароля BIOS из БДУ ФСТЭК в контексте сервиса является уязвимостью, особенностью активов типа Микропрограммное обеспечение, которая может привести к реализации угрозы Несанкционированного локального доступа к BIOS.
В большинстве случаев угрозы из БДУ ФСТЭК и техники из MITRE ATT@CK являются именно уязвимостями, использование которых ведет к реализации угроз безопасности, но бывают и исключения.
Для рисков, угроз и уязвимостей из базы Community связи с каталогами угроз уже установлены.
Связь с каталогом угроз может быть прямой или косвенной. Например, если уязвимость связана с угрозой из БДУ ФСТЭК то и все риски, в составе которых есть данная уязвимость будут автоматически связаны с угрозой из БДУ ФСТЭК.
Каталог БДУ ФСТЭК - это реестр рисков от банка данных угроз безопасности информации ФСТЭК России.
Каждая угроза содержит описание, рекомендации к каким типам активов может быть применена эта угроза, классификация по свойствам информации и вероятные источники угрозы. Дополнительно в блоке Связанные риски указаны связанные риски, а в блоке Каталоги указываются связи с записями из других каталогов.
Каталог Новая БДУ ФСТЭК от банка данных угроз безопасности информации ФСТЭК России содержит:
- матрицу Способы реализации (возникновения угроз) - каждая ячейка которых содержит описание поверхности атаки: группу способов, уровень возможностей нарушителя, возможные реализуемые угрозы, компоненты объектов воздействия, возможные меры защиты;
- Негативные последствия - перечень негативных последствий в классификации ФСТЭК в виде кода и описания;
- Угрозы - реестр угроз с описанием, каждая угроза содержит возможные объекты воздействия и возможные способы реализации угроз;
- Объекты - перечень объектов последствий с описанием и компонентами которые могут входить в состав объекта;
- Компоненты - перечень компонентов объектов воздействия с указанием объектов воздействия на которых они могут располагаться;
- Нарушители - уровни возможностей нарушителей классифицированные по возможностям и компетенции;
- Меры защиты - в терминологии SECURITM это список требований выполнение которых сокращает возможности нарушителя.
Каталог MITRE ATT&CK содержит:
- Матрица - содержит тактики и техники злоумышленника, позволяет на основании тактики или техники создать риск или уязвимость, в матрице указаны связи с рисками в базе Community и с рисками в базе команды;
- Тактики - направления действия нарушителя на том или ином этапе cyberkillchane;
- Техники - конкретные действия нарушителя для достижения цели на конкретном шаге cyberkillchane;
- Контрмеры - в терминологии SECURITM это список требований выполнение которых сокращает возможности нарушителя;
- Преступные группы - описание APT группировок и их особенности и модель поведения;
- Инструменты - ПО используемое нарушителями для вредоносного воздействия.
Матрицы могут использоваться для построения тепловой карты рисков наложенных на матрицы угроз и уязвимостей.
Сертификаты СЗИ
Каталог Сертификаты СЗИ может быть использован в модуле Активы как источник информации для поля Номер сертификата СЗИ. В модуле активов есть возможность вести реестр СЗИ используемых в организации, в свою очередь каталог сертификатов СЗИ позволяет связать актив с каталогом через поле актива Номер сертификата СЗИ.
Каталог Сертификаты СЗИ содержит реестр с информацией о номере сертификата, сроке действия сертификата и сроке поддержки СЗИ. Кроме реестра каталог содержит следующие метрики:
- Имеющиеся СЗИ - отображает количество активов у которых заполнено поле Номер сертификата СЗИ;
- Скоро будут просрочены - отображает количество активов у которых срок действия сертификата меньше 90 календарных дней;
- Просроченные сертификаты - отображает количество активов у которых срок действия сертификата уже истек;
- Истекшая поддержка - отображает количество активов у которых срок действия сертификата уже истек.
Каждая метрика ведёт в реестр активов и выводит список СЗИ, отфильтрованный по соответствующим параметрам.
Нажав на просмотр сертификата, мы увидим карточку сертификата, сервис хранит информацию о следующих данных:
- Номер сертификата;
- Дата внесения в реестр;
- Срок действия сертификата;
- Срок окончания тех. поддержки;
- Наименование средства (шифр);
- Схема сертификации;
- Испытательная лаборатория;
- Орган по сертификации;
- Заявитель;
- Наименования документов соответствия;
- Реквизиты заявителя.
Реестр обновляется автоматически один раз в месяц.
Куда я попал?
CWE-352
CWE-352: Cross-Site Request Forgery (CSRF)
Идентификаторы ФСТЭК уязвимостей
Идентификатор, базы данных общеизвестных уязвимостей информационной безопасности
| Идентификатор | Описание |
|---|---|
| BDU:2014-00410 | Уязвимость файлового сервера Serv-U File Server, позволяющая удаленному злоумышленнику изменить конфигурацию системы |
| BDU:2015-00234 | Уязвимость программного обеспечения Adobe Pepper Flash для Google Chrome, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-00235 | Уязвимость программного обеспечения Adobe Pepper Flash для Google Chrome, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-00344 | Уязвимость программного обеспечения Flash Player, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-00345 | Уязвимость программного обеспечения Adobe AIR, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-00346 | Уязвимость программного обеспечения Flash Player, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-00987 | Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-00988 | Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-00989 | Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-03352 | Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-09374 | Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2015-09893 | Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику подделать межсайтовые запросы |
| BDU:2015-09894 | Уязвимость браузера Firefox ESR, позволяющая удалённому злоумышленнику подделать межсайтовые запросы |
| BDU:2015-09895 | Уязвимость почтового клиента Thunderbird, позволяющая удалённому злоумышленнику подделать межсайтовые запросы |
| BDU:2015-09977 | Уязвимость программной платформы Apache Struts, связанная с использованием предсказуемых значений , позволяющая удаленному нарушителю осуществить CSRF-атаку |
| BDU:2015-10402 | Уязвимость микропрограммного обеспечения программируемого логического контроллера Siemens Simatic S7-1200, позволяющая нарушителю производить межсайтовую фальсификацию запросов |
| BDU:2015-10409 | Уязвимость микропрограммного обеспечения маршрутизатора Juniper SRX 240, позволяющая нарушителю обойти CSRF-защиту интерфейса J-Web |
| BDU:2015-10915 | Уязвимость программной платформы Flash Player, позволяющая нарушителю обойти механизм защиты |
| BDU:2015-10916 | Уязвимость программной платформы Flash Player, позволяющая нарушителю обойти механизм защиты |
| BDU:2015-10917 | Уязвимость программной платформы Adobe AIR, позволяющая нарушителю обойти механизм защиты |
| BDU:2015-10918 | Уязвимость программной платформы Adobe AIR, позволяющая нарушителю обойти механизм защиты |
| BDU:2015-10938 | Уязвимость системы управления обучением Мoodle, позволяющая нарушителю пройти процедуру аутентификации |
| BDU:2015-10943 | Уязвимость системы управления обучением Мoodle, позволяющая нарушителю нарушить процедуру аутентификации для произвольных пользователей |
| BDU:2015-10973 | Уязвимость микропрограммного обеспечения устройства управления конференц-связью Cisco TelePresence ISDN Gateway, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2015-10974 | Уязвимость микропрограммного обеспечения устройства управления конференц-связью Cisco TelePresence Serial Gateway, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2015-10975 | Уязвимость микропрограммного обеспечения устройства управления конференц-связью Cisco TelePresence IP Gateway, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2015-10976 | Уязвимость микропрограммного обеспечения устройства обработки потокового видео Cisco TelePresence IP VCR, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2015-10977 | Уязвимость микропрограммного обеспечения устройства управления конференц-связью Cisco TelePresence Multipoint Control Unit, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2015-11530 | Уязвимость микропрограммного обеспечения устройства управления конференц-связью Cisco TelePresence Server, позволяющая нарушителю нарушить процедуру аутентификации произвольных пользователей |
| BDU:2015-11596 | Уязвимость микропрограммного обеспечения программируемого логического контроллера Schneider Electric Modicon M340, позволяющая нарушителю перенаправить пользователя на вредоносный сайт |
| BDU:2015-11962 | Уязвимость Java-сервера приложений WildFly и связующей платформы JBoss Enterprise Application Platform, позволяющая нарушителю пройти аутентификацию от имени администратора |
| BDU:2015-11974 | Уязвимость микропрограммного обеспечения систем контроля состояния цепей электропитания Janitza UMG 508, 509, 511, 604, 605, позволяющая нарушителю пройти аутентификацию от имени произвольного пользователя |
| BDU:2015-12097 | Уязвимость средства администрирования системы электронного документооборота EMC Documentum Administrator, средства управления мультимедийными материалами системы электронного документооборота EMC Documentum Digital Asset Management, средства доступа... |
| BDU:2015-12140 | Уязвимость почтового сервера Microsoft Exchange Server, позволяющая нарушителю нарушить процедуру аутентификации произвольных пользователей |
| BDU:2015-12151 | Уязвимость программного средства управления серверами HP System Management Homepage, позволяющая нарушителю нарушить процедуру аутентификации произвольных пользователей |
| BDU:2016-00248 | Уязвимость операционной системы Cisco Firepower Extensible Operating System, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2016-00379 | Уязвимость программной платформы Java Platform, позволяющая нарушителю загрузить на компьютер произвольные файлы |
| BDU:2016-00482 | Уязвимость программы мгновенного обмена сообщениями Adobe Connect, позволяющая нарушителю подменить пользователя в ходе сессии |
| BDU:2016-00553 | Уязвимость платформы управления политиками соединений Cisco Identity Services Engine, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2016-00598 | Уязвимость системы управления обучением Мoodle, позволяющая нарушителю подменить пользователя в ходе сессии |
| BDU:2016-00601 | Уязвимости системы управления обучением Мoodle, позволяющие нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2016-00613 | Уязвимость сервера приложений Apache Tomcat, позволяющая нарушителю обойти механизм защиты CSRF |
| BDU:2016-00928 | Уязвимость микропрограммного обеспечения маршрутизатора Amped Wireless R10000, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2016-00930 | Уязвимость микропрограммного обеспечения маршрутизатора Medialink MWN-WARP300N, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2016-00931 | Уязвимость микропрограммного обеспечения маршрутизатора N600 DB Belkin F9K1102, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2016-00935 | Уязвимость микропрограммного обеспечения системы резервного копирования Storeonce Backup, позволяющая нарушителю подменить пользователя в ходе сессии |
| BDU:2016-02066 | Уязвимость системы управления почтовыми рассылками GNU Mailman, позволяющая нарушителю подменить пользователя в ходе сессии администратора |
| BDU:2016-02068 | Уязвимость системы управления почтовыми рассылками GNU Mailman, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей |
| BDU:2017-00614 | Уязвимость антивирусного программного средства McAfee VirusScan Enterprise, позволяющая нарушителю нарушить доступность данных |
| BDU:2017-00683 | Уязвимость системы управления IP-телефонией Cisco Unified Communications Manager, позволяющая нарушителю нарушить целостность данных |
| BDU:2017-00781 | Уязвимость операционной системы Windows, позволяющая нарушителю получить информацию для компроментации целевой системы |
| BDU:2017-01481 | Уязвимость веб-консоли средства антивирусной защиты Антивирус Касперского 8.0 для Linux File Servers, позволяющая отправить команду антивирусу от имени его пользователя |
| BDU:2017-02187 | Уязвимость программного обеспечения удаленного мониторинга Advantech WebAccess, связанная с подделкой межсайтовых запросов, позволяющая нарушителю перехватить аутентификацию произвольного пользователя |
| BDU:2018-00189 | Уязвимость средства защиты электронной почты Kaspersky Secure Mail Gateway, связанная с отсутствием CSRF-токена в веб-формах, позволяющая перехватить сессию администратора |
| BDU:2018-01009 | Уязвимость микропрограммного обеспечения маршрутизатора 4G LTE Light Industrial M2M Router (NWL-25), связанная с подделкой межсайтовых запросов, позволяющая нарушителю изменить пароль устройства |
| BDU:2018-01305 | Уязвимость веб-интерфейса операционной системы FortiOS, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2018-01380 | Уязвимость веб-интрефейса средства управления использования электроэнергии Cisco Energy Management Suite, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2018-01440 | Уязвимость веб-интерфейса платформы управления политиками безопасности Cisco Identity Services Engine, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2018-01622 | Уязвимость программного обеспечения инфраструктуры Cisco Enterprise NFV Infrastructure Software, связанная с ошибками проверки HTTP-запросов в интерфейсе управления, позволяющая нарушителю осуществлять межсайтовую подделку запросов |
| BDU:2018-01623 | Уязвимость веб-интерфейса программного средства управления унифицированными коммуникациями Cisco Prime Collaboration Assurance, позволяющая нарушителю выполнять произвольные действия в уязвимой системе путем осуществления межсайтовой подделки запросо... |
| BDU:2019-00746 | Уязвимость веб-интерфейса программного средства Cisco Unified Intelligence Center, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2019-00898 | Уязвимость микропрограммного обеспечения камер серий Pelco Sarix Enhanced и Spectra Enhanced, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю получить доступ к интерфейсу камеры |
| BDU:2019-01118 | Уязвимость микропрограммного обеспечения коммутатора Moxa IKS-G6824A, позволяющая нарушителю получить несанкционированный доступ к устройству |
| BDU:2019-01325 | Уязвимость приложения для управления серверами CentOS Web Panel, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю выполнить произвольные команды |
| BDU:2019-01326 | Уязвимость приложения для управления серверами CentOS Web Panel, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю выполнить произвольные команды |
| BDU:2019-01339 | Уязвимость веб-интерфейса микропрограммного обеспечения IP-телефонов Cisco IP Phone серии 8800, позволяющая нарушителю выполнить произвольные действия в уязвимом устройстве |
| BDU:2019-01354 | Уязвимость компонентов Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Daemon Manager (rvdm) платформ для высокоскоростного распространения данных TIB... |
| BDU:2019-01673 | Уязвимость веб-интерфейса управления программного обеспечения Cisco Wireless LAN Controller, позволяющая нарушителю выполнить произвольные действия на устройстве с привилегиями пользователя, включая изменение конфигурации устройства |
| BDU:2019-01685 | Уязвимость функции FindMe микропрограммного обеспечения устройства управления абонентскими вызовами Cisco TelePresence Video Communication Server и программного обеспечения шлюза Cisco Expressway, позволяющая нарушителю выполнить произвольные действи... |
| BDU:2019-01800 | Уязвимость микропрограммного обеспечения межсетевого экрана Cisco Adaptive Security Appliance, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю выполнить произвольный код в контексте текущего пользователя |
| BDU:2019-01807 | Уязвимость веб-интерфейса управления гиперконвергентной инфраструктуры Cisco HyperFlex, позволяющая нарушителю выполнить произвольный код |
| BDU:2019-02012 | Уязвимость микропрограммного обеспечения принтеров HP Color LaserJet Pro, связанная с подделкой межсайтовых запросов, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации |
| BDU:2019-02013 | Уязвимость микропрограммного обеспечения принтеров HP Color LaserJet Pro, связанная с подделкой межсайтовых запросов, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2019-02139 | Уязвимость веб-интерфейса управления программного пакета Cisco Industrial Network Director, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2019-02221 | Уязвимость веб-интерфейса средства управления информационной системой Cisco Prime Service Catalog, связанная с отсутствием защиты от межсайтовой подмены запросов (CSRF), позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2019-02244 | Уязвимость веб-интерфейса операционной системы Cisco IOS XE, позволяющая нарушителю выполнить произвольные действия в контексте текущего пользователя |
| BDU:2019-02382 | Уязвимость платформы для централизованного управления политиками McAfee ePO Cloud, связанная с отсутствием защиты от межсайтовой подмены запросов, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве и получить доступ к уязви... |
| BDU:2019-02405 | Уязвимость веб-интерфейса управления программного средства удалённого администрирования серверов Cisco Integrated Management Controller, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2019-02492 | Уязвимость средства разработки программного обеспечения Azure DevOps Server, связанная с недостатками обработки запросов на авторизацию, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2019-02821 | Уязвимость микропрограммного обеспечения принтеров HP Color LaserJet Pro и HP LaserJet Pro, связанная с подделкой межсайтовых запросов, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании |
| BDU:2019-02822 | Уязвимость микропрограммного обеспечения принтеров HP Deskjet, связанная с подделкой межсайтовых запросов, позволяющая нарушителю вызвать отказ в обслуживании или нарушения в конфигурации устройства |
| BDU:2019-02840 | Уязвимость веб-интерфейса операционной системы FortiOS, позволяющая нарушителю осуществить межсайтовую подделку запроса |
| BDU:2019-02844 | Уязвимость процесса httpsd операционной системы FortiOS, позволяющая нарушителю раскрыть защищаемую информацию или выполнить несанкционированное отключение пользователей |
| BDU:2019-02934 | Уязвимость плагина NPAPI браузеров Firefox ESR, Firefox и почтового клиента Thunderbird, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2019-02940 | Уязвимость сервера автоматизации Jenkins, связанная с отсутсвием идентификатора веб-сеанса, позволяющая нарушителю осуществить межсайтовую подделку запросов и получить несанкционированный доступ к защищаемой информации |
| BDU:2019-03005 | Уязвимость микропрограммного обеспечения коммуникационного модуля Siemens CP, связанная с межсайтовой фальсификацией запросов, позволяющая нарушителю произвести атаку |
| BDU:2019-03040 | Уязвимость веб-интерфейса управления операционной системы Cisco IOS XE, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2019-03111 | Уязвимость платформы для автоматизации деятельности учреждений здравоохранения субъекта РФ ТрастМед:Лекарственное обеспечение, связанная с отсутствием CSRF-токена в веб-формах, позволяющая выполнять действия от имени пользователей, в том числе админи... |
| BDU:2019-03125 | Уязвимость веб-интерфейса управления гиперконвергентной инфраструктуры Cisco HyperFlex, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве с помощью специально сформированной ссылки |
| BDU:2019-03140 | Уязвимость микропрограммного обеспечения принтеров HP Deskjet, связанная с подделкой межсайтовых запросов, позволяющая нарушителю вызвать отказ в обслуживании или нарушения в конфигурации устройства |
| BDU:2019-03173 | Уязвимость программного обеспечения для электронного документооборота Microsoft SharePoint Foundation, связанная с ошибками при обработке запросов на авторизацию приложений, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2019-03175 | Уязвимость пакетов программ Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server и программного обеспечения для электронного документооборота Microsoft SharePoint Foundation, связанная с ошибками при обработке запросов на авторизацию п... |
| BDU:2019-03269 | Уязвимость встроенного веб-сервера микропрограммного обеспечения преобразователей протоколов Moxa MGate MB3170, MB3180, MB3270, MB3280, MB3480 и MB3660, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2019-03466 | Уязвимость плагина NPAPI браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2019-03562 | Уязвимость компонента CMS веб-сайтов для совместной работы MediaWiki, связанная с межсайтовой фальсификацией запросов, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а та... |
| BDU:2019-03801 | Уязвимость веб-интерфейса управления микропрограммного обеспечения маршрутизаторов Cisco Small Business серии 250, 350, 550X, позволяющая нарушителю изменить конфигурацию устройства или вызвать отказ в обслуживании |
| BDU:2019-04000 | Уязвимость веб-приложения для администрирования систем управления базами данных phpMyAdmin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю удалить любой сервер на странице установки |
| BDU:2019-04117 | Уязвимость веб-интерфейса управления систем обработки вызовов Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IMP) Service и... |
| BDU:2019-04245 | Уязвимость компонента Security программной платформы для разработки и управления веб-приложениями Symfony, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2019-04291 | Уязвимость функции Reader View браузера Firefox, позволяющая нарушителю выполнить произвольный код |
| BDU:2019-04477 | Уязвимость микропрограммного обеспечения системы удалённого управления солнечными батареями SMA Solar Sunny WebBox, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегии |
| BDU:2019-04839 | Уязвимость веб-интерфейса vManage программно-определяемой сети Cisco SD-WAN, позволяющая нарушителю обойти процедуру аутентификации и получить доступ к системным файлам |
| BDU:2020-00061 | Уязвимость функции "Forgot Password" приложения для управления серверами CentOS Web Panel, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2020-00336 | Уязвимость веб-интерфейса операционных систем Cisco IOS XE и Cisco IOS, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2020-00613 | Уязвимость веб-интерфейса программного средства Cisco Hosted Collaboration Mediation Fulfillment, позволяющая нарушителю выполнить произвольные действия в контексте текущего пользователя |
| BDU:2020-00616 | Уязвимость веб-интерфейса администрирования системы управления IP-телефонией Cisco Unified Communications Manager, позволяющая нарушителю выполнить произвольные действия в контексте текущего пользователя |
| BDU:2020-00630 | Уязвимость платформы интеграции сценариев производственных операций SAP Manufacturing Integration and Intelligence, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить доступ к уязвимому приложению |
| BDU:2020-00966 | Уязвимость веб-интерфейса управления системы сетевого управления центром обработки данных Cisco Data Center Network Manager (DCNM), позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2020-00986 | Уязвимость веб-интерфейса средства управления сетевыми сервисами Cisco Prime Network Registrar, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2020-01058 | Уязвимость расширения OAuth2 программного средства для реализации гипертекстовой среды MediaWiki, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2020-01059 | Уязвимость плагина svg-vector-icon-plugin (WP SVG Icons) системы управления содержимым WordPress, позволяющая нарушителю загрузить произвольный ZIP-архив (содержащий файл .php) |
| BDU:2020-01244 | Уязвимость веб-интерфейса сотовых IP-шлюзов серии Moxa OnCell G3100-HSPA, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2020-01286 | Уязвимость компонента SiTex-Госуслуги платформы разработки распределенных приложений SiTex, связанная с отсутствием CSRF-токена в веб-формах, позволяющая выполнять действия от имени пользователей, в том числе администраторов |
| BDU:2020-01383 | Уязвимость протокола WebSocket веб-сервера Engine.IO, связанная с подделкой межсайтовых закпросов, позволяющая нарушителю выполнять произвольные действия в уязвимой системе |
| BDU:2020-01716 | Уязвимость перекрестного запроса "CSRF" программы для шифрования информации и создания электронных цифровых подписей GNU Privacy Guard (GnuPG), позволяющая нарушителю совершить атаку типа отказ в обслуживании |
| BDU:2020-01858 | Уязвимость параметра append_domain прокси-сервера Squid, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность |
| BDU:2020-01950 | Уязвимость системы управления содержимым сайта WordPress, связанная с межсайтовой фальсификацией запросов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании |
| BDU:2020-01981 | Уязвимость множества элементов сервера обмена календарями DAViCal, связанная с недостатками механизмов противодействия межсайтовой фальсификации, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в об... |
| BDU:2020-02162 | Уязвимость сервера автоматизации Jenkins, связанная с межсайтовой фальсификацией запросов, позволяющая нарушителю оказать воздействие на целостность, конфиденциальность и доступность защищаемой информации |
| BDU:2020-02423 | Уязвимость веб-интерфейса управления программного обеспечения Cisco Mobility Express точек доступа Cisco Aironet Access Points (AP) серий 1540, 1560, 1800, 2800, 3800, 4800, Cisco Catalyst 9100 и Cisco 6300, позволяющая нарушителю выполнить произволь... |
| BDU:2020-02700 | Уязвимость сервера автоматизации Jenkins, связанная с отсутствием защиты от межсайтовой подмены запросов (CSRF), позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2020-02720 | Уязвимость микропрограммного обеспечения модульного контроллера для автоматизации трансформаторных подстанций Schneider Electric Easergy T300 (HU250), связанная с подделкой межсайтовых запросов, позволяющая нарушителю выполнить вредоносные команды от... |
| BDU:2020-03050 | Уязвимость компонента журнала аудита системы управления сетью Cisco Digital Network Architecture (DNA) Center, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2020-03064 | Уязвимость веб-интерфейса микропрограммного обеспечения маршрутизатора D-Link DIR-865L, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных |
| BDU:2020-03209 | Уязвимость встроенного программного обеспечения маршрутизаторов NETGEAR RBK752, NETGEAR RBK753, NETGEAR RBK753S, NETGEAR RBR750, NETGEAR RBS750, NETGEAR RBK842, NETGEAR RBR840, NETGEAR RBS840, NETGEAR RBK852, NETGEAR RBK853, NETGEAR RBR850, NETGEAR R... |
| BDU:2020-03287 | Уязвимость инструмента миграции конфигурации The Expedition Migration tool, связанная с подделкой межсайтовых запросов, позволяющая нарушителю подменить пользователя в ходе сессии и выполнить произвольный код |
| BDU:2020-03447 | Уязвимость веб-интерфейса конфигурации LuCI встраиваемой операционной системы OpenWrt, позволяющая нарушителю осуществить подделку межсайтовых запросов |
| BDU:2020-03500 | Уязвимость модулей spring-webmvc, spring-webflux программной платформы Spring Framework, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2020-03934 | Уязвимость функции wp_ajax_replyto_comment (ajax-actions.php) и wp_handle_comment_submission (comment.php) системы управления содержимым сайта WordPress, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а так... |
| BDU:2020-03991 | Уязвимость решения для IMAP-серверов на основе AJAX Roundcube, связанная с недостатками механизмов противодействия межсайтовой фальсификации, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2020-04326 | Уязвимость службы Windows DNS операционных систем Windows, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2020-04629 | Уязвимость CMS-системы Drupal, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю выполнить произвольный код |
| BDU:2020-05688 | Уязвимость интерфейса мониторинга и управления операционной системы Cisco FXOS межсетевого экрана Cisco Firepower, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2021-00641 | Уязвимость веб-интерфейса управления центра управления сетью Cisco DNA Center, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2021-01018 | Уязвимость библиотеки для работы с SVG-изображениями Apache Batik, связанная с некорректной обработкой данных в атрибутах "xlink: href", позволяющая нарушителю осуществлять CSRF-атаки |
| BDU:2021-01087 | Уязвимость функции NX-API сетевой операционной системы Cisco NX-OS маршрутизаторов Cisco, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2021-01539 | Уязвимость компонента интеграции программной платформы для разработки и управления онлайн магазинами Magento Commerce, связанная с отсутствием защиты от межсайтовой подмены запросов, позволяющая нарушителю выполнить несанкционированное изменение мета... |
| BDU:2021-01735 | Уязвимость системы управления содержимым сайта WordPress, связанная с недостатками механизмов противодействия межсайтовой фальсификации, позволяющая нарушителю оказать воздействие на целостность данных |
| BDU:2021-01801 | Уязвимость функции "Deflake this build" плагина Jenkins Flaky Test Handler Plugin, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2021-01829 | Уязвимость драйвера EEM (Ethernet Emulation Mode) микропрограммного обеспечения устройств для считывания смарт-карт серии OMNIKEY 5427 и серии OMNIKEY 5127, позволяющая нарушителю проводить межсайтовые сценарные атаки |
| BDU:2021-02130 | Уязвимость реестра для Docker-контейнеров Harbor, связанная с подделкой межсайтовых запросов, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2021-02600 | Уязвимость программной платформы для управления виртуальными средами CloudForms Management Engine, связанная с отсутствием защиты от межсайтовой подмены запросов (CSRF), позволяющая нарушителю выполнить произвольные действия в контексте текущего поль... |
| BDU:2021-03109 | Уязвимость плагина ARPrice Lite системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2021-03782 | Уязвимость системы управления контентом и медиа-данными Adobe Experience Manager, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить конфиденциальную информацию пользователя |
| BDU:2021-04269 | Уязвимость микропрограммного обеспечения измерителей мощности и счетчиков электроэнергии PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000, PM800, связанная с недостаточной проверкой подлинности выполняемых запросов, позв... |
| BDU:2021-04503 | Уязвимость реализации сценария /woocommerce-stock-manager/trunk/admin/views/import-export.php функции импорта/экспорта плагина WooCommerce Stock Manager системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2021-04646 | Уязвимость формы конфигурации CKEditor веб-системы отслеживания связей и управления взаимодействием CiviCRM, связанная с подделкой межсайтовых запросов, позволяющая нарушителю оказать воздействие на целостность данных |
| BDU:2021-04718 | Уязвимость файла video_list.php системы управления контентом AikCms, позволяющая нарушителю удалить информацию |
| BDU:2021-04898 | Уязвимость веб-фреймворка для создания API с помощью языка программирования Python FastAPI, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность |
| BDU:2021-05612 | Уязвимость реализации HTTP- или FTP-протокола консольного графического редактора ImageMagick, позволяющая нарушителю осуществить SSRF-атаку |
| BDU:2021-05927 | Уязвимость веб-интерфейса управления систем обработки вызовов Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition и Cisco Unified Communications Manager IM Presence Service, позволяющая нарушителю ока... |
| BDU:2021-06190 | Уязвимость функции "delete related badge" системы управления Moodle, связанная с межсайтовыми фольсификациями запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-00492 | Уязвимость программы мгновенного обмена сообщениями Adobe Connect, связанная с подделкой межсайтовых запросов, позволяющая нарушителю записать произвольные файлы в файловую систему устройства |
| BDU:2022-00592 | Уязвимость пакета управления рассылками электронных писем GNU Mailman, связанная с недостаточной проверкой источника HTTP-запроса, позволяющая нарушителю выполнять атаки с подделкой межсайтовых запросов |
| BDU:2022-00881 | Уязвимость функции интеграции приложений программного обеспечения для веб-конференцсвязи Cisco Webex Meetings, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2022-01916 | Уязвимость HTTP-демона микропрограммного обеспечения Wi‑Fi роутеров ZyXEL NBG6816 (Armor Z1) и NBG6817 (Armor Z2), позволяющая нарушителю выполнить произвольные команды |
| BDU:2022-02031 | Уязвимость платформы администрирования приложений VMware Workspace ONE Access, платформы виртуализации VMware Cloud Foundation, средства управления виртуальной инфраструктурой VMware vRealize Automation, программного средства управления жизненным цик... |
| BDU:2022-02149 | Уязвимость компонент API GraphQL программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю оказать воздействие на целостность данных |
| BDU:2022-02208 | Уязвимость микропрограммного обеспечения программируемых логических контроллеров WAGO 750-8212 (PFC200), связанная с подделкой межсайтовых запросов, позволяющая нарушителю проводить межсайтовые сценарные атаки |
| BDU:2022-02397 | Уязвимость системы управления контентом Umbraco CMS, связанная с подделкой межсайтовых запросов, позволяющая нарушителю активировать, деактивировать или удалять учетные записи пользователей |
| BDU:2022-02433 | Уязвимость веб-интерфейса управления микропрограммного обеспечения IP-телефонов Cisco IP Phone 6800, Cisco IP Phone 7800 и Cisco IP Phone 8800, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-02691 | Уязвимость scada-сервера Elcomplus SmartPPT, связанная с недостаточной проверкой источника HTTP-запроса, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-02828 | Уязвимость расширения Report программного средства для реализации гипертекстовой среды MediaWiki, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2022-02927 | Уязвимость веб-интерфейса управления систем обработки вызовов Cisco Unified Communications Manager (CM) и Cisco Unified Communications Manager Session Management Edition (SME), позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-03103 | Уязвимость веб-интерфейса управления централизованной системой управления сетью Cisco Catalyst SD-WAN Manager, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-03570 | Уязвимость микропрограммного обеспечения мобильных маршрутизаторов iRZ, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-03575 | Уязвимость механизма синхронизации форм браузера Yandex Browser, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-03591 | Уязвимость микропрограммного обеспечения маршрутизатора Trendnet TEW-831DR, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-03877 | Уязвимость веб-инструмента управления ИТ-услугами iTop, связанная с повторным использованием CSRF-токенов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-04089 | Уязвимость компонента /admin/service/stop/ программного обеспечения TrueConf Server, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-04253 | Уязвимость микропрограммного обеспечения устройства связи и мониторинга Schneider Electric Conext ComBox, связанная с подделкой межсайтовых запросов, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2022-04324 | Уязвимость встроенного веб-сервера микропрограммного обеспечения промышленных коммутаторов SCALANCE X302-7, SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X310, SCALANCE X320-1,... |
| BDU:2022-04575 | Уязвимость веб-интерфейса платформы аналитики и автоматизации работы с многооблачными сетями дата-центров Cisco Nexus Dashboard, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-04843 | Уязвимость плагина Jenkins Google Cloud Backup Plugin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю копировать произвольные файлы |
| BDU:2022-04848 | Уязвимость плагина Jenkins Openstack Heat Plugin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-04854 | Уязвимость плагина Jenkins External Monitor Job Type Plugin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-04857 | Уязвимость плагина Jenkins Coverity Plugin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-04859 | Уязвимость плагина Jenkins OpenShift Deployer Plugin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-04862 | Уязвимость плагина Jenkins Job Configuration History Plugin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-05034 | Уязвимость менеджера паролей Passwork, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-05212 | Уязвимость CAS-сервера General Bytes Crypto Application Server, связанная с подделкой межсайтовых запросов, позволяющая нарушителю создать пользователя c привилегиями admin и изменить произвольные данные на сервере |
| BDU:2022-05668 | Уязвимость компонента Controller File System Handler плагина Jenkins OpenShift Deployer Plugin, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2022-05908 | Уязвимость реализации механизма проверки токенов программной платформы Apache Struts, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-06071 | Уязвимость плагина Jenkins Security Inspector Plugin, связанная с недостаточной проверкой подлинности выполняемых POST запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-06115 | Уязвимость компонента Central Management Console (CMC) платформы бизнес-аналитики SAP BusinessObjects Business Intelligence, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании |
| BDU:2022-06206 | Уязвимость компонента Build Handler плагина Jenkins Git Plugin, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве |
| BDU:2022-06217 | Уязвимость веб-интерфейса HTTP программного обеспечения cистемы измерения производительности высоковольтных распределительных устройств Hitachi Modular Switchgear Monitoring (MSM), позволяющая нарушителю выполнить произвольный код |
| BDU:2022-06218 | Уязвимость веб-интерфейса HTTP программного обеспечения cистемы измерения производительности высоковольтных распределительных устройств Hitachi Modular Switchgear Monitoring (MSM), позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-06302 | Уязвимость CMS-системы Drupal, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю выполнить произвольный код |
| BDU:2022-06331 | Уязвимость веб-интерфейса управления микропрограммного обеспечения шлюзов Cisco Expressway и микропрограммного обеспечения устройств управления вызовами Cisco TelePresence Video Communication Server, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-06503 | Уязвимость интерфейса системы управления безопасностью FortiSIEM, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-06835 | Уязвимость веб-интерфейса управления платформы управления политиками соединений Cisco Identity Services Engine (ISE), позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2022-06935 | Уязвимость интерфейса iControl SOAP средств контроля доступа и удаленной аутентификации BIG-IP и серверного программного обеспечения BIG-IQ Centralized Management, позволяющая нарушителю выполнить произвольные команд с повышенными привилегиями |
| BDU:2022-07405 | Уязвимость системы управления курсами Moodle, связанная с недостаточной проверкой источника HTTP-запроса в URL-адресе перенаправления курса, позволяющая нарушителю выполнять атаки с подделкой межсайтовых запросов |
| BDU:2023-00752 | Уязвимость функции ajax_save_state() плагина Wicked Folders системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-00753 | Уязвимость функции ajax_edit_folder() плагина Wicked Folders системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-00858 | Уязвимость веб-интерфейса управления cредства управления информационной инфраструктурой Cisco Application Policy Infrastructure Controller, позволяющая нарушителю реализовать CSRF-атаку |
| BDU:2023-01043 | Уязвимость встроенного программного обеспечения маршрутизаторов NETGEAR R6250, NETGEAR R6400, NETGEAR R6700, NETGEAR R6900, NETGEAR R7000, NETGEAR R7100LG, NETGEAR R7300DST, NETGEAR R7900, NETGEAR R8000, NETGEAR D6220, NETGEAR D6400, NETGEAR D7000, с... |
| BDU:2023-01681 | Уязвимость метода init() универсальной системы мониторинга Zabbix, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании |
| BDU:2023-01732 | Уязвимость микропрограммного обеспечения маршрутизаторов Nighthawk WiFi 6 Router (RAX30), связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-01791 | Уязвимость микропрограммного обеспечения логических контроллеров для управления зданиями и сооружениями Schneider Electric spaceLYnk, Wiser for KNX (ранее - homeLYnk), FellerLYnk, позволяющая нарушителю выполнить переопределение конфигураций системы |
| BDU:2023-01842 | Уязвимость веб-интерфейса управления централизованной системой управления сетью Cisco SD-WAN vManage, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-01914 | Уязвимость веб-интерфейса управления системы мониторинга и управления сетевым оборудованием Cisco Prime Infrastructure и программного средства управления сетевыми сервисами Cisco Evolved Programmable Network Manager (EPNM), позволяющая нарушителю осу... |
| BDU:2023-01935 | Уязвимость плагина Convert To Pipeline Plugin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю выполнить произвольный код |
| BDU:2023-02417 | Уязвимость интерфейса системы управления Git-репозиториями Gitea, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-02703 | Уязвимость микропрограммного обеспечения программируемого логического контроллера Schneider Electric Modicon M340, Modicon Quantum, Modicon Premium, позволяющая нарушителю получить доступ к конфиденциальным данным |
| BDU:2023-02897 | Уязвимость программного обеспечения парковочных зарядных станций EVlink City. EVlink Parking и EVlink Smart Wallbox, связанная с подделкой межсайтовых запросов, позволяющая нарушителю выдать себя за пользователя, управляющего зарядной станцией |
| BDU:2023-03065 | Уязвимость компонентов hedwig.cgi и pigwidgeon.cgi микропрограммного обеспечения маршрутизаторов D-Link DIR-868L, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-03093 | Уязвимость программное обеспечение для собора данных FactoryTalk VantagePoint, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить межсайтовую подделку запросов |
| BDU:2023-03514 | Уязвимость плагина Reverse Proxy Auth прокси-сервера Jenkins, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-03533 | Уязвимость программно-аппаратных средств контроля и защиты SCADA-систем ABB Pulsar Plus System Controller NE843_S, Infinity DC Power Plant H5692448 G104, Infinity DC Power Plant H5692448 G842, Infinity DC Power Plant H5692448 G224L, Infinity DC Power... |
| BDU:2023-03541 | Уязвимость веб-интерфейса управления многофункциональных измерительных устройств Siemens SICAM Q200, позволяющая нарушителю выполнить произвольные действия |
| BDU:2023-03758 | Уязвимость веб-интерфейса программного обеспечения для веб-конференцсвязи Cisco Webex Meetings, позволяющая нарушителю реализовать CSRF-атаку |
| BDU:2023-03788 | Уязвимость функции start/restart (blogger-importer.php) плагина Blogger Importer системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-04191 | Уязвимость компонента Ajax Controller анализатора производительности PNP4Nagios системы мониторинга сети Nagios, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-04380 | Уязвимость реализации прикладного программного интерфейса программного обеспечения управления процессами и мониторинга систем автоматизации Rockwell Automation Enhanced HIM, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-04702 | Уязвимость плагина Sitemap by click5 системы управления содержимым сайта WordPress, позволяющая нарушителю создать учетную запись с правами администратора и осуществить CSRF-атаку |
| BDU:2023-04776 | Уязвимость веб-интерфейса управления микропрограммного обеспечения IP-телефонов Cisco IP Phone 6800, Cisco IP Phone 7800, Cisco IP Phone 8800 и видеотелефона Cisco Video Phone 8875, связанная подделкой межсайтовых запросов, позволяющая нарушителю осу... |
| BDU:2023-05131 | Уязвимость программного интерфейса платформы создания совместных веб-приложений XWiki Platform XWiki, позволяющая нарушителю выполнить произвольный код |
| BDU:2023-05265 | Уязвимость интерфейса интеграции CKEditor платформы создания совместных веб-приложений XWiki Platform XWiki , связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-05272 | Уязвимость платформы создания совместных веб-приложений XWiki Platform XWik , связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-05366 | Уязвимость реализации протокола RADIUS (Remote Authentication in Dial-In User Service) платформы Cisco Identity Services Engine (ISE), позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2023-05710 | Уязвимость программной платформы для разработки и управления веб-приложениями Symfony , связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-05820 | Уязвимость программного конфигуратора для создания, управления и развертывания энергосистем SEL-5037 SEL Grid Configurator, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-05923 | Уязвимость веб-приложения управления модульного источника бесперебойного питания MODULYS GP (MOD3GP-SY-120K), позволяющая нарушителю выполнить произвольные действия |
| BDU:2023-06392 | Уязвимость программного средства управления доступом к беспроводной сети IoT Cassia Access Controller, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-06464 | Уязвимость программного обеспечения защиты данных Acronis Cyber Protect 15, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2023-06465 | Уязвимость программного обеспечения защиты данных Acronis Cyber Protect 15, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю получить доступ к конфиденциальной информации |
| BDU:2023-06505 | Уязвимость веб-интерфейса микропрограммного обеспечения платформ маршрутизации и коммутации RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE и RUGGEDCOM ROX RX1400, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-06603 | Уязвимость WSGI-сервера gevent.pywsgi библиотеки Python Gevent, позволяющая нарушителю оказать влияние на целостность, доступность и конфиденциальность защищаемой информации |
| BDU:2023-06725 | Уязвимость плагина Jenkins Fortify Plugin, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-07071 | Уязвимость веб-интерфейса микропрограммного обеспечения маршрутизатора Connectize G6 AC2100, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-07532 | Уязвимость плагина управления учетными данными Jenkins Azure Credentials, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-07846 | Уязвимость почтового сервера modoboa/modoboa, связанная с подделкой межсайтовых запросов, позволяющая нарушителю оказать воздействие на целостность и доступность защищаемой информации |
| BDU:2023-08502 | Уязвимость инструмента мониторинга виртуальной инфраструктуры vRealize Operations (vROps), связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2023-08632 | Уязвимость программного обеспечения для создания заметок Sticky Notes App, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить доступ к конфиденциальной информации |
| BDU:2023-09067 | Уязвимость веб-сервера микропрограммного обеспечения универсального контроллера ввода-вывода ioLogik, позволяющая нарушителю выполнить запрос от имени легитимного пользователя |
| BDU:2024-00001 | Уязвимость интерфейса командной строки системы защиты электронной почты FortiMail, веб-приложений FortiWeb, программно-аппаратного средства защиты информации на базе технологий ИИ и глубинных нейросетей (DNN) Fortinet FortiNDR (Network Detection and... |
| BDU:2024-00227 | Уязвимость компонента /plugins/playbooks/api/v0/telemetry/run/ приложения для обмена мгновенными сообщениями Mattermost, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-00230 | Уязвимость настраиваемых разделов администрирования платформы создания совместных веб-приложений XWiki Platform XWiki, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-00508 | Уязвимость операционной системы NEXO-OS инструментов для монтажных работ на производственных линиях Bosch Nexo cordless nutrunner и Bosch Nexo special cordless nutrunner, позволяющая нарушителю удалять произвольные файлы в файловой системе |
| BDU:2024-00577 | Уязвимость программного обеспечения создания, мониторинга и оркестрации сценариев обработки данных Airflow , связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-00648 | Уязвимость плагина PostRatings системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-00734 | Уязвимость интерфейса декларативного инструмента непрерывной доставки GitOps для Kubernetes Argo CD, позволяющая нарушителю обойти ограничения безопасности и осуществить CSRF-атаку |
| BDU:2024-00894 | Уязвимость плагина Jenkins GitLab Branch Source Plugin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-00972 | Уязвимость платформы создания совместных веб-приложений XWiki Platform XWiki, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю подменить отображаемый URL |
| BDU:2024-01075 | Уязвимость программного обеспечения для загрузки файлов pyload, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-01084 | Уязвимость прикладного программного интерфейса устройств управления конференц-связью Cisco Expressway Series и Cisco Telepresence VCS, позволяющая нарушителю выполнять произвольные команды |
| BDU:2024-01271 | Уязвимость инструмента администрирования XWiki Admin Tools платформы создания совместных веб-приложений XWiki Platform XWiki, позволяющая нарушителю выполнить произвольные команды |
| BDU:2024-01272 | Уязвимость приложения XWiki Admin Tools платформы создания совместных веб-приложений XWiki Platform XWiki, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2024-01273 | Уязвимость платформы создания совместных веб-приложений XWiki Platform XWiki, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю получить права текущего пользователя |
| BDU:2024-01333 | Уязвимость программного обеспечения шифрования электронной почты для Jira S/Notify, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-01336 | Уязвимость прикладного программного интерфейса устройств управления конференц-связью Cisco Expressway Series и Cisco Telepresence VCS, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-01373 | Уязвимость реализации прикладного программного интерфейса микропрограммного обеспечения шлюзов Cisco Expressway и микропрограммного обеспечения устройств управления вызовами Cisco TelePresence Video Communication Server, позволяющая нарушителю осущес... |
| BDU:2024-01487 | Уязвимость микропрограммного обеспечения контроллеров для управления насосными станциями Osprey Pump Controller, позволяющая нарушителю выполнять произвольные команды |
| BDU:2024-01529 | Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source и Adobe Commerce, связанная с подделкой межсайтовых запросов, позволяющая нарушителю обойти существующие ограничения безопасности |
| BDU:2024-01566 | Уязвимость плагина Simple Mobile URL Redirect Plugin системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-01944 | Уязвимость программного средства разработки приложений IBM Engineering Requirements Management DOORS, связанная с подделкой межсайтовых запросов, позволяющая нарушителю выполнить произвольные команды |
| BDU:2024-01965 | Уязвимость функции process_delete компонента class-DNSMPD.php плагина GDPR/CCPA Cookie Consent системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-02118 | Уязвимость библиотеки axios, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить несанкционированный доступ к токену XSRF-TOKEN |
| BDU:2024-02144 | Уязвимость функции fromSysToolRestoreSet() (/goform/SysToolRestoreSet) микропрограммного обеспечения маршрутизаторов Tenda AC18, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-02145 | Уязвимость функции fromSysToolReboot() (/goform/SysToolReboot) микропрограммного обеспечения маршрутизаторов Tenda AC18, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-02312 | Уязвимость компонента /core/tools/add_translation.php системы управления содержимым CMS flusity, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-02331 | Уязвимость функции fromSysToolReboot() (/goform/SysToolReboot) микропрограммного обеспечения маршрутизаторов Tenda AC15, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2024-02332 | Уязвимость функции fromSysToolRestoreSet() (/goform/SysToolRestoreSet) микропрограммного обеспечения маршрутизаторов Tenda AC15, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2024-02450 | Уязвимость фреймворка для создания веб-приложений на языке Java Apache Wicket, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-02540 | Уязвимость компонента login_password сервера FreeIpa, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-02564 | Уязвимость системы управления сайтам Netcat Extra связанная с подделкой межсайтовых запросов, позволяющая нарушителю обойти существующие ограничения безопасности и повысить свои привилегии в системе |
| BDU:2024-02597 | Уязвимость платформы для мониторинга и наблюдения Grafana, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегий |
| BDU:2024-02747 | Уязвимость расширения SportsTeams программного средства для реализации гипертекстовой среды MediaWiki, позволяющая нарушителю воздействовать на целостность защищаемой информации |
| BDU:2024-02882 | Уязвимость функции admin_notice() плагина ProfilePress системы управления содержимым сайта WordPress, позволяющая нарушителю реализовать CSRF-атаку |
| BDU:2024-02956 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю внедрить произвольный javascript-код |
| BDU:2024-02957 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю изменить политику безопасности веб-приложения |
| BDU:2024-02958 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю провести инъекцию PHP-кода |
| BDU:2024-02959 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код |
| BDU:2024-02960 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код |
| BDU:2024-02962 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю создать нового пользователя с правами администратора |
| BDU:2024-02963 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код |
| BDU:2024-02964 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код |
| BDU:2024-02966 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к веб-приложению |
| BDU:2024-02967 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю изменять права доступа в файловом менеджере |
| BDU:2024-03355 | Уязвимость функции erase_tutor_data() плагина Tutor LMS системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-03369 | Уязвимость плагина WordPress Automatic Plugin системы управления содержимым сайта WordPress, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-03371 | Уязвимость плагина WordPress Automatic Plugin системы управления содержимым сайта WordPress, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-03400 | Уязвимость плагина Jenkins SAML Single Sign On(SSO), связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-03522 | Уязвимость плагина Herd Effects системы управления содержимым сайта WordPress, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-03540 | Уязвимость платформы для развертывания и управления приложениями LoadMaster, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-03568 | Уязвимость системы управления контентом CMS Zaptrade, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить межсайтовые сценарии атаки |
| BDU:2024-03629 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить доступ к импорту данных или выполнить произвольный код |
| BDU:2024-03952 | Уязвимость микропрограммного обеспечения маршрутизатора D-Link DIR-600, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-04174 | Уязвимость веб-интерфейса сервера управления и мониторинга экстренных вызовов Cisco Emergency Responder, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-04255 | Уязвимость веб-интерфейса управления платформы управления политиками соединений Cisco Identity Services Engine (ISE), позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-04256 | Уязвимость веб-интерфейса управления платформы аналитики и автоматизации работы с многооблачными сетями дата-центров Cisco Nexus Dashboard, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-04321 | Уязвимость CMS-системы Netcat, связанная с подделкой межсайтовых запросов, позволяющая нарушителю установить произвольные значение данных аутентификации и выполнить произвольный код |
| BDU:2024-04669 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-04968 | Уязвимость средства разработки на базе искусственного интеллекта Devika, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-05084 | Уязвимость веб-интерфейса программного средства мониторинга и анализа сетевого трафика в промышленных сетях SINEC Traffic Analyzer, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-05347 | Уязвимость программной платформы интеграции данных IBM InfoSphere Information Server, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-05596 | Уязвимость функции wptodo_addcomment плагина WordPress To Do plugin системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-05675 | Уязвимость системы управления контентом Арфа-CMS, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-06168 | Уязвимость веб-интерфейса exacqVision Web Service системы видеонаблюдения exacqVision, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-06237 | Уязвимость графического пользовательского интерфейса программного средства выявления угроз безопасности на основе искусственного интеллекта FortiAIOps, осуществить CSRF-атаку |
| BDU:2024-06383 | Уязвимость модуля netshop CMS-системы Netcat, позволяющая нарушителю выполнить произвольный JavaScript-код |
| BDU:2024-06384 | Уязвимость параметра pricerule модуля netshop CMS-системы Netcat, позволяющая нарушителю выполнить произвольный JavaScript-код |
| BDU:2024-06387 | Уязвимость функции alter_form.php CMS-системы Netcat, позволяющая нарушителю выполнить произвольный JavaScript-код |
| BDU:2024-06389 | Уязвимость модуля filemanager CMS-системы Netcat, позволяющая нарушителю выполнить произвольный JavaScript-код |
| BDU:2024-06390 | Уязвимость параметра market модуля netshop CMS-системы Netcat, позволяющая нарушителю выполнить произвольный JavaScript-код |
| BDU:2024-06396 | Уязвимость модуля calendar CMS-системы Netcat, позволяющая нарушителю выполнить произвольный JavaScript-код |
| BDU:2024-06399 | Уязвимость параметра promotion_discount модуля netshop CMS-системы Netcat, позволяющая нарушителю выполнить произвольный JavaScript-код |
| BDU:2024-06448 | Уязвимость модуля ajaxterm панели управления хостингом Webmin, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-06591 | Уязвимость веб-интерфейса администрирования платформы управления политиками соединений Cisco Identity Services Engine, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-06712 | Уязвимость платформы обмена сообщениями Tinode Chat, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-06803 | Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source и Adobe Commerce, связанная с подделкой межсайтовых запросов, позволяющая нарушителю обойти ограничения безопасности и осуществить CSRF-атаку |
| BDU:2024-06821 | Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source и Adobe Commerce, связанная с подделкой межсайтовых запросов, позволяющая нарушителю обойти ограничения безопасности и осуществить CSRF-атаку |
| BDU:2024-06822 | Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source и Adobe Commerce, связанная с подделкой межсайтовых запросов, позволяющая нарушителю обойти ограничения безопасности и осуществить CSRF-атаку |
| BDU:2024-07583 | Уязвимость микропрограммного обеспечения программируемого логического контроллера (ПЛК) Advantech ADAM-5630, связанная с подделкой межсайтовых запросов, позволяющая нарушителю перехватить пользовательский сеанс |
| BDU:2024-07914 | Уязвимость веб-интерфейса управления операционных систем Cisco IOS XE, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-08494 | Уязвимость компонента Splunk Web платформы для операционного анализа Splunk Enterprise, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-08609 | Уязвимость встроенного веб-клиента GraphQL корпоративной системы управления электронной почтой Zimbra Collaboration Suite (ZCS), позволяющая нарушителю осуществить CSRF-атаку и раскрыть защищаемую информацию |
| BDU:2024-08663 | Уязвимость системы управления контентом (CMS) iCMS, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-08700 | Уязвимость веб-интерфейса управления микропрограммного обеспечения устройств IP-телефонии Cisco Analog Telephone Adapter (ATA) серии 190, позволяющая нарушителю осуществить CSRF-атаку и выполнить произвольные действия |
| BDU:2024-09161 | Уязвимость веб-интерфейса операционных систем Cisco IOS и IOS XE, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-09315 | Уязвимость системы управления контентом Amiro.CMS, связанная с подделкой межсайтовых запросов, позволяющая нарушителю создать учетную запись администратора |
| BDU:2024-10171 | Уязвимость программного обеспечения планирования ресурсов предприятия Apache OFBiz, связанная с неверным управлением генерацией кода, позволяющая нарушителю осуществить SSRF-атаку |
| BDU:2024-10186 | Уязвимость виртуальной обучающей среды Moodle, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-10888 | Уязвимость микропрограммного обеспечения встраиваемых сетевых контроллеров управления зданиями ASPECT Enterprise, NEXUS Series, MATRIX Series, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2024-11414 | Уязвимость веб-интерфейса микропрограммного обеспечения маршрутизаторов DrayTek Vigor, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-00234 | Уязвимость модуля Symfony Mailer Lite CMS-системы Drupal, связанная с подделкой межсайтовых запросов. позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-00258 | Уязвимость модуля Minify JS CMS-системы Drupal, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-00478 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-00590 | Уязвимость компонента Active Directory Federation Server операционной системы Windows, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-00662 | Уязвимость компонента Web Runtime SEC системы управления ресурсами предприятия JD Edwards EnterpriseOne Tools, позволяющая нарушителю получить доступ на чтение, изменение и удаление файлов |
| BDU:2025-00765 | Уязвимость модуля UI сервиса для управления бизнесом Битрикс24 и системы управления содержимым сайтов (CMS) 1С-Битрикс: Управление сайтом, позволяющая нарушителю выполнить произвольный код |
| BDU:2025-00860 | Уязвимость модуля Migrate queue importer CMS-системы Drupal, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-00862 | Уязвимость модуля Migrate Tools CMS-системы Drupal, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-00867 | Уязвимость модуля Acquia DAM CMS-системы Drupal, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку или вызвать отказ в обслуживании |
| BDU:2025-00901 | Уязвимость веб-интерфейса микропрограммного обеспечения маршрутизаторов EDIMAX BR-6476AC, позволяющая нарушителю повысить свои привилегии и выполнить произвольные команды |
| BDU:2025-00929 | Уязвимость инструмента распределенного выполнения тестов Selenium Server (Grid), связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-01028 | Уязвимость модуля POST File CMS-системы Drupal, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-01101 | Уязвимость файла /admin/tag/save системы управления контентом Jfinal CMS, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-01161 | Уязвимость веб-интерфейса микропрограммного обеспечения платформ маршрутизации и коммутации RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE и RUGGEDCOM ROX RX1400, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-01164 | Уязвимость модуля Gutenberg CMS-системы Drupal, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-01223 | Уязвимость компонента Web Runtime SEC системы управления ресурсами предприятия JD Edwards EnterpriseOne Tools, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-01233 | Уязвимость средства управления доступом Symantec Privileged Access Management, связанная с подделкой межсайтовых запросов, позволяющая нарушителю выполнить перехват сеанса пользователя |
| BDU:2025-01562 | Уязвимость веб-интерфейса микропрограммного обеспечения программируемых логических контроллеров SIMATIC S7-1200, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-01577 | Уязвимость конфигурации JWT OmniAuth provider программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS) |
| BDU:2025-01755 | Уязвимость платформы управления mySCADA myPRO Manager, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-02399 | Уязвимость плагина интеграции Jenkins Bitbucket Server Integration Plugin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-02545 | Уязвимость платформы защищённого обмена данными MFlash, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-03526 | Уязвимость веб-интерфейса Splunk Web платформы для операционного анализа Splunk Enterprise, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-03588 | Уязвимость протокола 3DSecure (3DS2), связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-03794 | Уязвимость программно-аппаратного средства защиты информации на базе технологий ИИ и глубинных нейросетей (DNN) Fortinet FortiNDR (Network Detection and Response), связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-ат... |
| BDU:2025-03852 | Уязвимость компонента Sherpa Orchestrator платформы для автоматизации процессов Sherpa RPA, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-03918 | Уязвимость библиотеки для разработки веб-приложений Werkzeug, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании |
| BDU:2025-04026 | Уязвимость программного интерфейса платформы создания совместных веб-приложений XWiki Platform XWiki, связанная с непринятием мер по нейтрализации инструкций в динамически исполняемом коде, позволяющая нарушителю выполнить произвольный код |
| BDU:2025-04274 | Уязвимость компонента Data Manager микропрограммного обеспечения многофункциональных приборов измерения параметров электрических сетей Siemens SENTRON 7KT PAC1260, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-04743 | Уязвимость виртуальной обучающей среды Moodle, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-04783 | Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source, Adobe Commerce и Adobe Commerce B2B, связанная с подделкой межсайтовых запросов, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2025-04960 | Уязвимость сервера автоматизации Jenkins, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-05104 | Уязвимость компонента Brickfield виртуальной обучающей среды Moodle, позволяющая нарушителю оказать влияние на целостность защищаемой информации |
| BDU:2025-05107 | Уязвимость виртуальной обучающей среды Moodle, связанная с подделкой межсайтовых запросов, позволяющая нарушителю оказать влияние на целостность защищаемой информации |
| BDU:2025-05286 | Уязвимость системы управления содержимым сайта PARTS SOFT СMS, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-05382 | Уязвимость интерфейса Storage Access API браузера Mozilla Firefox и почтового клиента Thunderbird, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-06131 | Уязвимость программного обеспечения видеоконференцсвязи VideoGrace, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-06205 | Уязвимость конфигуратора системных настроек Segnetics SMConfig, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-06352 | Уязвимость программных продуктов для проведения видеоконференций Zoom Workplace, связанная с подделкой межсайтовых запросов, позволяющая нарушителю оказать влияние на целостность защищаемой информации |
| BDU:2025-06354 | Уязвимость программных продуктов для проведения видеоконференций Zoom Workplace, связанная с подделкой межсайтовых запросов, позволяющая нарушителю оказать влияние на целостность защищаемой информации |
| BDU:2025-06664 | Уязвимость компонента Web Access приложения для управления проектами Oracle Primavera P6 Enterprise Project Portfolio Management, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2025-06717 | Уязвимость функции fromSysToolRestoreSet() микропрограммного обеспечения маршрутизаторов Tenda AC9, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-06812 | Уязвимость веб-интерфейса платформ управления рисками на предприятии IBM OpenPages и IBM OpenPages with Watson, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-07201 | Уязвимость функции OData программной платформы SAP S/4HANA, позволяющая нарушителю оказывать влияние на целостность и конфиденциальность защищаемой информации |
| BDU:2025-07596 | Уязвимость интерфейса GraphQL API программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-07630 | Уязвимость гибридного облачного решения для управления тонкими клиентами Dell Wyse Management Suite, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-08206 | Уязвимость программных продуктов обработки данных Atlassian Jira, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-08211 | Уязвимость веб-интерфейса микропрограммного обеспечения IP-камер, цифровых и сетевых видеорегистраторов Avtech, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-08593 | Уязвимость программной платформы Ruby on Rails, связанная с подделкой межсайтовых запросов, позволяющая нарушителю отправлять токены CSRF на неправильные домены |
| BDU:2025-08595 | Уязвимость программной платформы Ruby on Rails, связанная с подделкой межсайтовых запросов, позволяющая нарушителю подделать действующий токен CSRF |
| BDU:2025-08638 | Уязвимость компонента General сервиса данных Oracle REST Data Services, позволяющая нарушителю получить доступ на чтение, изменение и удаление информации |
| BDU:2025-08719 | Уязвимость компонента Device Integration программного средства управления производственными процессами Oracle MES for Process Manufacturing системы автоматизации деятельности предприятия Oracle E-Business Suite, позволяющая нарушителю получить доступ... |
| BDU:2025-08778 | Уязвимость программного обеспечения для организации и управления базами знаний и документацией KBPublisher, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-08889 | Уязвимость программного обеспечения для проведения видеоконференций Zoom, связанная с подделкой межсайтовых запросов, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-09153 | Уязвимость интерфейса GraphQL системы непрерывной интеграции и доставки приложений (CI/CD) JetBrains TeamCity, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-09158 | Уязвимость системы непрерывной интеграции и доставки приложений (CI/CD) JetBrains TeamCity, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-09169 | Уязвимость системы непрерывной интеграции и доставки приложений (CI/CD) JetBrains TeamCity, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-09727 | Уязвимость компонента Personalization программной платформы Oracle Applications Framework, позволяющая нарушителю получить несанкционированный доступ на изменение, чтение и удаление защищаемой информации |
| BDU:2025-10324 | Уязвимость веб-интерфейса управления операционных систем Cisco IOS XE, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-10631 | Уязвимость компонента Splunk Web платформы для операционного анализа Splunk Enterprise, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2025-10632 | Уязвимость компонента Splunk Web платформы для операционного анализа Splunk Enterprise, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-10818 | Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source, Adobe Commerce и Adobe Commerce B2B, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить несанкционированный доступ к защищаемо... |
| BDU:2025-11550 | Уязвимость модуля Incubator PHP фреймворка Icinga Web 2, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-11692 | Уязвимость HTML-редактора Adobe Dreamweaver, связанная с подделкой межсайтовых запросов, позволяющая нарушителю выполнить произвольный код |
| BDU:2025-11705 | Уязвимость микропрограммного обеспечения промышленного цифрового газоанализатора MEAC300-FNADE4, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-11753 | Уязвимость HTTP-библиотеки защиты от подделки межсайтовых запросов gorilla/csrf, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-11986 | Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить доступ к конфиденциальным данным |
| BDU:2025-11987 | Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании |
| BDU:2025-12712 | Уязвимость веб-интерфейса управления систем обработки вызовов Cisco Unified Communications Manager (CM) и Cisco Unified Communications Manager Session Management Edition (SME), позволяющая нарушителю выполнить произвольный код |
| BDU:2025-12727 | Уязвимость встроенного веб-клиента GraphQL корпоративной системы управления электронной почтой Zimbra Collaboration Suite (ZCS), позволяющая нарушителю осуществить CSRF-атаку и раскрыть защищаемую информацию |
| BDU:2025-12756 | Уязвимость программного обеспечения автоматизации HR-процессов Websoft HCM, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-12950 | Уязвимость программного интерфейса платформы создания совместных веб-приложений XWiki Platform XWiki, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-13414 | Уязвимость пакета интеграции devtools-integration платформы Nest для создания масштабируемых серверных приложений Node.js, позволяющая нарушителю выполнить произвольный код |
| BDU:2025-13518 | Уязвимость механизма обработки доменных имен idna метода преобразования символов Punycode, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-14514 | Уязвимость операционной системы KeeneticOS, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-14533 | Уязвимость функции Replay инструмента визуализации данных Hypermap инструмента для мониторинга ИТ-инфраструктуры Nagios XI, позволяющая нарушителю проводить межсайтовые сценарные (XSS) |
| BDU:2025-14626 | Уязвимость ядра Arduino программного обеспечения микроконтроллеров arduino-esp32, связанная с подделкой межсайтовых запросов, позволяющая нарушителю выполнить произвольный код |
| BDU:2025-14761 | Уязвимость FTP-сервера для управления файлами Rumpus, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-14769 | Уязвимость фреймворка для масштабирования приложений AI и Python Ray, связанная с подделкой межсайтовых запросов, позволяющая нарушителю выполнить произвольный код |
| BDU:2025-16000 | Уязвимость микропрограммного обеспечения ленточного накопителя IBM Storage TS4500, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-16011 | Уязвимость мобильного приложения для обмена мгновенными сообщениями Mattermost Mobile Apps, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-16038 | Уязвимость промышленной сетевой точки доступа Wi-Fi Rockwell Automation 1783-NATR, связанная с подделкой межсайтовых запросов, позволяющая нарушителю изменить конфигурацию устройства |
| BDU:2025-16337 | Уязвимость функции handleServeStandalone() плагина Mattermost Calls приложения для обмена мгновенными сообщениями Mattermost, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2026-00210 | Уязвимость хостинга для игровых стримов Sunshine, связанная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку с помощью специально созданной веб-страницы |
| BDU:2026-00279 | Уязвимость системы управления контентом на основе технологии Java OFCMS, связаная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2026-00314 | Уязвимость сервера автоматизации Jenkins, позволяющая нарушителю осуществить CSRF-атаку |
Идентификаторы CVE уязвимостей
Идентификатор, базы данных общеизвестных уязвимостей информационной безопасности
| Идентификатор | Описание |
|---|---|
| CVE-2012-10010 | BestWebSoft Contact Form contact_form.php cntctfrm_settings_page cross-site request forgery |
| CVE-2012-10012 | BestWebSoft Facebook Like Button facebook-button-plugin.php fcbk_bttn_plgn_settings_page cross-site request forgery |
| CVE-2012-10015 | BestWebSoft Twitter Plugin Settings Page twitter.php twttr_settings_page cross-site request forgery |
| CVE-2012-10017 | BestWebSoft Portfolio Plugin cross-site request forgery |
| CVE-2013-10025 | Exit Strategy Plugin exitpage.php exitpageadmin cross-site request forgery |
| CVE-2013-10027 | Blogger Importer Plugin blogger-importer.php restart cross-site request forgery |
| CVE-2013-10029 | Exit Box Lite Plugin wordpress-exit-box-lite.php exitboxadmin cross-site request forgery |
| CVE-2014-0594 | CSRF protection incorrectly disabled |
| CVE-2014-125028 | valtech IDP Test Client main.py cross-site request forgery |
| CVE-2014-2358 | Fox-IT DataDiode Appliance CSRF |
| CVE-2014-2369 | Omron NS Series HMI Cross-Site Request Forgery |
| CVE-2015-10001 | WP-Stats < 2.5.2 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2015-10081 | arnoldle submitByMailPlugin edit_list.php cross-site request forgery |
| CVE-2015-10108 | meitar Inline Google Spreadsheet Viewer Plugin inline-gdocs-viewer.php displayShortcode cross-site request forgery |
| CVE-2015-10109 | Video Playlist and Gallery Plugin wp-media-cincopa.php cross-site request forgery |
| CVE-2015-10116 | RealFaviconGenerator Favicon Plugin class-favicon-by-realfavicongenerator-admin.php install_new_favicon cross-site request fo... |
| CVE-2015-10125 | WP Ultimate CSV Importer Plugin cross-site request forgery |
| CVE-2015-20105 | ClickBank Affiliate Ads <= 1.20 - CSRF to Stored Cross-Site Scripting |
| CVE-2015-9284 | The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part... |
| CVE-2016-10522 | rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating... |
| CVE-2016-10529 | Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a s... |
| CVE-2016-15009 | OpenACS bug-tracker Search nav-bar.adp cross-site request forgery |
| CVE-2016-3098 | Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user'... |
| CVE-2016-6557 | The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgery |
| CVE-2016-6578 | CodeLathe FileCloud, version 13.0.0.32841 and earlier, is vulnerable to cross-site request forgery (CSRF) |
| CVE-2016-7067 | Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an atta... |
| CVE-2016-9127 | Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is... |
| CVE-2016-9455 | Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user in... |
| CVE-2016-9456 | Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security au... |
| CVE-2017-0933 | Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker w... |
| CVE-2017-12253 | A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted... |
| CVE-2017-12271 | A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwant... |
| CVE-2017-14011 | A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does... |
| CVE-2017-20020 | Solare Solar-Log cross-site request forgery |
| CVE-2017-20045 | Navetti PricePoint cross-site request forgery |
| CVE-2017-20053 | XYZScripts Contact Form Manager Plugin cross-site request forgery |
| CVE-2017-20062 | Elefant CMS cross-site request forgery |
| CVE-2017-20065 | Supsystic Popup Plugin cross-site request forgery |
| CVE-2017-20088 | Atahualpa Theme cross-site request forgery |
| CVE-2017-20090 | Global Content Blocks Plugin cross-site request forgery |
| CVE-2017-20091 | File Manager Plugin cross-site request forgery |
| CVE-2017-20093 | Download Manager Plugin cross-site request forgery |
| CVE-2017-20120 | TrueConf Server cross-site request forgery |
| CVE-2017-2682 | The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cro... |
| CVE-2017-2688 | The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform... |
| CVE-2017-3187 | The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery |
| CVE-2017-5187 | A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Mic... |
| CVE-2017-5244 | Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests s... |
| CVE-2017-5263 | Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF att... |
| CVE-2017-5264 | Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Action... |
| CVE-2017-6038 | A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior ve... |
| CVE-2017-6042 | A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirL... |
| CVE-2017-6634 | A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches 1.3 could allow an unau... |
| CVE-2017-6756 | A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unau... |
| CVE-2017-7423 | A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server... |
| CVE-2017-7556 | Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to... |
| CVE-2017-7906 | In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticat... |
| CVE-2017-7917 | A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions,... |
| CVE-2017-7926 | A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability all... |
| CVE-2017-9641 | PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft reco... |
| CVE-2018-0107 | A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execut... |
| CVE-2018-0146 | A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to c... |
| CVE-2018-0148 | A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controll... |
| CVE-2018-0210 | A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, re... |
| CVE-2018-0215 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated,... |
| CVE-2018-0216 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated,... |
| CVE-2018-0255 | A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, rem... |
| CVE-2018-0259 | A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker... |
| CVE-2018-0270 | A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenti... |
| CVE-2018-0363 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly... |
| CVE-2018-0364 | A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthent... |
| CVE-2018-0365 | A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, re... |
| CVE-2018-0413 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated,... |
| CVE-2018-0439 | Cisco Meeting Server Cross-Site Request Forgery Vulnerability |
| CVE-2018-0444 | Cisco Packaged Contact Center Enterprise Cross-Site Scripting Vulnerability |
| CVE-2018-0445 | Cisco Packaged Contact Center Enterprise Cross-Site Request Forgery Vulnerability |
| CVE-2018-0446 | Cisco Industrial Network Director Cross-Site Request Forgery Vulnerability |
| CVE-2018-0451 | Cisco Tetration Analytics Cross-Site Request Forgery Vulnerability |
| CVE-2018-10884 | Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py... |
| CVE-2018-10895 | qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*'... |
| CVE-2018-1098 | A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a... |
| CVE-2018-11448 | A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored C... |
| CVE-2018-1230 | Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated us... |
| CVE-2018-12540 | In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSR... |
| CVE-2018-13800 | A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could... |
| CVE-2018-14783 | NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery c... |
| CVE-2018-15401 | Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability |
| CVE-2018-15402 | Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability |
| CVE-2018-15438 | Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability |
| CVE-2018-15445 | Cisco Energy Management Suite Cross-Site Request Forgery Vulnerability |
| CVE-2018-15612 | Orchestration Designer Runtime Config CSRF |
| CVE-2018-16854 | A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is no... |
| CVE-2018-19948 | The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (C... |
| CVE-2018-25096 | MdAlAmin-aol Own Health Record logout.php cross-site request forgery |
| CVE-2018-4066 | An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES4... |
| CVE-2018-7524 | A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopF... |
| CVE-2018-8844 | Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently veri... |
| CVE-2019-10176 | A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster conso... |
| CVE-2019-10186 | A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML load... |
| CVE-2019-10199 | It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attack... |
| CVE-2019-12624 | Cisco IOS XE NGWC Legacy Wireless Device Manager GUI Cross-Site Request Forgery Vulnerability |
| CVE-2019-12636 | Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability |
| CVE-2019-13529 | An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions wit... |
| CVE-2019-13920 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web applicat... |
| CVE-2019-13930 | A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow a Cross-Site Request Forg... |
| CVE-2019-16002 | Cisco SD-WAN Solution vManage Cross-Site Request Forgery Vulnerability |
| CVE-2019-16009 | Cisco IOS and Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability |
| CVE-2019-1632 | Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability |
| CVE-2019-1658 | Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability |
| CVE-2019-1713 | Cisco Adaptive Security Appliance Software Cross-Site Request Forgery Vulnerability |
| CVE-2019-1722 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability |
| CVE-2019-17633 | For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigge... |
| CVE-2019-1764 | Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability |
| CVE-2019-1797 | Cisco Wireless LAN Controller Software Cross-Site Request Forgery Vulnerability |
| CVE-2019-18271 | OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to a cross-site request forger... |
| CVE-2019-1857 | Cisco HyperFlex HX-Series Web-Based Management Interface Cross-Site Request Forgery Vulnerability |
| CVE-2019-1874 | Cisco Prime Service Catalog Cross-Site Request Forgery Vulnerability |
| CVE-2019-1881 | Cisco Industrial Network Director Cross-Site Request Forgery Vulnerability |
| CVE-2019-1904 | Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability |
| CVE-2019-1915 | Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability |
| CVE-2019-19289 | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow a Cross-Site Request Forgery (... |
| CVE-2019-1958 | Cisco HyperFlex Software Cross-Site Request Forgery Vulnerability |
| CVE-2019-25064 | CoreHR Core Portal cross-site request forgery |
| CVE-2019-3809 | A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed sett... |
| CVE-2019-3864 | A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a sp... |
| CVE-2019-3876 | A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI... |
| CVE-2019-5430 | In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on t... |
| CVE-2019-5431 | This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable... |
| CVE-2019-6561 | Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions... |
| CVE-2019-9882 | Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources... |
| CVE-2019-9883 | Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specif... |
| CVE-2020-10734 | A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shippe... |
| CVE-2020-10771 | A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using... |
| CVE-2020-10890 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947... |
| CVE-2020-10892 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947... |
| CVE-2020-11003 | CSRF and DNS Rebinding in Oasis |
| CVE-2020-11069 | Cross-Site Request Forgery in TYPO3 CMS |
| CVE-2020-12502 | Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products |
| CVE-2020-12511 | Pepper+Fuchs Comtrol IO-Link Master Cross-Site Request Forgery |
| CVE-2020-12781 | Combodo iTop - CSRF |
| CVE-2020-13186 | An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form,... |
| CVE-2020-13527 | An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9,... |
| CVE-2020-13569 | A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (c... |
| CVE-2020-13673 | The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter... |
| CVE-2020-13674 | The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some cir... |
| CVE-2020-14368 | A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies a... |
| CVE-2020-14369 | This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execu... |
| CVE-2020-14506 | Philips Clinical Collaboration Platform Cross-site Request Forgery |
| CVE-2020-15135 | CSRF vulnerability in save-server |
| CVE-2020-15156 | XSS due to lack of CSRF validation for replying/publishing |
| CVE-2020-15182 | Cross-site Request Forgery leading to RCE in SOY CMS |
| CVE-2020-15259 | CSRF in Auth0 ad-ldap-connector |
| CVE-2020-15789 | A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Si... |
| CVE-2020-16208 | The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurati... |
| CVE-2020-1692 | Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course. |
| CVE-2020-1977 | Expedition Migration Tool: Insufficient Cross Site Request Forgery protection. |
| CVE-2020-28398 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions <... |
| CVE-2020-29030 | Insufficient CSRF guards |
| CVE-2020-3114 | Cisco Data Center Network Manager Cross-Site Request Forgery Vulnerability |
| CVE-2020-3124 | Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability |
| CVE-2020-3135 | Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability |
| CVE-2020-3148 | Cisco Prime Network Registrar Cross-Site Request Forgery Vulnerability |
| CVE-2020-3261 | Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability |
| CVE-2020-3456 | Cisco FXOS Software Firepower Chassis Manager Cross-Site Request Forgery Vulnerability |
| CVE-2020-36504 | WP-Pro-Quiz <= 0.37 - Arbitrary Quiz Deletion via CSRF |
| CVE-2020-36505 | Delete All Comments Easily <= 1.3 - All Comments Deletion via CSRF |
| CVE-2020-36534 | easyii CMS out cross-site request forgery |
| CVE-2020-36633 | moodle-block_sitenews block_sitenews.php get_content cross-site request forgery |
| CVE-2020-36836 | WP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2020-36839 | WP Lead Plus X <= 0.99 - Cross-Site Request Forgery |
| CVE-2020-4040 | CSRF issue on preview pages in Bolt CMS |
| CVE-2020-5335 | RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated... |
| CVE-2020-5397 | CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux |
| CVE-2020-5402 | UAA fails to check the state parameter when authenticating with external IDPs |
| CVE-2020-6776 | CSRF in Bosch PRAESIDEO and Bosch PRAESENSA Management Interface |
| CVE-2020-7005 | In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which... |
| CVE-2020-7029 | Avaya Product System Management Interface Cross-Site Request Forgery Vulnerability |
| CVE-2020-7304 | DLP ePO extension - Cross-site request forgery |
| CVE-2020-7332 | Cross-Site Request Forgery (CSRF) in firewall ePO extension of McAfee Endpoint Security (ENS) |
| CVE-2020-7336 | Network Security Management (NSM) - Cross Site Request Forgery vulnerability |
| CVE-2020-7503 | A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which co... |
| CVE-2020-7534 | A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitiv... |
| CVE-2020-8166 | A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global... |
| CVE-2020-8167 | A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domain... |
| CVE-2020-8168 | We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities fou... |
| CVE-2020-8282 | A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attack... |
| CVE-2020-8976 | ZGR TPS200 Cross-Site Request Forgery (CSRF) |
| CVE-2021-1227 | Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability |
| CVE-2021-1257 | Cisco DNA Center Cross-Site Request Forgery Vulnerability |
| CVE-2021-21027 | Magento Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Data Modification |
| CVE-2021-21241 | CSRF can expose users authentication token in Flask-Security-Too |
| CVE-2021-21275 | CSRF in MediaWiki Report extension |
| CVE-2021-21395 | Magneto-lts vulnerable to Cross-Site Request Forgery |
| CVE-2021-21407 | Portal : the CSRF token isn't validated |
| CVE-2021-21549 | Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attac... |
| CVE-2021-22512 | Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vuln... |
| CVE-2021-22701 | A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, I... |
| CVE-2021-22949 | A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and... |
| CVE-2021-22950 | Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be delet... |
| CVE-2021-22953 | A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exh... |
| CVE-2021-22954 | A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf... |
| CVE-2021-23026 | BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions... |
| CVE-2021-23050 | On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all ve... |
| CVE-2021-23163 | JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpo... |
| CVE-2021-23227 | WordPress PHP Everywhere Plugin <= 2.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2021-23849 | Cross Site Request Forgery (CSRF) vulnerability in web based management interface |
| CVE-2021-24133 | ActiveCampaign < 8.0.2 - Cross-Site Request Forgery in Settings |
| CVE-2021-24159 | Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-24161 | Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload |
| CVE-2021-24162 | Responsive Menu < 4.0.4 - CSRF to Settings Update |
| CVE-2021-24166 | Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection |
| CVE-2021-24172 | VM Backups <= 1.0 - CSRF to Database Backup Download |
| CVE-2021-24173 | VM Backups <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24174 | Database Backups <= 1.2.2.6 - CSRF to Backup Download |
| CVE-2021-24178 | Business Directory Plugin < 5.11.1 - Arbitrary Add/Edit/Delete Form Field to Stored XSS |
| CVE-2021-24179 | Business Directory Plugin < 5.11 - Arbitrary File Upload to RCE |
| CVE-2021-24218 | Facebook for WordPress 3.0.0-3.0.3 - CSRF to Stored XSS and Settings Deletion |
| CVE-2021-24230 | Patreon WordPress < 1.7.0 - CSRF to Overwrite/Create User Meta |
| CVE-2021-24231 | Patreon WordPress < 1.7.0 - CSRF to Disconnect Sites From Patreon |
| CVE-2021-24249 | Business Directory Plugin < 5.11.2 - Arbitrary Listing Export |
| CVE-2021-24251 | Business Directory Plugin < 5.11.2 - Arbitrary Payment History Update |
| CVE-2021-24272 | Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS) |
| CVE-2021-24324 | 404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24328 | WP Login Security and History <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24333 | Content Copy Protection & Prevent Image Save <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24349 | Gallery From Files <= 1.6.0 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24380 | Shantz WordPress QOTD <= 1.2.2 - Arbitrary Setting Update via CSRF |
| CVE-2021-24388 | Vik Rent Car < 1.1.7 - CSRF to Stored XSS |
| CVE-2021-24410 | Telugu Bible Verse Daily <= 1.0 - CSRF to Stored XSS |
| CVE-2021-24411 | Social Tape <= 1.0 - CSRF to Stored XSS |
| CVE-2021-24431 | Language Bar Flags <= 1.0.8 - CSRF to Stored XSS |
| CVE-2021-24434 | Glass <= 1.3.2 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24446 | Remove Footer Credit < 1.0.6 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24466 | Verse-O-Matic <= 4.1.1 - CSRF to Stored XSS |
| CVE-2021-24467 | Leaflet Map < 3.0.0 - Arbitrary Settings Update via CSRF Leading to Stored XSS |
| CVE-2021-24477 | Migrate Users <= 1.0.1 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24487 | St Daily Tip <= 4.7 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24490 | Email Artillery <= 4.1 - Arbitrary File Upload |
| CVE-2021-24491 | Fileviewer <= 2.2 - Arbitrary File Upload/Deletion via CSRF |
| CVE-2021-24504 | WP LMS <= 1.1.2 - Stored Cross-Site Scripting (XSS) |
| CVE-2021-24535 | Light Messages <= 1.0 - CSRF to Stored XSS |
| CVE-2021-24536 | Custom Login Redirect <= 1.0.0 - CSRF to Stored XSS |
| CVE-2021-24543 | jQuery Reply to Comment <= 1.31 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24555 | Diary & Availability Calendar <= 1.0.3 - Authenticated (subscriber+) SQL Injection |
| CVE-2021-24559 | Qyrr < 0.7 - Authenticated (contributor+) Stored XSS |
| CVE-2021-24565 | Contact Form 7 Captcha < 0.0.9 - CSRF to Stored XSS |
| CVE-2021-24570 | Paypal Donation < 1.3.1 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24572 | Paypal Donation < 1.3.1 - CSRF to Arbitrary Post Deletion |
| CVE-2021-24581 | Blue Admin <= 21.06.01 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24584 | Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Update |
| CVE-2021-24586 | Per Page Add to Head < 1.4.4 - CSRF to Stored XSS |
| CVE-2021-24595 | WP Cookie Choice <= 1.1.0 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24611 | Keywords & Meta <= 3.0 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24615 | Wechat Reward <= 1.7 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24618 | Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting |
| CVE-2021-24626 | Chameleon CSS <= 1.2 - Subscriber+ SQL Injection |
| CVE-2021-24636 | Print My Blog < 3.4.2 - Plugin Deactivation via CSRF |
| CVE-2021-24639 | OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion |
| CVE-2021-24641 | Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF) |
| CVE-2021-24642 | Scroll Baner <= 1.0 - CSRF to RCE |
| CVE-2021-24668 | MAZ Loader < 1.4.1 - Arbitrary Loader Deletion via CSRF |
| CVE-2021-24674 | Genie WP Favicon <= 0.5.2 - Arbitrary Favicon Change via CSRF |
| CVE-2021-24675 | One User Avatar < 2.3.7 - Avatar Update via CSRF |
| CVE-2021-24683 | Weather Effect < 1.3.4 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24685 | Flat Preloader < 1.5.4 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24696 | Simple Download Monitor < 3.9.9 - Multiple CSRF |
| CVE-2021-24704 | Orange Form <= 1.0 - SQL Injection via CSRF |
| CVE-2021-24705 | NEX-Forms < 8.4.3 - Stored Cross-Site Scripting via CSRF |
| CVE-2021-24711 | Software License Manager < 4.5.1 - Arbitrary Domain Deletion via CSRF |
| CVE-2021-24725 | Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF |
| CVE-2021-24730 | Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update |
| CVE-2021-24735 | Compact WP Audio Player < 1.9.7 - Setting Change via CSRF |
| CVE-2021-24749 | URL Shortify < 1.5.1 - Arbitrary Link/Group Deletion via CSRF |
| CVE-2021-24761 | Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF |
| CVE-2021-24766 | 404 to 301 < 3.0.9 - Logs Deletion via CSRF |
| CVE-2021-24767 | Redirect 404 Error Page to Homepage or Custom Page with Logs < 1.7.9 - Log Deletion via CSRF |
| CVE-2021-24776 | WP Performance Score Booster < 2.1 - Settings Change via CSRF |
| CVE-2021-24780 | Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF |
| CVE-2021-24784 | WP Admin Logo Changer <= 1.0 - Plugin's Settings Update via CSRF |
| CVE-2021-24795 | Filter Portfolio Gallery <= 1.5 - Arbitrary Gallery Deletion via CSRF |
| CVE-2021-24799 | Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF |
| CVE-2021-24802 | Colorful Categories < 2.0.15 - Arbitrary Colors Update via CSRF |
| CVE-2021-24803 | Core Tweaks WP Setup <= 4.1 - Arbitrary Admin Account Creation / Admin Email Update via CSRF |
| CVE-2021-24804 | Simple JWT Login < 3.2.1 - Arbitrary Settings Update to Site Takeover via CSRF |
| CVE-2021-24805 | DW Question & Answer Pro <= 1.3.4 - Multiple CSRF |
| CVE-2021-24806 | wpDiscuz < 7.3.4 - Arbitrary Comment Addition/Edition/Deletion via CSRF |
| CVE-2021-24809 | BP Better Messages < 1.9.9.41 - Multiple CSRF |
| CVE-2021-24818 | WP Limits <= 1.0 - Plugin's Settings Update via CSRF |
| CVE-2021-24822 | Stylish Cost Calculator < 7.04 - Subscriber+ Unauthorised AJAX Calls to Stored XSS |
| CVE-2021-24823 | Support Board < 3.3.6 - Arbitrary File Deletion via CSRF |
| CVE-2021-24832 | WP SEO Redirect 301 < 2.3.2 - Redirect Deletion via CSRF |
| CVE-2021-24836 | Temporary Login Without Password < 1.7.1 - Subscriber+ Plugin's Settings Update |
| CVE-2021-24843 | SupportCandy < 2.2.7 - Arbitrary Ticket Deletion via CSRF |
| CVE-2021-24852 | MouseWheel Smooth Scroll < 5.7 - Plugin's Setting Update via CSRF |
| CVE-2021-24870 | WP Fastest Cache < 0.9.5 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24879 | SupportCandy < 2.2.7 - CSRF to Cross-Site Scripting |
| CVE-2021-24890 | Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload |
| CVE-2021-24912 | Transposh WordPress Translation < 1.0.8 - CSRF to Stored XSS |
| CVE-2021-24913 | Logo Showcase with Slick Slider < 2.0.1 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF |
| CVE-2021-24922 | Pixel Cat Lite < 2.6.2 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24936 | WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24981 | Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload |
| CVE-2021-24989 | Accept Donations with PayPal < 1.3.4 - Arbitrary Post Deletion via CSRF |
| CVE-2021-25010 | Post Snippets < 3.1.4 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-25025 | Event Calendar < 1.1.51 - Subscriber+ Event Creation |
| CVE-2021-25032 | PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise |
| CVE-2021-25051 | Modal Window < 5.2.2 - RFI leading to RCE via CSRF |
| CVE-2021-25052 | Button Generator < 2.3.3 - RFI leading to RCE via CSRF |
| CVE-2021-25053 | WP Coder < 2.5.2 - RFI leading to RCE via CSRF |
| CVE-2021-25072 | NextScripts: Social Networks Auto-Poster < 4.3.25 - Arbitrary Post Deletion via CSRF |
| CVE-2021-25073 | WP125 < 1.5.5 - Arbitrary Ad Deletion via CSRF |
| CVE-2021-25081 | WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF |
| CVE-2021-25092 | Link Library < 7.2.8 - Library Settings Reset via CSRF |
| CVE-2021-25095 | IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban |
| CVE-2021-25097 | LabTools <= 1.0 - Subscriber+ Arbitrary Publication Deletion |
| CVE-2021-25098 | Easy Pricing Tables < 3.1.3 - Arbitrary Post Removal via CSRF |
| CVE-2021-25108 | IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF |
| CVE-2021-25116 | Enqueue Anything <= 1.0.1 - Subscriber+ Arbitrary Asset/Post Deletion |
| CVE-2021-25117 | WP Postratings < 1.86.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-25965 | Calibre-web - Admin Account Takeover via Cross-Site Request Forgery (CSRF) |
| CVE-2021-25976 | Piranha CMS - Site-wide Cross-Site Request Forgery (CSRF) |
| CVE-2021-26296 | Cross-Site Request Forgery (CSRF) vulnerability in Apache MyFaces |
| CVE-2021-27758 | There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after atta... |
| CVE-2021-27759 | This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the... |
| CVE-2021-28656 | Apache Zeppelin: CSRF vulnerability in the Credentials page |
| CVE-2021-29435 | Cross-Site Request Forgery (CSRF) in trestle-auth |
| CVE-2021-29436 | Cross site request forgery vulnerability |
| CVE-2021-32632 | CSRF allowing modification of commands, modules, banphrases through hidden iFrames |
| CVE-2021-32677 | Cross-Site Request Forgery (CSRF) in FastAPI |
| CVE-2021-32730 | No CSRF protection on the password change form |
| CVE-2021-32732 | Cross-Site Request Forgery in xwiki-platform |
| CVE-2021-32774 | Cross-Site Request Forgery (CSRF) in DataDump |
| CVE-2021-32776 | No CSRF form token cleanup on Windows servers |
| CVE-2021-32929 | Uffizio GPS Tracker Cross-site Request Forgery |
| CVE-2021-32991 | Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker... |
| CVE-2021-34358 | CSRF Vulnerability in QmailAgent |
| CVE-2021-34360 | CSRF Bypass in Proxy Server |
| CVE-2021-34619 | Cross-Site Request Forgery in WooCommerce Stock Manager WordPress Plugin |
| CVE-2021-34620 | CSRF in WP Fluent Forms < 3.6.67 allows stored XSS and Privilege Escalation |
| CVE-2021-34628 | Admin Custom Login <= 3.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34631 | NewsPlugin <= 1.0.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34632 | SEO Backlinks <= 4.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34633 | Youtube Feeder <= 2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34634 | Nifty Newsletters <= 4.0.23 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34636 | Countdown and CountUp, WooCommerce Sales Timer <= 1.5.7 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34637 | Post Index <= 0.7.5 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34645 | Shopping Cart & eCommerce Store <= 5.1.0 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-34661 | WP Fusion Lite <= 3.37.18 Cross-Site Request Forgery to Data Deletion |
| CVE-2021-34743 | Cisco Webex Software Application Authorization Bypass Vulnerability |
| CVE-2021-34773 | Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability |
| CVE-2021-35242 | A valid CSRF token is present in response to an invalid request |
| CVE-2021-3683 | Cross-Site Request Forgery (CSRF) in star7th/showdoc |
| CVE-2021-36850 | WordPress Media File Renamer – Auto & Manual Rename plugin <= 5.1.9 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36852 | WordPress WP Hotel Booking plugin <= 1.10.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36854 | WordPress Booking Ultra Pro plugin <= 1.1.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2021-36855 | WordPress Booking Ultra Pro plugin <= 1.1.4 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36861 | WordPress Rich Reviews by Starfish plugin <= 1.9.14 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36876 | WordPress uListing plugin <= 2.0.5 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2021-36877 | WordPress uListing plugin <= 2.0.5 - Modify User Roles via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36878 | WordPress uListing plugin <= 2.0.5 - Settings Update via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36886 | WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36887 | WordPress tarteaucitron.js – Cookies legislation & GDPR plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability lea... |
| CVE-2021-36890 | WordPress Social Share Buttons by Supsystic plugin <= 2.2.2 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36891 | WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change |
| CVE-2021-36908 | WordPress WP Reset PRO Premium Plugin <= 5.98 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36914 | WordPress CalderaWP License Manager plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected C... |
| CVE-2021-36915 | WordPress Profile Builder plugin <= 3.6.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-37198 | A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions... |
| CVE-2021-37201 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerab... |
| CVE-2021-3728 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-3729 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-3730 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-3775 | Cross-Site Request Forgery (CSRF) in star7th/showdoc |
| CVE-2021-3776 | Cross-Site Request Forgery (CSRF) in star7th/showdoc |
| CVE-2021-3819 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-38342 | Nested Pages <= 3.1.15 Cross-Site Request Forgery to Arbitrary Post Deletion and Modification |
| CVE-2021-38480 | InHand Networks IR615 Router |
| CVE-2021-3858 | Cross-Site Request Forgery (CSRF) in snipe/snipe-it |
| CVE-2021-3900 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-3901 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-39133 | Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server |
| CVE-2021-39197 | Cross-Site Request Forgery in better_errors |
| CVE-2021-39198 | The disqualify lead action may be executed without CSRF token check |
| CVE-2021-39209 | Bypassable CSRF protection |
| CVE-2021-3921 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-3931 | Cross-Site Request Forgery (CSRF) in snipe/snipe-it |
| CVE-2021-3932 | Cross-Site Request Forgery (CSRF) in area17/twill |
| CVE-2021-39353 | Easy Registration Forms <= 2.1.1 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-3944 | Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack |
| CVE-2021-3957 | Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 |
| CVE-2021-3963 | Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 |
| CVE-2021-3976 | Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 |
| CVE-2021-39864 | Adobe Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Cart Addition |
| CVE-2021-3993 | Cross-Site Request Forgery (CSRF) in star7th/showdoc |
| CVE-2021-4005 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-4015 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-4017 | Cross-Site Request Forgery (CSRF) in star7th/showdoc |
| CVE-2021-4030 | A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to ex... |
| CVE-2021-4033 | Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 |
| CVE-2021-40335 | Cross Site Request Forgery (CSRF) in Hitachi Energy’s MSM Product |
| CVE-2021-4049 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat |
| CVE-2021-4082 | Cross-Site Request Forgery (CSRF) in pimcore/pimcore |
| CVE-2021-4092 | Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm |
| CVE-2021-4096 | Fancy Product Designer <= 4.7.5 - Cross-Site Request Forgery to Arbitrary File Upload |
| CVE-2021-41083 | CSRF Vulnerability in dada-mail 11.15.1 and below |
| CVE-2021-41113 | Cross-Site-Request-Forgery in Backend URI Handling in Typo3 |
| CVE-2021-41176 | logout CSRF in Pterodactyl Panel |
| CVE-2021-4123 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat |
| CVE-2021-41245 | Possible Cross-Site Request Forgery in Combodo iTop |
| CVE-2021-41260 | Missing CSRF checks in Galette |
| CVE-2021-41273 | Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys |
| CVE-2021-41274 | Authentication Bypass by CSRF Weakness |
| CVE-2021-41275 | Authentication Bypass by CSRF Weakness |
| CVE-2021-41295 | ECOA BAS controller - Cross-Site Request Forgery (CSRF) |
| CVE-2021-4130 | Cross-Site Request Forgery (CSRF) in snipe/snipe-it |
| CVE-2021-4131 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat |
| CVE-2021-4162 | Cross-Site Request Forgery (CSRF) in archivy/archivy |
| CVE-2021-4164 | Cross-Site Request Forgery (CSRF) in janeczku/calibre-web |
| CVE-2021-4168 | Cross-Site Request Forgery (CSRF) in star7th/showdoc |
| CVE-2021-42358 | Contact Form With Captcha <= 1.6.2 Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2021-42364 | Stetic <= 1.0.6 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-43353 | Crisp Live Chat <= 0.31 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-43559 | A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "d... |
| CVE-2021-43777 | Vulnerability in Redash OAuth2 flows due to misuse of state field (should be a nonce) |
| CVE-2021-43846 | CSRF forgery protection bypass for Spree::OrdersController#populate |
| CVE-2021-44777 | WordPress Email Tracker plugin <= 5.2.6 - Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail... |
| CVE-2022-0088 | Cross-Site Request Forgery (CSRF) in yourls/yourls |
| CVE-2022-0134 | AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF |
| CVE-2022-0141 | Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF |
| CVE-2022-0164 | Coming soon and Maintenance mode < 3.6.7 - Subscriber+ Arbitrary Email Sending to Subscribed Users |
| CVE-2022-0191 | Ad Invalid Click Protector (AICP) < 1.2.7 - Arbitrary Ban Deletion via CSRF |
| CVE-2022-0196 | Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite |
| CVE-2022-0197 | Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite |
| CVE-2022-0199 | Coming soon and Maintenance mode < 3.6.8 - Arbitrary Email Sending to Subscribed Users via CSRF |
| CVE-2022-0215 | XootiX Plugins <= Various Versions Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2022-0226 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat |
| CVE-2022-0229 | miniOrange's Google Authenticator < 5.5 - Unauthenticated Arbitrary Options Deletion |
| CVE-2022-0231 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat |
| CVE-2022-0238 | Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite |
| CVE-2022-0245 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat |
| CVE-2022-0269 | Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm |
| CVE-2022-0313 | Float Menu < 4.3.1 - Arbitrary Menu Deletion via CSRF |
| CVE-2022-0328 | Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF |
| CVE-2022-0335 | A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "d... |
| CVE-2022-0345 | Better Notifications for WP < 1.8.7 - Email Address Disclosure |
| CVE-2022-0363 | myCred < 2.4.4 - Subscriber+ Arbitrary Post Creation |
| CVE-2022-0398 | ThirstyAffiliates Affiliate Link Manager < 3.10.5 - Subscriber+ Arbitrary Affiliate Links Creation |
| CVE-2022-0402 | Superforms < 6.0.4 - Reflected Cross-Site Scripting |
| CVE-2022-0439 | Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injection |
| CVE-2022-0444 | XCloner < 4.3.6 - Plugin Settings Reset |
| CVE-2022-0445 | WordPress Real Cookie Banner < 2.14.2 - Settings Reset via CSRF |
| CVE-2022-0499 | Sermon Browser <= 0.45.22 - Arbitrary File Upload via CSRF |
| CVE-2022-0505 | Cross-Site Request Forgery (CSRF) in microweber/microweber |
| CVE-2022-0515 | Cross-Site Request Forgery (CSRF) in crater-invoice/crater |
| CVE-2022-0616 | Amelia < 1.0.46 - Arbitrary Customer Deletion via CSRF |
| CVE-2022-0634 | ThirstyAffiliates < 3.10.5 - Subscriber+ unauthorized image upload + CSRF |
| CVE-2022-0638 | Cross-Site Request Forgery (CSRF) in microweber/microweber |
| CVE-2022-0642 | JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-0681 | Simple Membership < 4.1.0 - Arbitrary Transaction Deletion via CSRF |
| CVE-2022-0707 | Easy Digital Downloads < 2.11.6 - Arbitrary Payment Note Insertion via CSRF |
| CVE-2022-0770 | Translate WordPress with GTranslate < 2.9.9 - CSRF to Account Takeover |
| CVE-2022-0830 | FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-0833 | Church Admin < 3.4.135 - Unauthenticated Plugin's Backup Disclosure |
| CVE-2022-0875 | miniOrange Google Authenticator < 1.0.5 - CSRF to Stored Cross-Site Scripting |
| CVE-2022-0914 | Export All URLs < 4.3 - Private/Draft Post/Page Title Disclosure via CSRF |
| CVE-2022-0952 | Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update |
| CVE-2022-1020 | Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call |
| CVE-2022-1092 | myCred < 2.4.4 - Subscriber+ Import/Export to Email Address Disclosure |
| CVE-2022-1112 | Autolinks <= 1.0.1 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-1203 | Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update |
| CVE-2022-1251 | Ask Me < 6.8.4 - CSRF in Edit Profile |
| CVE-2022-1389 | On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request fo... |
| CVE-2022-1407 | VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-1418 | Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-1421 | Discy < 5.2 - Settings Update via CSRF |
| CVE-2022-1422 | Discy < 5.2 - Restore Default Settings via CSRF |
| CVE-2022-1424 | Ask Me < 6.8.2 - Multiple CSRF in AJAX Actions |
| CVE-2022-1570 | Files Download Delay < 1.0.7 - Subscriber+ Settings Reset |
| CVE-2022-1572 | HTML2WP <= 1.0.0 - Subscriber+ Arbitrary File Deletion |
| CVE-2022-1573 | HTML2WP <= 1.0.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-1574 | HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload |
| CVE-2022-1576 | WP Maintenance Mode & Coming Soon < 2.4.5 - Subscribed Users Deletion via CSRF |
| CVE-2022-1577 | Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF |
| CVE-2022-1578 | My wpdb < 2.5 - Arbitrary SQL Query via CSRF |
| CVE-2022-1589 | Change wp-admin Login < 1.1.0 - Unauthenticated Arbitrary Settings Update |
| CVE-2022-1591 | WordPress Ping Optimizer < 2.35.1.3.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-1594 | HC Custom WP-Admin URL <= 1.4 - Arbitrary Settings Update via CSRF |
| CVE-2022-1599 | Admin Management Xtended < 2.4.5 - Post Visibility/Date/Comment Status Update via CSRF |
| CVE-2022-1603 | Mail Subscribe List < 2.1.4 - Arbitrary Subscribed User Deletion via CSRF |
| CVE-2022-1605 | Email Users <= 4.8.8 - Arbitrary Settings Update via CSRF |
| CVE-2022-1607 | Cross Site Scripting vulnerability in NE843 Pulsar Plus Controller |
| CVE-2022-1608 | OnePress Social Locker <= 5.6.2 - Arbitrary Settings Update via CSRF |
| CVE-2022-1610 | Seamless Donations < 5.1.9 - Arbitrary Settings Update via CSRF |
| CVE-2022-1611 | Bulk Page Creator < 1.1.4 - Arbitrary Page Creation via CSRF |
| CVE-2022-1612 | Webriti SMTP Mail <= 1.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-1617 | WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-1618 | Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-1624 | Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via CSRF |
| CVE-2022-1625 | New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF |
| CVE-2022-1626 | Sharebar <= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1627 | My Private Site < 3.0.8 - Arbitrary Settings Update via CSRF |
| CVE-2022-1630 | WP-Email < 2.69.0 - Log Deletion via CSRF |
| CVE-2022-1653 | Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF |
| CVE-2022-1672 | Insights from Google PageSpeed < 4.0.7 - Multiple CSRF |
| CVE-2022-1694 | Useful Banner Manager <= 1.6.1 - Modify banners via CSRF |
| CVE-2022-1695 | WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF |
| CVE-2022-1709 | Throws SPAM Away < 3.3.1 - Comment Deletion via CSRF |
| CVE-2022-1712 | LiveSync for WordPress <= 1.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-2071 | Name Directory < 1.25.4 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-20735 | Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability |
| CVE-2022-20787 | Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability |
| CVE-2022-20853 | Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability |
| CVE-2022-1732 | Rename wp-login.php <= 2.6.0 - Secret URL Update via CSRF |
| CVE-2022-1757 | Pagebar < 2.70 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1758 | Genki Pre-Publish Reminder <= 1.4.1 - Stored XSS & RCE via CSRF |
| CVE-2022-1759 | RB Internal Links <= 2.0.16 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-1760 | Core Control <= 1.2.1 - Arbitrary Settings Update via CSRF |
| CVE-2022-1761 | Peter’s Collaboration E-mails <= 2.2.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-1763 | Static Page eXtended <= 2.1 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1764 | WP-chgFontSize <= 1.8 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1765 | Hot Linked Image Cacher <= 1.16 - Image upload/cache abuse via CSRF |
| CVE-2022-1779 | Auto Delete Posts <= 1.3.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-1780 | LaTeX for WordPress <= 3.4.10 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1781 | postTabs <= 2.10.6 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1787 | Sideblog <= 6.0 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1788 | Change Uploaded File Permissions <= 4.0.0 - File Permission Update via CSRF |
| CVE-2022-1790 | New User Email Set Up <= 0.5.2 - Arbitrary Settings Update via CSRF |
| CVE-2022-1791 | One Click Plugin Updater <= 2.4.14 - Arbitrary Settings Update via CSRF |
| CVE-2022-1792 | Quick Subscribe <= 1.7.1 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1793 | Private Files <= 0.40 - Protection Disabling via CSRF |
| CVE-2022-2184 | CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRF |
| CVE-2022-2245 | Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF |
| CVE-2022-1818 | Multi-page Toolkit <= 2.6 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1826 | Cross-Linker <= 3.0.1.9 - Arbitrary Cross-Link Creation via CSRF |
| CVE-2022-1827 | PDF24 Article To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF |
| CVE-2022-1828 | PDF24 Articles To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF |
| CVE-2022-1829 | Inline Google Maps <= 5.11 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1830 | Amazon Einzeltitellinks <= 1.3.3 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1831 | WPlite <= 1.3.1 - Arbitrary Settings Update via CSRF |
| CVE-2022-1832 | CaPa Protect <= 0.5.8.2 - Arbitrary Settings Update via CSRF |
| CVE-2022-1842 | OpenBook Book Data <= 3.5.2 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1843 | MailPress <= 7.2.1 - Arbitrary Settings Update & Log Files Purge via CSRF |
| CVE-2022-1844 | WP Sentry <= 1.0 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1845 | WP Post Styling < 1.3.1 - Multiple CSRF |
| CVE-2022-1846 | Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF |
| CVE-2022-1847 | Rotating Posts <= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1885 | Cimy Header Image Rotator <= 6.1.1 - Arbitrary Settings Update via CSRF |
| CVE-2022-1895 | underConstruction < 1.20 - Construction Mode Deactivation via CSRF |
| CVE-2022-1913 | Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1914 | Clean-Contact <= 1.6 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1956 | Shortcut Macros <= 1.3 - Subscriber+ Arbitrary Settings Update |
| CVE-2022-2260 | GiveWP < 2.21.3 - DoS via CSRF |
| CVE-2022-2312 | Student Result or Employee Database < 1.7.5 - Stored Cross Site Scripting via CSRF |
| CVE-2022-23475 | dalorRadius full account take over |
| CVE-2022-2350 | Disable User Login <= 1.0.1 - Unauthenticated Settings Update |
| CVE-2022-2353 | Cross-Site Request Forgery (CSRF) in microweber/microweber |
| CVE-2022-2355 | Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF |
| CVE-2022-2432 | Ecwid Ecommerce Shopping Cart <= 6.10.23 - Cross-Site Request Forgery to Settings/Options Update |
| CVE-2022-1957 | Comment License < 1.4.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-1960 | MyCSS <= 1.1 - Arbitrary Settings Update via CSRF |
| CVE-2022-1967 | WP Championship < 9.3 - Multiple CSRF |
| CVE-2022-22686 | Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote auth... |
| CVE-2022-2275 | WP Edit Menu <= 1.5.0 - Arbitrary Post Deletion via CSRF |
| CVE-2022-2276 | WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion |
| CVE-2022-22808 | A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unauthorized access to the pro... |
| CVE-2022-22811 | A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, lead... |
| CVE-2022-23601 | CSRF token missing in Symfony |
| CVE-2022-2375 | WP Sticky Button < 1.4.1 - Unauthenticated Arbitrary Settings Update to Stored XSS |
| CVE-2022-23765 | IPTIME NAS family CSRF vulnerability |
| CVE-2022-2377 | Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending |
| CVE-2022-23771 | IPTIME NAS1DUAL CSRF Vulnerability |
| CVE-2022-2381 | E Unlocked - Student Result <= 1.0.4 - Arbitrary File Upload via CSRF |
| CVE-2022-2382 | Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion |
| CVE-2022-2449 | reSmush.it Image Optimizer < 0.4.7 - Multiple CSRF |
| CVE-2022-24712 | Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4 |
| CVE-2022-26309 | Cross-Site Request en Bulk operation (User operation) |
| CVE-2022-26366 | WordPress AdRotate Banner Manager Plugin <= 5.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-2387 | Easy Digital Downloads < 3.0 - Arbitrary Post Deletion via CSRF |
| CVE-2022-2388 | WP Coder < 2.5.3 - Code Deletion via CSRF |
| CVE-2022-2389 | Automations By Autonami < 2.1.2 - Subscriber+ Automation Creation |
| CVE-2022-23975 | WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Plugin... |
| CVE-2022-23976 | WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Data Reset (Posts... |
| CVE-2022-23983 | WordPress WP Content Copy Protection & No Right Click plugin <= 3.4.4 - Cross-Site Request Forgery (CSRF) leads to Settings U... |
| CVE-2022-25599 | WordPress Spiffy Calendar plugin <= 4.9.0 - Event deletion via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-25600 | WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-25608 | WordPress Yoo Slider – Image Slider & Video Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading... |
| CVE-2022-25614 | WordPress eRoom plugin <= 1.3.7 - Cross-Site Request Forgery (CSRF) leading to Sync with Zoom Meetings vulnerability |
| CVE-2022-25615 | WordPress eRoom plugin <= 1.3.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cache Deletion |
| CVE-2022-25754 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (2... |
| CVE-2022-25778 | Unload handlers may unintentionally defeat CSRF guards |
| CVE-2022-25952 | WordPress Content Egg plugin <= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-27488 | A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through... |
| CVE-2022-2657 | Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX Calls |
| CVE-2022-30694 | The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticat... |
| CVE-2022-2146 | Import CSV Files <= 1.0 - Reflected Cross-Site Scripting |
| CVE-2022-21703 | Cross Site Request Forgery in Grafana |
| CVE-2022-2171 | Progressive License <= 1.1.0 - CSRF to Stored XSS |
| CVE-2022-2172 | LinkWorth Plugin < 3.3.4 - Arbitrary Setting Update via CSRF |
| CVE-2022-24879 | Malfunction of Cross-Site Request Forgery token validation |
| CVE-2022-2555 | Yotpo Reviews for WooCommerce <= 2.0.4 - Arbitrary Settings Update via CSRF |
| CVE-2022-27846 | WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Slider Creation / Modificat... |
| CVE-2022-27847 | WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Template Import |
| CVE-2022-27850 | WordPress Simple Ajax Chat plugin <= 20220115 - Multiple Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-27851 | WordPress Use Any Font plugin <= 6.1.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-27855 | WordPress Analytics Cat plugin <= 1.0.9 - Plugin Settings change via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-27860 | WordPress Footer Text plugin <= 2.0.3 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-29489 | WordPress Sucuri Security plugin <= 1.8.33 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-29495 | WordPress Popup Builder plugin <= 4.1.11 - Cross-Site Request Forgery (CSRF) leading to plugin settings update |
| CVE-2022-29561 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions <... |
| CVE-2022-2987 | Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update to Auth Bypass |
| CVE-2022-3119 | OAuth client Single Sign On for WordPress < 3.0.4 - Unauthenticated Settings Update to Authentication Bypass |
| CVE-2022-2091 | Cache Images < 3.2.1 - Image Upload / Import via CSRF |
| CVE-2022-20961 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated,... |
| CVE-2022-2123 | WP Opt-in <= 1.4.1 - Arbitrary Settings Update via CSRF |
| CVE-2022-2144 | Jquery Validation For Contact Form 7 < 5.3 - Arbitrary Options Update via CSRF |
| CVE-2022-2405 | WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion |
| CVE-2022-2762 | AdminPad < 2.2 - Note Update via CSRF |
| CVE-2022-27628 | WordPress WZone – Lite Version Plugin <= 3.1 Lite is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-3017 | Cross-Site Request Forgery (CSRF) in froxlor/froxlor |
| CVE-2022-3024 | Simple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSS |
| CVE-2022-3025 | Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF |
| CVE-2022-30337 | WordPress WP Meta SEO plugin <= 4.4.8 - Social Settings Update vis Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-30544 | WordPress OSM – OpenStreetMap Plugin <= 6.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-3208 | Simple File List < 4.4.13 - Page Creation via CSRF |
| CVE-2022-32175 | AdGuardHome - CSRF |
| CVE-2022-3221 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb |
| CVE-2022-33177 | WordPress Booking Calendar plugin <= 9.2.1 - Cross-Site Request Forgery (CSRF) vulnerabiulity |
| CVE-2022-33201 | WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-3121 | SourceCodester Online Employee Leave Management System addemployee.php cross-site request forgery |
| CVE-2022-3126 | Frontend File Manager < 21.4 - File Upload via CSRF |
| CVE-2022-3149 | WP Custom Cursors < 3.0.1 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-3151 | WP Custom Cursors < 3.0.1 - Arbitrary Cursor Deletion via CSRF |
| CVE-2022-3154 | Multiple Plugins from Viszt Peter - Multiple CSRF |
| CVE-2022-32289 | WordPress Popup Builder plugin <= 4.1.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Popup Status Change |
| CVE-2022-3232 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb |
| CVE-2022-3233 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb |
| CVE-2022-32516 | A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause... |
| CVE-2022-32587 | WordPress WP Page Widget plugin <= 3.9 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-3267 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb |
| CVE-2022-3274 | Cross-Site Request Forgery (CSRF) on user's settings in GitHub repository ikus060/rdiffweb prior to 2.4.6. in ikus060/rdiffwe... |
| CVE-2022-34347 | WordPress Download Manager plugin <= 3.2.48 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-34367 | Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5, 19.6, contain(s) a Cross-Site Request Forgery Vulnera... |
| CVE-2022-3489 | WP Hide <= 0.0.2 - Unauthenticated Settings Update |
| CVE-2022-35228 | SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwi... |
| CVE-2022-2839 | Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS |
| CVE-2022-29412 | WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-29413 | WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS)... |
| CVE-2022-29414 | WordPress Subscribe To Comments Reloaded plugin <= 211130 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-29427 | WordPress Disable Right Click For WP plugin <= 1.1.6 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-29429 | WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) leading to Remote Code Execution (RCE) v... |
| CVE-2022-29430 | WordPress PNG to JPG plugin <= 4.0 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) vulne... |
| CVE-2022-29431 | Remove CPT base <= 5.8 - CSRF leads to CPT base deletion |
| CVE-2022-29435 | WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-29436 | WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cros... |
| CVE-2022-29437 | WordPress Image Slider by NextCode plugin <= 1.1.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-29439 | WordPress Image Slider by NextCode plugin <= 1.1.2 - Slider Deletion via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-29441 | WordPress Private Messages For WordPress plugin <= 2.1.10 - Sending Messages via Cross-Site Request Forgery (CSRF) vulnerabil... |
| CVE-2022-29450 | WordPress Admin Management Xtended plugin <= 2.4.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-29451 | WordPress Rara One Click Demo Import plugin <= 1.2.9 - Cross-Site Request Forgery (CSRF) leads to Arbitrary File Upload vulne... |
| CVE-2022-29453 | WordPress API KEY for Google Maps plugin <= 1.2.1 - CSRF vulnerability leading to Google Maps API key update |
| CVE-2022-3336 | Event Monster < 1.2.0 - Visitors Deletion via CSRF |
| CVE-2022-3372 | Cross-Site Request Forgery (CSRF) in Riello UPS Netman-204 |
| CVE-2022-33974 | WordPress Custom Twitter Feeds (Tweets Widget) Plugin <= 1.8.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-3419 | Automatic User Roles Switcher < 1.1.2 - Subscriber+ Privilege Escalation |
| CVE-2022-34448 | PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An... |
| CVE-2022-3451 | Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls |
| CVE-2022-34654 | WordPress Manage Notification E-mails Plugin <= 1.8.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-35638 | IBM Sterling B2B Integrator cross-site request forgery |
| CVE-2022-35656 | Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly... |
| CVE-2022-35730 | WordPress Oceanwp sticky header plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-36076 | Account takeover via SSO plugins in NodeBB |
| CVE-2022-36095 | XWiki Cross-Site Request Forgery (CSRF) for actions on tags |
| CVE-2022-36250 | Cross Site Request Forgery on Shop Beat Services |
| CVE-2022-36288 | WordPress Download Manager plugin <= 3.2.48 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-36292 | WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-36312 | Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue... |
| CVE-2022-37405 | WordPress Better Font Awesome plugin <= 2.0.1 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-37411 | WordPress Captcha Code plugin <= 2.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-3750 | Ask Me < 6.8.7 - Post Deletion via CSRF |
| CVE-2022-3763 | Booster for WooCommerce - Checkout Files Deletion via CSRF |
| CVE-2022-38059 | WordPress Access Code Feeder plugin <= 1.0.3 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38062 | WordPress Download Theme Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-38063 | WordPress Social Login WP Plugin <= 5.0.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-38075 | WordPress Mantenimiento web plugin <= 0.13 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scr... |
| CVE-2022-38077 | WordPress Popup Anything Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-38079 | WordPress Backup Scheduler plugin <= 1.5.13 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38085 | WordPress Read more By Adam plugin <= 1.1.8 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38086 | WordPress Shortcodes Ultimate plugin <= 5.12.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38093 | WordPress All in One SEO plugin <= 4.2.3.1 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-38095 | WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-3946 | Welcart e-Commerce < 2.8.4 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion |
| CVE-2022-40686 | WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40687 | WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40692 | WordPress Sunshine Photo Cart Plugin <= 2.9.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-40695 | WordPress SEO Redirection Plugin plugin <= 8.9 - Multiple Cross-Site Scripting (CSRF) vulnerabilities |
| CVE-2022-40724 | Cross-Site Request Forgery on PingFederate Local Identity Profiles Endpoint. |
| CVE-2022-35277 | WordPress GetResponse plugin <= 5.5.20 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-3536 | Role Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR Deserialization |
| CVE-2022-3537 | Role Based Pricing for WooCommerce < 1.6.2 - Subscriber+ Arbitrary File Upload |
| CVE-2022-3538 | Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation |
| CVE-2022-35943 | SameSite may allow cross-site request forgery (CSRF) protection to be bypassed |
| CVE-2022-3632 | OAuth Client by DigitialPixies <= 1.1.0 - CSRF |
| CVE-2022-36345 | WordPress Download Plugin Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-36346 | WordPress MaxButtons plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-36358 | WordPress SEO Scout plugin <= 0.9.83 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-36373 | WordPress MP3 jPlayer plugin <= 2.7.3 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-36379 | WordPress ЮKassa для WooCommerce plugin <= 2.3.0 - Cross-Site Request Forgery (CSRF) leading to plugin settings update |
| CVE-2022-36388 | WordPress YDS Support Ticket System plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-36389 | WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-36401 | WordPress TeraWallet – For WooCommerce Plugin <= 1.3.24 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-36404 | WordPress Simple SEO plugin <= 1.8.12 - Broken Access Control vulnerability |
| CVE-2022-36417 | WordPress 3D Tag Cloud plugin <= 3.8 - Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulne... |
| CVE-2022-36424 | WordPress Easy Appointments Plugin <= 3.11.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-3677 | Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF |
| CVE-2022-36796 | WordPress CallRail Phone Call Tracking plugin <= 0.4.9 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cr... |
| CVE-2022-36798 | WordPress Mega Addons For WPBakery Page Builder plugin <= 4.2.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-3911 | iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin |
| CVE-2022-3926 | WP OAuth Server < 3.4.2 - Client Secret Regeneration via CSRF |
| CVE-2022-39268 | orchest vulnerable to cross-site request forgery that allows control of a user instance |
| CVE-2022-4058 | Photo Gallery < 1.8.3 - Stored XSS via CSRF |
| CVE-2022-40623 | WAVLINK Quantum D4G (WN531G3) CSRF |
| CVE-2022-40632 | WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40671 | WordPress Rate my Post – WP Rating System plugin <= 3.3.4 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-41134 | WordPress Optinly Plugin <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-41136 | WordPress Shortcodes Ultimate plugin <= 5.12.0 - CSRF vulnerability leading to Stored XSS |
| CVE-2022-4124 | Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion |
| CVE-2022-4125 | Popup Manager <= 1.6.6 - Unauthenticated Stored XSS |
| CVE-2022-41263 | Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420,... |
| CVE-2022-41296 | IBM Db2U cross-site respect forgery |
| CVE-2022-41297 | IBM Db2U cross-site request forgery |
| CVE-2022-29454 | WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-29468 | A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-craf... |
| CVE-2022-3688 | WPQA < 5.9 - Follow/Unfollow via CSRF |
| CVE-2022-38137 | WordPress Analytify plugin <= 4.2.2 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38139 | WordPress RD Station plugin <= 5.2.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-38144 | WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38356 | WordPress Pearl Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-38454 | WordPress Kraken.io Image Optimizer plugin <= 2.6.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38468 | WordPress NextGEN Gallery Plugin <= 3.28 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-3847 | Showing URL in QR Code <= 0.0.1 - Stored XSS via CSRF |
| CVE-2022-38470 | WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-3850 | Find and Replace All <= 1.3 - Arbitrary Replacement via CSRF |
| CVE-2022-3853 | Supra CSV <= 4.0.3 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-38660 | HCL XPages applications are susceptible to Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38704 | WordPress SEO Redirection plugin <= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38716 | WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-3879 | Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-3880 | AntiHacker < 4.20 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-3881 | WPTools < 3.43 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-3882 | WP Memory < 2.46 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-3883 | StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-3894 | WP OAuth Server < 4.2.5 - Arbitrary Post Deletion via CSRF |
| CVE-2022-3899 | 3DPrint < 3.5.6.9 - Arbitrary File and Directory Deletion via CSRF |
| CVE-2022-3999 | WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion |
| CVE-2022-40128 | WordPress Advanced Order Export For WooCommerce plugin <= 3.3.2 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40131 | WordPress Page View Count plugin <= 2.5.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40132 | WordPress Seriously Simple Podcasting plugin <= 2.16.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-4016 | Booster for WooCommerce - Custom Role Creation/Deletion via CSRF |
| CVE-2022-4017 | Booster for WooCommerce - Multiple CSRF |
| CVE-2022-40179 | A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.2... |
| CVE-2022-40180 | A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.2... |
| CVE-2022-40192 | WordPress wpForo Forum plugin <= 2.0.9 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40198 | WordPress TeraWallet – For WooCommerce Plugin <= 1.3.24 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-40219 | WordPress FavIcon Switcher plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-4023 | 3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad |
| CVE-2022-4024 | Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion |
| CVE-2022-40291 | Cross-site request forgery (CSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC |
| CVE-2022-41608 | WordPress Asgaros Forum Plugin <= 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-41615 | WordPress Store Locator plugin <= 1.4.5 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-41620 | WordPress SeoSamba for WordPress Webmasters Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-41622 | iControl SOAP vulnerability |
| CVE-2022-41633 | WordPress Community by PeepSo Plugin <= 6.0.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-41634 | WordPress Media Library Folders plugin <= 7.1.1 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-41635 | WordPress Advanced Shipment Tracking for WooCommerce Plugin <= 3.5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-41685 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Integration for Szamlazz.hu & WooCommerce and Csomagpontok és s... |
| CVE-2022-41987 | WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-41990 | WordPress 3D Tag Cloud Plugin <= 3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-41996 | WordPress Avada premium theme <= 7.8.1 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-4265 | Replyable < 2.2.10 - Subscriber+ PHP Object Injection |
| CVE-2022-4266 | Bulk Delete Users by Email <= 1.2 - User Deletion via CSRF |
| CVE-2022-42880 | WordPress Auto Upload Images Plugin <= 3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-4309 | Subscribe2 < 10.38 - User Deletion via CSRF |
| CVE-2022-4386 | Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF |
| CVE-2022-43980 | Cross-site scripting vulnerability in the network maps edit functionality |
| CVE-2022-4426 | Mautic Integration For WooCommerce < 1.0.3 - Arbitrary Options Update via CSRF |
| CVE-2022-4443 | BruteBank - WP Security & Firewall < 1.9 - Settings Update via CSRF |
| CVE-2022-45364 | WordPress Drag and Drop Multiple File Upload – Contact Form 7 Plugin <= 1.3.6.5 is vulnerable to Cross Site Request Forgery (... |
| CVE-2022-45367 | WordPress Custom Order Numbers for WooCommerce Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45371 | WordPress ShopEngine Plugin <= 4.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45372 | WordPress Product Gallery Slider for WooCommerce Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45376 | WordPress Side Cart Woocommerce (Ajax) Plugin < 2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-4548 | Optimize images ALT Text (alt tag) & names for SEO using AI < 2.0.8 - Settings Update via CSRF |
| CVE-2022-4549 | Tickera < 3.5.1.0 - Plugin Data Deletion via CSRF |
| CVE-2022-4552 | FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS |
| CVE-2022-4553 | FL3R FeelBox <= 8.1 - Moods Reset via CSRF |
| CVE-2022-4564 | University of Central Florida Materia API Controller api.php before cross-site request forgery |
| CVE-2022-45804 | WordPress Robo Gallery Plugin <= 3.2.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45807 | WordPress WP Mail Log Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45815 | WordPress GDPR Compliance & Cookie Consent Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45823 | WordPress Video Contest WordPress Plugin Plugin <= 3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45824 | WordPress Advanced Booking Calendar Plugin <= 1.7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45828 | WordPress NOO Timetable Plugin <= 2.1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45846 | WordPress Image Map Pro Plugin < 5.6.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45847 | WordPress Countdown Widget plugin <= 3.1.9.1 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) |
| CVE-2022-45850 | WordPress Image Map Pro premium plugin < 5.6.9 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XS... |
| CVE-2022-4604 | wp-english-wp-admin Plugin english-wp-admin.php register_endpoints cross-site request forgery |
| CVE-2022-4745 | WP Customer Area < 8.1.4 - Unauthorised Actions via CSRF |
| CVE-2022-47559 | Cross-Site Request Forgery in Ormazabal products |
| CVE-2022-47609 | WordPress DNUI Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47611 | WordPress Hover Image Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47612 | WordPress Participants Database Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-4766 | dolibarr_project_timesheet Form cross-site request forgery |
| CVE-2022-48320 | CSRF in add-visual endpoint |
| CVE-2022-4844 | Cross-Site Request Forgery (CSRF) in usememos/memos |
| CVE-2022-4845 | Cross-Site Request Forgery (CSRF) in usememos/memos |
| CVE-2022-4846 | Cross-Site Request Forgery (CSRF) in usememos/memos |
| CVE-2022-4849 | Cross-Site Request Forgery (CSRF) in usememos/memos |
| CVE-2022-4850 | Cross-Site Request Forgery (CSRF) in usememos/memos |
| CVE-2022-4867 | Cross-Site Request Forgery (CSRF) in froxlor/froxlor |
| CVE-2022-4872 | WooCommerce Chained Products < 2.12.0 - Unauthenticated Arbitrary Options Update to 'no' |
| CVE-2022-4888 | Multiple Plugins from Addify - Multiple CSRF |
| CVE-2022-4944 | kalcaddle KodExplorer cross-site request forgery |
| CVE-2023-0058 | Tiempo.com <= 0.1.2 - Stored XSS via CSRF |
| CVE-2023-0335 | WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion |
| CVE-2023-0336 | OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion |
| CVE-2023-0398 | Cross-Site Request Forgery (CSRF) in modoboa/modoboa |
| CVE-2023-0406 | Cross-Site Request Forgery (CSRF) in modoboa/modoboa |
| CVE-2023-0420 | Custom Post Type and Taxonomy GUI Manager <= 1.1 - Stored XSS via CSRF |
| CVE-2023-0603 | Sloth Logo Customizer <= 2.0.2 - Stored XSS via CSRF |
| CVE-2023-0642 | Cross-Site Request Forgery (CSRF) in squidex/squidex |
| CVE-2023-0674 | XXL-JOB New Password updatePwd cross-site request forgery |
| CVE-2023-0735 | Cross-Site Request Forgery (CSRF) in wallabag/wallabag |
| CVE-2023-0737 | CSRF in wallabag/wallabag |
| CVE-2023-0761 | Clock In Portal <= 2.1 - Staff Deletion via CSRF |
| CVE-2023-1011 | ChatBot < 4.4.5 - Stored XSS via CSRF |
| CVE-2023-1033 | Cross-Site Request Forgery (CSRF) in froxlor/froxlor |
| CVE-2023-1086 | Preview Link Generator < 1.0.4 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-1087 | WC Sales Notification < 1.2.3 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-1088 | WP Plugin Manager < 1.1.8 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-1089 | Coupon Zen < 1.0.6 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-1092 | OAuth Single Sign On - SSO (OAuth Client) - IdP Deletion via CSRF |
| CVE-2023-1093 | OAuth Single Sign On - SSO (OAuth Client) < 6.24.2 - IdP Discard via CSRF |
| CVE-2023-1330 | Redirection < 1.1.4 - Redirect Creation via CSRF |
| CVE-2022-4102 | Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Deletion |
| CVE-2022-4103 | Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Creation |
| CVE-2022-4107 | SMSA Shipping for WooCommerce < 1.0.5 - Subscriber+ Arbitrary File Download |
| CVE-2022-41805 | WordPress Booster for WooCommerce plugin <= 5.6.6 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-41919 | Fastify vulnerable to Cross-Site Request Forgery (CSRF) attack via incorrect content type |
| CVE-2022-41924 | Tailscale Windows daemon is vulnerable to RCE via CSRF |
| CVE-2022-41925 | Tailscale daemon is vulnerable to information disclosure via CSRF |
| CVE-2022-41927 | XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags |
| CVE-2022-42435 | IBM Business Automation Workflow cross-site request forgery |
| CVE-2022-4363 | Wholesale Market <= 2.2.2 - Settings Update via CSRF |
| CVE-2022-4368 | WP CSV <= 1.8.0.0 - Reflected XSS via CSV Import |
| CVE-2022-43719 | Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API |
| CVE-2022-45067 | WordPress Exclusive Addons Elementor Plugin <= 2.6.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45068 | WordPress Mercado Pago payments for WooCommerce Plugin <= 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45071 | WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-45072 | WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-45073 | WordPress REST API Authentication plugin <= 2.4.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-45074 | WordPress Activity Reactions For Buddypress Plugin <= 1.0.22 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45076 | WordPress Flexible Elementor Panel Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45079 | WordPress Loginizer Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45080 | WordPress Add Multiple Marker Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45127 | CVE-2022-45127 |
| CVE-2022-45149 | A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect... |
| CVE-2022-47161 | WordPress Health Check & Troubleshooting Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47162 | WordPress DH – Anti AdBlocker Plugin <= 36 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47163 | WordPress WP CSV to Database Plugin <= 2.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47164 | WordPress Event Manager for WooCommerce Plugin <= 3.7.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47165 | WordPress CoSchedule Plugin <= 3.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47166 | WordPress Void Contact Form 7 Widget For Elementor Page Builder Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (... |
| CVE-2022-47167 | WordPress Crayon Syntax Highlighter Plugin <= 2.8.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47169 | WordPress Visibility Logic for Elementor Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47172 | WordPress WooLentor Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47174 | WordPress Performance Lab Plugin <= 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47175 | WordPress Royal Elementor Addons Plugin <= 1.3.75 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47177 | WordPress WP EasyPay Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47178 | WordPress Simple Share Buttons Adder Plugin <= 8.4.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47179 | WordPress OWM Weather Plugin <= 5.6.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47180 | WordPress Kopa Framework Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47181 | WordPress Email Templates Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47183 | WordPress Extra Block Design, Style, CSS for ANY Gutenberg Blocks Plugin <= 0.2.6 is vulnerable to Cross Site Request Forgery... |
| CVE-2022-47372 | Stored cross-site scripting vulnerability in create event section |
| CVE-2022-47373 | Reflected Cross Site Scripting in Search Functionality of Module Library |
| CVE-2022-47395 | CVE-2022-47395 |
| CVE-2022-47422 | WordPress WordPress Stripe Donation and Payment Plugin Plugin <= 3.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47424 | WordPress ARMember plugin <= 4.0.5 - Cross Site Request Forgery (CSRF) |
| CVE-2022-47427 | WordPress My Calendar Plugin <= 3.3.24.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47440 | WordPress My Tickets Plugin <= 1.9.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47443 | WordPress Multi Rating Plugin <= 5.0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47446 | WordPress Store Locator Plugin <= 3.98.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47447 | WordPress WP-Advanced-Search Plugin <= 3.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47448 | WordPress xili-tidy-tags Plugin <= 1.12.03 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-0438 | Cross-Site Request Forgery (CSRF) in modoboa/modoboa |
| CVE-2023-0484 | Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks < 1.1.6 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0495 | HT Slider For Elementor < 1.4.0 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0496 | HT Event < 1.4.6 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0497 | HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0498 | WP Education < 1.2.7 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0499 | QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0500 | WP Film Studio < 1.3.5 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0501 | WP Insurance < 2.1.4 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0502 | WP News <= 1.1.9 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0503 | Free WooCommerce Theme 99fy Extension < 1.2.8 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0504 | HT Politic < 2.3.8 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0505 | Ever Compare <= 1.2.3 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0520 | RapidExpCart <= 1.0 - Stored XSS via CSRF |
| CVE-2023-0522 | Enable/Disable Auto Login when Register <= 1.1.0 - Settings Update via CSRF |
| CVE-2023-0551 | REST API TO MiniProgram <= 4.6.1 - Subscriber+ Attachment Deletion |
| CVE-2023-22672 | WordPress vSlider Multi Image Slider for WordPress Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22673 | WordPress Website Monetization by MageNet Plugin <= 1.0.29.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22674 | WordPress Dashicons + Custom Post Types Plugin <= 1.0.2 is vulnerable to Broken Access Control |
| CVE-2023-22678 | WordPress Superior FAQ Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22681 | WordPress Online Exam Software : eExamhall Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22686 | WordPress Nice PayPal Button Lite Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22688 | WordPress WP Tabs Slides Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22689 | WordPress Auto Affiliate Links Plugin <= 6.3 is vulnerable to Broken Access Control |
| CVE-2023-22691 | WordPress Category Specific RSS feed Subscription Plugin <= v2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22692 | WordPress Name Directory Plugin <= 1.27.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22693 | WordPress WP Google Tag Manager Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22694 | WordPress BigContact Plugin <= 1.5.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22695 | WordPress Custom Field Template Plugin <= 2.5.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22700 | WordPress PixelYourSite – Your smart PIXEL (TAG) Manager Plugin <= 9.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22709 | WordPress SRS Simple Hits Counter Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2271 | Tiempo.com <= 0.1.2 - Shortcode Deletion via CSRF |
| CVE-2023-22714 | WordPress Coming Soon by Supsystic Plugin <= 1.7.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22942 | Cross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk Enterprise |
| CVE-2023-2307 | Cross-Site Request Forgery (CSRF) in builderio/qwik |
| CVE-2023-23973 | WordPress Contact Us page - Contact people LITE Plugin <= 3.7.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23974 | WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23983 | WordPress Responsive Vertical Icon Menu Plugin <= 1.5.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23984 | WordPress Bubble Menu – circle floating menu Plugin <= 3.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23992 | WordPress AutomatorWP Plugin <= 2.5.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23993 | WordPress IP Blocker Lite Plugin <= 11.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23997 | WordPress Database Collation Fix Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24007 | WordPress Admin Block Country Plugin <= 7.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24008 | WordPress Maspik – Spam blacklist Plugin <= 0.7.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2474 | Rebuild cross-site request forgery |
| CVE-2023-24920 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-2495 | Greeklish-permalink < 3.5 - Unauthenticated Post Slug Update |
| CVE-2023-25025 | WordPress WP-CopyProtect [Protect your blog posts] Plugin <= 3.1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25029 | WordPress WP Social Bookmarking Light Plugin <= 2.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25033 | WordPress Social Share Boost Plugin <= 4.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25034 | WordPress WP Clean Up Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25036 | WordPress Social Media Icons Widget Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25038 | WordPress For the visually impaired Plugin <= 0.58 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2505 | The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files.... |
| CVE-2023-25051 | WordPress Comment Reply Notification Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25055 | WordPress Google XML Sitemap for Videos Plugin <= 2.6.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25056 | WordPress Feed Them Social Plugin <= 3.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25058 | WordPress Schema – All In One Schema Rich Snippets Plugin <= 1.6.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25065 | WordPress WP Tabs Plugin <= 2.1.14 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25066 | WordPress FV Flowplayer Video Player Plugin <= 7.5.30.7212 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2508 | CSRF in PaperCutNG Mobility Print leads to sophisticated phishing |
| CVE-2023-25170 | PrestaShop has possible CSRF token fixation |
| CVE-2023-2533 | PaperCut MF/NG 22.0.10 (Build 65996 2023-03-27) - Remote code execution via CSRF |
| CVE-2023-25443 | WordPress Button Generator – easily Button Builder Plugin <= 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25447 | WordPress ColorWay Theme <= 4.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25448 | WordPress Archivist – Custom Archive Templates Plugin <= 1.7.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25449 | WordPress CformsII Plugin <=15.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25450 | WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25463 | WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25467 | WordPress Resize at Upload Plus Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25468 | WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25470 | WordPress Rus-To-Lat Plugin <= 0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25472 | WordPress Podlove Podcast Publisher Plugin <= 3.8.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25473 | WordPress Flickr Justified Gallery Plugin <= 3.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25474 | WordPress About Me 3000 widget Plugin <= 2.2.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25475 | WordPress Smart YouTube PRO Plugin <= 4.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25478 | WordPress Weather Station Plugin <= 3.8.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25480 | WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Reques... |
| CVE-2023-25481 | WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25482 | WordPress WP Tiles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25487 | WordPress PixTypes Plugin <= 1.4.14 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25489 | WordPress Update Theme and Plugins from Zip File Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2552 | Cross-Site Request Forgery (CSRF) in unilogies/bumsys |
| CVE-2023-25569 | apollo-portal has potential CSRF issue |
| CVE-2023-25697 | WordPress GamiPress plugin <= 2.5.6 - CSRF Leading to Settings Change Vulnerability |
| CVE-2023-25698 | WordPress Shoppable Images Lite Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25706 | WordPress Robots.txt optimization plugin <= 1.4.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25707 | WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25708 | WordPress WP VR – 360 Panorama and Virtual Tour Builder For WordPress Plugin <= 8.2.7 is vulnerable to Cross Site Request For... |
| CVE-2023-25709 | WordPress Locatoraid Store Locator Plugin <= 3.9.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25788 | WordPress Saphali Woocommerce Lite Plugin <= 1.8.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25832 | BUG-000148346 There is a Cross-Site Request Forgery (CSRF) vulnerability in Portal for ArcGIS. |
| CVE-2023-25967 | WordPress Community by PeepSo Plugin <= 6.0.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25968 | WordPress Client Portal – Private user pages and login Plugin <= 1.1.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25971 | WordPress Educare – Students & Result Management System Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25973 | WordPress Auto Affiliate Links Plugin <= 6.3.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25975 | WordPress Etsy Shop Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25976 | WordPress Integration for Contact Form 7 and Zoho CRM, Bigin Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSR... |
| CVE-2023-25980 | WordPress Optimize Database after Deleting Revisions Plugin <= 5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25985 | WordPress WordPress Tooltips Plugin <= 8.2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25986 | WordPress PayGreen Plugin <= 4.10.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25987 | WordPress YouTube Channel Plugin <= 3.23.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25989 | Cross-Site Request Forgery (CSRF) vulnerability in multiple WordPress plugins by Meks |
| CVE-2023-25991 | WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25994 | WordPress Publish to Schedule Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2601 | WP Brutal AI < 2.0.0 - SQL Injection via CSRF |
| CVE-2023-26011 | WordPress Read More Excerpt Link Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26014 | WordPress Minify HTML Plugin <= 2.1.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2627 | KiviCare Management System < 3.2.1 - Subscriber+ Unauthorised AJAX Calls |
| CVE-2023-2628 | KiviCare Management System < 3.2.1 - Multiple CSRF |
| CVE-2023-2631 | CSRF vulnerability and missing permission checks in Code Dx Plugin |
| CVE-2023-26514 | WordPress XML Sitemap Generator for Google Plugin <= 1.3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26516 | WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26518 | WordPress WP TFeed Plugin <= 1.6.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26524 | WordPress Quiz And Survey Master Plugin <= 8.0.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26531 | WordPress 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 Plugin <= 4.2.7 is vulnerable to Cross Site R... |
| CVE-2023-26532 | WordPress Social Auto Poster Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26535 | WordPress Sheets To WP Table Live Sync Plugin <= 2.12.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26542 | WordPress phpinfo() WP Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26543 | WordPress WP Meteor Page Speed Optimization Topping Plugin <= 3.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27417 | WordPress Affiliate Super Assistent Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27418 | WordPress Side Menu Lite Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27423 | WordPress Auto Prune Posts Plugin <= 1.8.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27424 | WordPress Inactive User Deleter Plugin <= 1.59 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27430 | WordPress Mass Delete Unused Tags Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27431 | WordPress Big Store Theme <= 1.9.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27433 | WordPress Make Paths Relative Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27434 | WordPress Classic Editor and Classic Widgets Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27435 | WordPress HTTP Auth Plugin <= 0.3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27436 | WordPress Elegant Custom Fonts Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27438 | WordPress WP Translitera Plugin <= p1.2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27441 | WordPress New Adman Plugin <= 1.6.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27442 | WordPress Leyka Plugin <= 3.29.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27444 | WordPress DecaLog Plugin <= 3.7.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27445 | WordPress Blog Floating Button Plugin <= 1.4.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27446 | WordPress DeepL Pro API translation Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27448 | WordPress MakeStories (for Google Web Stories) Plugin <= 2.8.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27453 | WordPress LWS Tools Plugin <= 2.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27457 | WordPress Add Expires Headers & Optimized Minify Plugin <= 2.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27458 | WordPress WpStream – Live Streaming, Video on Demand, Pay Per View Plugin <= 4.4.10 is vulnerable to Cross Site Request Forge... |
| CVE-2023-2746 | Rockwell Automation Enhanced HIM Vulnerable to Cross-Site Request Forgery Attack |
| CVE-2023-27461 | WordPress When Last Login Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27490 | Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth |
| CVE-2023-27495 | Bypass of CSRF protection in the presence of predictable userInfo in @fastify/csrf-protection |
| CVE-2023-27606 | WordPress WP Reroute Email Plugin <= 1.4.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27611 | WordPress Reusable Blocks Extended Plugin <= 0.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27615 | WordPress WP Super Minify Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27623 | WordPress WP Page Numbers Plugin <= 0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27632 | WordPress Daily Prayer Time Plugin <= 2023.03.08 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27633 | WordPress Customify Plugin <= 2.10.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27634 | WordPress Intrepidity Theme <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28167 | WordPress CF7 Invisible reCAPTCHA Plugin <= 1.3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28172 | WordPress WP Google Map Plugin Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28173 | WordPress Google XML Sitemap for Images Plugin <= 2.1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2830 | WordPress WP Testimonials Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28335 | Moodle: csrf risk in resetting all templates of a database activity |
| CVE-2023-28361 | A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access c... |
| CVE-2023-28419 | WordPress Force First and Last Name as Display Name Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2842 | WP Inventory Manager < 2.1.0.14 - Inventory Items Deletion via CSRF |
| CVE-2023-28420 | WordPress Custom Options Plus Plugin <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28495 | WordPress WP Shortcode by MyThemeShop Plugin <= 1.4.16 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28497 | WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28498 | WordPress Hotel Booking Lite Plugin <= 4.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28618 | WordPress Enhanced Plugin Admin Plugin <= 1.16 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28688 | WordPress TH Variation Swatches plugin <= 1.2.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2023-28694 | WordPress Wbcom Designs – BuddyPress Activity Social Share Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28696 | WordPress I Recommend This Plugin <= 3.9.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28747 | WordPress CBX Currency Converter Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28749 | WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28780 | WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28791 | WordPress Simple Org Chart Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28848 | CSRF protection on user_oidc login returned the expected token in case of an error |
| CVE-2023-28930 | WordPress Mobile Banner Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28949 | IBM Engineering Requirements Management cross-site request forgery |
| CVE-2023-28986 | WordPress Affiliates Manager Plugin <= 2.9.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28987 | WordPress Wp Ultimate Review Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28989 | WordPress Happy Addons for Elementor Plugin <= 3.8.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28995 | WordPress Configurable Tag Cloud Plugin <= 5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-29003 | SvelteKit has Insufficient Cross-Site Request Forgery Protection |
| CVE-2023-29020 | Cross site request forgery token fixation in fastify-passport |
| CVE-2023-2919 | Tutor LMS <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable' |
| CVE-2023-29235 | WordPress Maintenance Switch Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-29238 | WordPress Whydonate – FREE Donate button Plugin <= 3.12.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-29425 | WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.23 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-29426 | WordPress Spreadshop Plugin Plugin <= 1.6.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-29428 | WordPress Superb Social Media Share Buttons and Follow Buttons Plugin <= 1.1.3 is vulnerable to Broken Access Control |
| CVE-2023-29440 | WordPress Simple Job Board Plugin <= 2.10.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3029 | Guangdong Pythagorean OA Office System delete cross-site request forgery |
| CVE-2023-30474 | WordPress Ultimate Noindex Nofollow Tool II Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-30478 | WordPress Newsletters Plugin <= 4.8.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-30484 | WordPress Enable Accessibility Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-30607 | icingaweb2-module-jira template and field configuration are susceptible to CSRF |
| CVE-2023-30616 | Cross Site Request Forgery due to missing nonce verification in form block |
| CVE-2023-3075 | Cross-Site Request Forgery (CSRF) in tsolucio/corebos |
| CVE-2023-30901 | A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA00-2AA0... |
| CVE-2023-31075 | WordPress Easy Hide Login Plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31077 | WordPress Export WP Page to Static HTML/CSS Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31078 | WordPress WP BrowserUpdate Plugin <= 4.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31086 | WordPress Simple Giveaways Plugin <= 2.46.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31087 | WordPress JS Job Manager Plugin <=2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31088 | WordPress Floating Action Button Plugin <=1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31089 | WordPress Video XML Sitemap Generator Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31093 | WordPress Chronosly Events Calendar Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31174 | Cross-Site Request Forgery (CSRF) |
| CVE-2023-31200 | PTC Vuforia Studio Cross-Site Request Forgery |
| CVE-2023-31216 | WordPress Ultimate Member Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31218 | WordPress WOLF Plugin <= 1.0.6 is vulnerable to CSRF leading to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2023-31230 | WordPress Baidu Tongji generator Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31235 | WordPress Participants Database Plugin <= 2.4.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3178 | POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF |
| CVE-2023-3179 | POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF |
| CVE-2023-3209 | MStore API < 3.9.7 - Settings Update via CSRF |
| CVE-2023-32091 | WordPress POEditor Plugin <= 0.9.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32092 | WordPress Community by PeepSo Plugin <= 6.0.9.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32093 | WordPress TPG Redirect Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32104 | WordPress MyCurator Content Curation Plugin <= 3.74 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32123 | WordPress The7 Theme <= 11.7.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32124 | WordPress Publish Confirm Message Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32125 | WordPress Multi Rating Plugin <= 5.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32245 | WordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Server Side Request Forgery (SSRF) |
| CVE-2023-32344 | IBM Cognos Analytics cross-site request forgery |
| CVE-2023-32500 | WordPress WoodMart Theme <= 7.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32501 | WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32502 | WordPress Pro Mime Types Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32504 | WordPress Wise Chat Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32512 | WordPress ShortPixel Adaptive Images Plugin <= 3.7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32514 | WordPress Google Site Verification plugin using Meta Tag Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32579 | WordPress Forget About Shortcode Buttons Plugin <= 2.1.2 is vulnerable to Broken Access Control |
| CVE-2023-32583 | WordPress WP All Backup Plugin <= 2.4.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32587 | WordPress WP Reactions Lite Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32588 | WordPress Post State Tags Plugin <= 2.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32589 | WordPress Dyslexiefont Free Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32592 | WordPress Sunny Search Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32594 | WordPress Hyphenator Plugin <= 5.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32602 | WordPress CALL ME NOW Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32739 | WordPress WP Custom Cursors Plugin < 3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32744 | WordPress WooCommerce Product Recommendations Plugin < 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32745 | WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32791 | Cross-Site Request Forgery on NXLog Manager |
| CVE-2023-32792 | Cross-Site Request Forgery on NXLog Manager |
| CVE-2023-32794 | WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32960 | WordPress UpdraftPlus Plugin <= 1.23.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32964 | WordPress Better Notifications for WP Plugin <= 1.9.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32966 | WordPress Jazz Popups Plugin <= 1.8.7 is vulnerable to Cross Site Request Forgery (CSRF) leading to Stored XSS |
| CVE-2023-33207 | WordPress Stop Referrer Spam Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33212 | WordPress JetFormBuilder Plugin <= 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33214 | WordPress Taggbox Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33313 | WordPress WIP Custom Login Plugin <= 1.2.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33314 | WordPress BEAR Plugin <= 1.1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33315 | WordPress Smart App Banner Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33316 | WordPress WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33333 | WordPress Complianz and Complianz Premium plugins - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) |
| CVE-2023-3356 | Subscribers Text Counter < 1.7.1 - Settings Update via CSRF to Stored XSS |
| CVE-2023-3366 | MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF |
| CVE-2023-33926 | WordPress Easy Google Maps Plugin <= 1.11.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33931 | WordPress YouTube Playlist Player Plugin <= 4.6.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34002 | WordPress WP Inventory Manager Plugin <= 2.1.0.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34005 | WordPress Front End Users Plugin <= 3.2.24 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34015 | WordPress Advanced Flat rate shipping Woocommerce Plugin <= 1.6.4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34024 | WordPress WP Full Auto Tags Manager Plugin <= 2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34025 | WordPress LWS Hide Login Plugin <= 2.1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34028 | WordPress WOLF Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34029 | WordPress Disable WordPress Update Notifications Plugin <= 2.3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34030 | WordPress Complianz and Complianz Premium plugins - Cross Site Request Forgery (CSRF) |
| CVE-2023-34031 | WordPress bbPress Toolkit Plugin <= 1.0.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34033 | WordPress Ajax Pagination and Infinite Scroll Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3408 | Bricks <= 1.8.1 - Cross-Site Request Forgery via save_settings |
| CVE-2023-3409 | Bricks <= 1.8.1 - Cross-Site Request Forgery via reset_settings |
| CVE-2022-4148 | WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion |
| CVE-2022-43459 | WordPress Forms by CaptainForm Plugin <= 2.5.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-43469 | WordPress Corona Virus (COVID-19) Banner & Live Data Plugin <= 1.7.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-43481 | WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-43488 | WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-43490 | WordPress Stream Plugin <= 3.9.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-43491 | WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-44585 | WordPress Homepage Pop-up Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-44627 | WordPress Simple SEO plugin <= 1.8.12 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-44737 | WordPress All In One WP Security plugin <= 5.1.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-44739 | WordPress Quick Restaurant Reservations Plugin <= 1.5.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-44740 | WordPress Creative Mail plugin <= 1.5.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-44741 | WordPress Testimonial Slider plugin <= 1.3.1 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-4621 | Panasonic Sanyo CCTV Network Camera |
| CVE-2022-4633 | Auto Upload Images Settings setting-page.php cross-site request forgery |
| CVE-2022-46367 | Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation |
| CVE-2022-46368 | Rumpus - FTP server Cross-site request forgery (CSRF) – Create user |
| CVE-2022-4646 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb |
| CVE-2022-46793 | WordPress Product Feed PRO for WooCommerce Plugin <= 12.4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46794 | WordPress WooCommerce Weight Based Shipping Plugin <= 5.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46797 | WordPress Conversios.io Plugin <= 5.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46798 | WordPress WooLentor Plugin <= 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46800 | WordPress LiteSpeed Cache Plugin <= 5.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46805 | WordPress Conditional Payments for WooCommerce Plugin <= 2.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46806 | WordPress Cart All In One For WooCommerce Plugin <= 1.1.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46810 | WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Reques... |
| CVE-2022-46812 | WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Reques... |
| CVE-2022-46813 | WordPress Advanced Database Cleaner Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46814 | WordPress Kodex Posts likes Plugin <= 2.4.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46815 | WordPress Conditional Shipping for WooCommerce Plugin <= 2.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46816 | WordPress Booking Ultra Pro Plugin <= 1.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46820 | WordPress Joli Table Of Contents Plugin <= 1.3.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46841 | WordPress Oxygen Builder Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46842 | WordPress JS Help Desk plugin <= 2.7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46851 | WordPress Starter Templates Plugin <= 3.1.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46853 | WordPress The Post Grid Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46854 | WordPress Launchpad – Coming Soon & Maintenance Mode Plugin Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSR... |
| CVE-2022-46856 | WordPress Woocommerce Product Designer Plugin <= 4.3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46857 | WordPress SiteAlert (Formerly WP Health) Plugin <= 1.9.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46862 | WordPress Quiz And Survey Master Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46865 | WordPress Bulk Resize Media Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46866 | WordPress Import External Images Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46867 | WordPress Universal Star Rating Plugin <= 2.1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47134 | WordPress Gallery Metabox Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47135 | WordPress Chronoforms Plugin <= 7.0.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47136 | WordPress Ninja Tables Plugin <= 4.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47138 | WordPress LOGIN AND REGISTRATION ATTEMPTS LIMIT Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47139 | WordPress WP Basic Elements Plugin <= 5.2.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47141 | WordPress WP Dynamic Keywords Injector Plugin <= 2.3.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47142 | WordPress Mediamatic – Media Library Folders Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47143 | WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47144 | WordPress Mediamatic – Media Library Folders Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47147 | WordPress ipBlockList Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47148 | WordPress WooCommerce PDF Invoices & Packing Slips Plugin <= 3.2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47149 | WordPress Shortlinks by Pretty Links Plugin <= 3.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47152 | WordPress clickfunnels Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47154 | WordPress CSS JS Manager Plugin <= 2.4.49 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47155 | WordPress Slider by Supsystic Plugin <= 1.8.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47159 | WordPress Logaster Logo Generator Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-0762 | Clock In Portal <= 2.1 - Designation Deletion via CSRF |
| CVE-2023-0763 | Clock In Portal <= 2.1 - Holidays Deletion via CSRF |
| CVE-2023-0766 | Newsletter Popup <= 1.2 - Record Deletion via CSRF |
| CVE-2023-0820 | User Role by BestWebSoft < 1.6.7 - Privilege Escalation via CSRF |
| CVE-2023-0824 | UserPlus <= 2.0 - Stored XSS via CSRF |
| CVE-2023-0870 | Form Can Be Manipulated with Cross-Site Request Forgery (CSRF) |
| CVE-2023-0889 | TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update |
| CVE-2023-0988 | SourceCodester Online Pizza Ordering System cross-site request forgery |
| CVE-2023-0999 | SourceCodester Sales Tracker Management System cross-site request forgery |
| CVE-2023-35880 | WordPress WooCommerce Brands Plugin <= 1.6.49 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3589 | Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release... |
| CVE-2023-35912 | WordPress Potent Donations for WooCommerce Plugin <= 1.1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35913 | WordPress OOPSpam Anti-Spam Plugin <= 1.1.44 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35917 | WordPress WooCommerce PayPal Payments Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3627 | Cross-Site Request Forgery (CSRF) in salesagility/suitecrm-core |
| CVE-2023-3720 | Upload Media By URL < 1.0.8 - Stored XSS via CSRF |
| CVE-2023-37277 | XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API |
| CVE-2023-37889 | WordPress WPAdmin AWS CDN Plugin <= 2.0.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37891 | WordPress Exit Popups & Onsite Retargeting by OptiMonk Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37892 | WordPress Shortcode IMDB Plugin <= 6.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-38268 | IBM InfoSphere Information Server cross-site request forgery |
| CVE-2023-38381 | WordPress WP-FlyBox Plugin <= 6.46 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-38390 | WordPress Mobile Address Bar Changer Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-38396 | WordPress Google Map Shortcode Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-38398 | WordPress Taboola Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3841 | NxFilter user.jsp cross-site request forgery |
| CVE-2023-38512 | WordPress WpStream – Live Streaming, Video on Demand, Pay Per View Plugin <= 4.5.4 is vulnerable to Cross Site Request Forger... |
| CVE-2023-39311 | WordPress Avada Builder plugin <= 3.11.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-39372 | StarTrinity Softswitch version 2023-02-16 - multiple CSRF (CWE-352) |
| CVE-2023-39412 | Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of... |
| CVE-2023-39446 | Socomec MOD3GP-SY-120K Cross-Site Request Forgery |
| CVE-2023-39917 | WordPress Photo Gallery by Ays Plugin <= 5.2.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39923 | WordPress The Post Grid Plugin <= 7.2.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39925 | WordPress Community by PeepSo Plugin <= 6.1.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39989 | WordPress Header Footer Code Manager Plugin <= 1.1.34 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40008 | WordPress Simple Org Chart Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40009 | WordPress WP Pipes Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40048 | WS_FTP Server Cross-Site Request Forgery (CSRF) Vulnerability |
| CVE-2023-1331 | Redirection < 1.1.5 - Plugin Reset via CSRF |
| CVE-2023-1414 | WP VR < 8.3.0 - Subscriber+ Arbitrary Tour Update |
| CVE-2023-1597 | tagDiv Cloud Library < 2.7 - Unauthenticated Arbitrary User Metadata Update to Privilege Escalation |
| CVE-2023-1604 | Short URL <= 1.6.8 - Cross-Site Request Forgery via configuration_page |
| CVE-2023-1623 | Custom Post Type UI < 1.13.5 - Debug Info Sending via CSRF |
| CVE-2023-1624 | WPCode Lite < 2.0.9 - Arbitrary Log File Deletion via CSRF |
| CVE-2023-1651 | ChatBot < 4.4.9 - Subscriber+ OpenAI Settings Update to Stored XSS |
| CVE-2023-1660 | ChatBot < 4.4.9 - Unauthenticated Stored XSS |
| CVE-2023-1722 | Yoga Class Registration System 1.0 - ATO |
| CVE-2023-1937 | zhenfeng13 My-Blog userInfo cross-site request forgery |
| CVE-2023-1938 | WP Fatest Cache < 1.1.5 - Blind SSRF via CSRF |
| CVE-2023-20011 | Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerabilit... |
| CVE-2023-20113 | Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability |
| CVE-2023-20180 | A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cro... |
| CVE-2023-20221 | A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmwa... |
| CVE-2023-2179 | WooCommerce Order Status Change Notifier <= 1.1.0 - Subscriber+ Arbitrary Order Status Update |
| CVE-2023-2195 | CSRF vulnerability and missing permission checks in Code Dx Plugin |
| CVE-2023-2228 | Cross-Site Request Forgery (CSRF) in modoboa/modoboa |
| CVE-2023-22457 | org.xwiki.contrib:application-ckeditor-ui vulnerable to Remote Code Execution via Cross-Site Request Forgery |
| CVE-2023-22472 | Nextcloud Deck Desktop Client is vulnerable to Cross-Site Request Forgery (CSRF) via malicious link |
| CVE-2023-2326 | Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF |
| CVE-2023-2329 | WooCommerce Google Sheet Connector < 1.3.6 - Access Code Update via CSRF |
| CVE-2023-2330 | Caldera Forms Google Sheets Connector < 1.3 - Access Code Update via CSRF |
| CVE-2023-2334 | Easy Digital Downloads Google Sheet Connector < 1.6.6 - Access Code Update via CSRF |
| CVE-2023-23465 | Media CP Media Control Panel – CSRF |
| CVE-2023-23473 | IBM InfoSphere Information Server cross-site request forgery |
| CVE-2023-23646 | WordPress Album Gallery – WordPress Gallery Plugin <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23659 | WordPress MainWP Matomo Extension Plugin <= 4.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23671 | WordPress Layer Slider Plugin <= 1.1.9.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23680 | WordPress WP TopBar Plugin <= 5.36 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23704 | WordPress Comments Ratings Plugin <= 1.1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23705 | WordPress Books Gallery Plugin <= 4.4.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23706 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin <= 7.5.14 is vulnerable to Cross Si... |
| CVE-2023-23711 | WordPress A2 Optimized WP Plugin <= 3.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23712 | WordPress User Meta Manager Plugin <= 3.4.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23713 | WordPress Theme Tweaker Plugin <= 5.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23714 | WordPress Uncanny Toolkit for LearnDash Plugin <= 3.6.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23719 | WordPress Premmerce Plugin <= 1.3.17 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23721 | WordPress Admin Log Plugin <= 1.50 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23724 | WordPress WordPress Email Marketing Plugin – WP Email Capture Plugin <= 3.9.3 is vulnerable to Cross Site Request Forgery (CS... |
| CVE-2023-23726 | WordPress Tickera – WordPress Event Ticketing plugin <= 3.5.1.0 - CSRF Leading To Post Status Change Vulnerability |
| CVE-2023-23731 | WordPress WishSuite Plugin <= 1.3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23787 | WordPress Premmerce Redirect Manager Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23790 | WordPress Pods Plugin <= 2.9.10.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23791 | WordPress HT Menu Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23792 | WordPress Swatchly – WooCommerce Variation Swatches for Products Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery... |
| CVE-2023-23795 | WordPress Form Builder Plugin <= 1.9.9.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23797 | WordPress Auto YouTube Importer Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23801 | WordPress Really Simple Google Tag Manager Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23802 | WordPress HT Easy GA4 ( Google Analytics 4 ) Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23803 | WordPress JustTables – WooCommerce Product Table Plugin <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23804 | WordPress HT Feed Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23813 | WordPress My Calendar Plugin <= 3.4.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23847 | A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to c... |
| CVE-2023-23861 | WordPress GMAce Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23865 | WordPress Stripe Payments For WooCommerce by Checkout Plugin <= 1.4.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23869 | WordPress Google XML Sitemap for Mobile Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23879 | WordPress PHP Execution Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23890 | WordPress WP Airbnb Review Slider Plugin <= 3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23897 | WordPress Simple Mobile URL Redirect Plugin <= 1.7.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23899 | WordPress Extensions For CF7 Plugin <= 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24377 | WordPress Ecwid Shopping Cart Plugin <= 6.11.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24380 | WordPress Simple Wp Sitemap Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24382 | WordPress Material Design Icons for Page Builders Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24384 | WordPress Organization chart Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24388 | WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24395 | WordPress Contact Form 7 Redirect & Thank You Page Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24405 | WordPress Contact Form 7 – PayPal & Stripe Add-on Plugin <= 1.9.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24414 | WordPress Robo Gallery Plugin <= 3.2.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24415 | WordPress AI ChatBot plugin <= 4.2.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24417 | WordPress Worthy – VG WORT Integration für WordPress Plugin <= 1.6.5-6497609 is vulnerable to Cross Site Request Forgery (CSR... |
| CVE-2023-24419 | WordPress Formidable Forms Plugin <= 5.5.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24421 | WordPress PHP Compatibility Checker Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24518 | Disabling the administrator's account through cross-site request forgery |
| CVE-2023-41730 | WordPress SendPress Newsletters Plugin <= 1.22.3.31 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41732 | WordPress CP Blocks Plugin <= 1.0.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41792 | Lack of Authorization and Stored XSS Via SNMP Trap Editor Page |
| CVE-2023-41801 | WordPress AWP Classifieds Plugin <= 4.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41850 | WordPress Outbound Link Manager Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41851 | WordPress WP Custom Post Template Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41852 | WordPress MailMunch – Grow your Email List Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41853 | WordPress WP iCal Availability Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41854 | WordPress wpCentral Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41858 | WordPress Order Delivery Date for WP e-Commerce Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41864 | WordPress PeproDev CF7 Database plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-41876 | WordPress WP Gallery Metabox Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41950 | WordPress Laposta Signup Basic Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-42027 | IBM CICS TX cross-site request forgery |
| CVE-2023-42435 | Cross-Site Request Forgery in DEXMA DEXGate |
| CVE-2023-4251 | EventPrime < 3.2.0 - Booking Creation via CSRF |
| CVE-2023-4318 | Herd Effects < 5.2.4 - Effect Deletion via CSRF |
| CVE-2023-43649 | baserCMS CSRF vulnerability in Content preview Feature |
| CVE-2023-44231 | WordPress Contact Form Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44232 | WordPress WP Hide Pages Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44233 | WordPress FooGallery Plugin <= 2.2.44 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44236 | WordPress WP Captcha Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44237 | WordPress WP Site Protector Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44238 | WordPress Remove slug from custom post type Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44240 | WordPress Timthumb Vulnerability Scanner Plugin <= 1.54 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44241 | WordPress Keap Landing Pages Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44243 | WordPress Instant CSS Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44246 | WordPress Shockingly Simple Favicon Plugin <= 1.8.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44257 | WordPress Mang Board WP Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44259 | WordPress Mediavine Control Panel Plugin <= 2.10.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44260 | WordPress Woocommerce ESTO Plugin <= 2.23.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44261 | WordPress Block Plugin Update Plugin <= 3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45047 | WordPress LeadSquared Suite Plugin <= 0.7.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45048 | WordPress Social proof testimonials and reviews by Repuso Plugin <= 5.00 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45052 | WordPress WP Bing Map Pro Plugin < 5.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45058 | WordPress Short URL Plugin <= 1.6.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45060 | WordPress Interactive World Map Plugin <= 3.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45063 | WordPress AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One Plugin <= 1.1.5 is vulnerable to... |
| CVE-2023-45068 | WordPress Contact Form by Supsystic Plugin <= 1.7.27 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45102 | WordPress Blog Manager Light Plugin <= 1.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45103 | WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45106 | WordPress Urvanov Syntax Highlighter Plugin <= 2.8.33 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45107 | WordPress GoodBarber Plugin <= 1.0.22 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45108 | WordPress Mailrelay Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45109 | WordPress WhitePage Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45128 | CSRF Token Reuse Vulnerability in fiber |
| CVE-2023-45141 | CSRF Token Validation Vulnerability in fiber |
| CVE-2023-45267 | WordPress IRivYou Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45268 | WordPress Hitsteps Web Analytics Plugin <= 5.86 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45269 | WordPress Simple SEO Plugin <= 2.0.25 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45270 | WordPress Pinpoint Booking System Plugin <= 2.9.9.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45273 | WordPress Stout Google Calendar Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45274 | WordPress SendPulse Free Web Push Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45276 | WordPress Automated Editor Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45316 | Reflected client side path traversal leading to CSRF in Playbooks |
| CVE-2023-45317 | Sielco Radio Link and Analog FM Transmitters Cross-Site Request Forgery |
| CVE-2023-45748 | WordPress MailChimp Forms by MailMunch Plugin <= 3.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45749 | WordPress AGP Font Awesome Collection Plugin <= 3.2.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45752 | WordPress Post Gallery Plugin <= 2.3.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45753 | WordPress which template file Plugin <= 4.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45763 | WordPress Taggbox Plugin <= 2.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45831 | WordPress AMP WP Plugin <= 1.5.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45836 | WordPress Ultimate Taxonomy Manager Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46067 | WordPress Rocket Font Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46078 | WordPress Serial Numbers for WooCommerce – License Manager Plugin <= 1.6.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46085 | WordPress Wp Ultimate Review Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46087 | WordPress Who Hit The Page – Hit Counter Plugin <= 1.4.14.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46089 | WordPress Userback Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46092 | WordPress Webmaster Tools Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46095 | WordPress Smooth Scroll Links Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46150 | WordPress WP Radio plugin <= 3.1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46151 | WordPress Product Category Tree Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46152 | WordPress WOLF Plugin <= 1.0.7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46189 | WordPress Google Calendar Events Plugin <= 3.2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46190 | WordPress Novo-Map : your WP posts on custom google maps Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46191 | WordPress Open Graph Metabox Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46193 | WordPress Internal Link Building Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46198 | WordPress Appointment Calendar Plugin <= 2.9.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46201 | WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46202 | WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46204 | WordPress Duplicate Theme Plugin <= 0.1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46212 | WordPress WP EXtra Plugin <= 6.2 is vulnerable to Broken Access Control |
| CVE-2023-4659 | Cross-Site Request Forgery in Free5Gc |
| CVE-2023-46614 | WordPress WP Helper Premium Plugin <= 4.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46617 | WordPress AdFoxly – Ad Manager, AdSense Ads & Ads.txt Plugin <= 1.8.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46618 | WordPress Category SEO Meta Tags Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46619 | WordPress Spider Facebook Plugin <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46620 | WordPress DeepL Pro API translation Plugin <= 2.3.9.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46625 | WordPress Autolinks Manager Plugin <= 1.10.04 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46629 | WordPress Remove Add to Cart WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46634 | WordPress Custom My Account for Woocommerce Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46636 | WordPress Custom Header Images Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46638 | WordPress WCP OpenWeather Plugin <= 2.5.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46775 | WordPress Original texts Yandex WebMaster Plugin <= 1.18 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46776 | WordPress Auto Excerpt everywhere Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46777 | WordPress Feather Login Page Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46778 | WordPress Auto Limit Posts Reloaded Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46779 | WordPress EasyRecipe Plugin <= 3.5.3251 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46780 | WordPress Alter Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46781 | WordPress Current Menu Item for Custom Post Types Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47182 | WordPress Login Screen Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47186 | WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47230 | WordPress Contact Forms by Cimatti Plugin <= 1.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47237 | WordPress WP Google My Business Auto Publish Plugin <= 3.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47238 | WordPress Top 10 Plugin <= 3.3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47243 | WordPress MSHOP MY SITE Plugin <= 1.1.6 is vulnerable to Broken Access Control |
| CVE-2023-47516 | WordPress Category Post List Widget Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47519 | WordPress WooCommerce Product Table Lite Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47531 | WordPress Droit Dark Mode Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47550 | WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47551 | WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47552 | WordPress Image Hover Effects Plugin <= 5.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47553 | WordPress UserHeat Plugin Plugin <= 1.1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47556 | WordPress Device Theme Switcher Plugin <= 3.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47644 | WordPress ProfileGrid Plugin <= 5.6.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47645 | WordPress RegistrationMagic Plugin <= 5.2.2.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47649 | WordPress Best Restaurant Menu by PriceListo Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47650 | WordPress Add Local Avatar Plugin <= 12.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47651 | WordPress WP Links Page Plugin <= 4.9.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47652 | WordPress Auto Affiliate Links Plugin <= 6.4.2.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47655 | WordPress ANAC XML Bandi di Gara Plugin <= 7.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47664 | WordPress Plainview Protect Passwords Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47666 | WordPress Code Snippets Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47667 | WordPress WP Full Stripe Free plugin <= 7.0.16 - Cross Site Request Forgery (CSRF) vulnerability on every Setting Save |
| CVE-2023-47669 | WordPress Profile Builder Plugin <= 3.10.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47670 | WordPress Korea SNS Plugin <= 1.6.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47671 | WordPress Vertical scroll recent post Plugin <= 14.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47672 | WordPress WP Category Post List Widget Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47677 | A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle S... |
| CVE-2023-47685 | WordPress Preloader Matrix Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47686 | WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47687 | WordPress Woo Custom and Sequential Order Number Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47688 | WordPress Youtube SpeedLoad Plugin <= 0.6.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47718 | IBM Maximo Asset Management cross-site request forgery |
| CVE-2023-47757 | WordPress AWeber Plugin <= 7.3.9 is vulnerable to Broken Access Control |
| CVE-2023-47758 | WordPress Multi Step Form Plugin <= 1.7.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47765 | WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47775 | WordPress wpDiscuz Plugin <= 7.6.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47781 | WordPress Thrive Theme Builder Theme < 3.24.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47785 | WordPress LayerSlider Plugin <= 7.7.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47787 | WordPress WooCommerce Bookings Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47789 | WordPress WooCommerce Canada Post Shipping Plugin <= 2.8.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47790 | WordPress Pz-LinkCard Plugin <= 2.4.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47791 | WordPress Leadster Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47792 | WordPress Big File Uploads Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47806 | WordPress Disable User Login Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47819 | WordPress Easy Call Now by ThikShare Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47824 | WordPress Legal Pages Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47825 | WordPress WP EXtra Plugin <= 6.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47845 | WordPress Grab & Save plugin <= 1.0.4 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2023-47870 | WordPress wpForo Forum Plugin <= 2.2.6 is vulnerable to Broken Access Control and Cross Site Request Forgery (CSRF) |
| CVE-2023-47875 | WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-4824 | WooHoo Newspaper Magazine Theme <= 2.5.3 - Settings Update via CSRF |
| CVE-2023-4827 | File Manager Pro < 1.8 - Remote Code Execution via CSRF |
| CVE-2023-48278 | WordPress WP Forms Puzzle Captcha Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to XSS |
| CVE-2023-48279 | WordPress Seraphinite Post .DOCX Source Plugin <= 2.16.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48281 | WordPress Broken Link Checker for YouTube Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48282 | WordPress Taxonomy filter Plugin <= 2.2.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48283 | WordPress Simple Testimonials Showcase Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48284 | WordPress Decorator – WooCommerce Email Customizer Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48292 | XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks |
| CVE-2023-48293 | XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries |
| CVE-2023-48323 | WordPress Awesome Support Plugin <= 6.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48328 | WordPress NextGEN Gallery Plugin <= 3.37 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48330 | WordPress Bulk Comment Remove Plugin <= 2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48331 | WordPress MyBookTable Bookstore Plugin <= 3.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48334 | WordPress League Table Plugin <= 1.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-4837 | Cross-site request forgery (CSRF) in SmodBIP |
| CVE-2023-4865 | SourceCodester Take-Note App cross-site request forgery |
| CVE-2023-4868 | SourceCodester Contact Manager App add.php cross-site request forgery |
| CVE-2023-4869 | SourceCodester Contact Manager App update.php cross-site request forgery |
| CVE-2023-48744 | WordPress Availability Calendar Plugin <= 1.2.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48751 | WordPress Participants Database Plugin <= 2.5.5 is vulnerable to Broken Access Control |
| CVE-2023-48754 | WordPress Delete Post Revisions In WordPress Plugin <= 4.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48755 | WordPress teachPress Plugin <= 9.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48762 | WordPress JetElements For Elementor Plugin <= 2.6.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48766 | WordPress SVGator – Add Animated SVG Easily Plugin <= 1.2.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48768 | WordPress Quantity Plus Minus Button for WooCommerce by CodeAstrology Plugin <= 1.1.9 is vulnerable to Cross Site Request For... |
| CVE-2023-48769 | WordPress Chat Bubble Plugin <= 2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48772 | WordPress Prevent Landscape Rotation Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48773 | WordPress WooCommerce Login Redirect Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48778 | WordPress Product Size Chart For WooCommerce Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48781 | WordPress MkRapel Regiones y Ciudades de Chile para WC Plugin <= 4.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48790 | A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 throug... |
| CVE-2023-49076 | Pimcore missing token/header to prevent CSRF |
| CVE-2023-49148 | WordPress Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates Plugin <= 3.0.5 is vulnerable to Cross Site... |
| CVE-2023-49153 | WordPress Add to Cart Text Changer and Customize Button, Add Custom Icon Plugin <= 2.0 is vulnerable to Cross Site Request Fo... |
| CVE-2023-49155 | WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49163 | WordPress teachPress Plugin <= 9.0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49164 | WordPress Ocean Extra Plugin <= 2.2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49197 | WordPress DoFollow Case by Case Plugin <= 3.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-4959 | Quay: cross-site request forgery (csrf) on config-editor page |
| CVE-2023-49744 | WordPress Gift Up Gift Cards for WordPress and WooCommerce Plugin <= 2.21.3 is vulnerable to Cross Site Request Forgery (CSRF... |
| CVE-2023-49749 | WordPress SureTriggers Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49751 | WordPress Block for Font Awesome Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49759 | WordPress WooDiscuz – WooCommerce Comments Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49760 | WordPress WPsoonOnlinePage Plugin <= 1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49761 | WordPress Product Enquiry for WooCommerce Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49763 | WordPress CSprite Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49769 | WordPress Integrate Google Drive Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49775 | WordPress CSV Importer Plugin <= 0.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49816 | WordPress Fix My Feed RSS Repair Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49821 | WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49824 | WordPress Product Catalog Feed by PixelYourSite Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49834 | WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49838 | Cross-Site Request Forgery (CSRF) vulnerability in multiple themes by KlbTheme |
| CVE-2023-49840 | WordPress Multi Currency For WooCommerce Plugin <= 1.5.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49843 | WordPress First Order Discount Woocommerce Plugin <= 1.21 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49844 | WordPress WPPerformanceTester Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49853 | WordPress PayTR Taksit Tablosu Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49854 | WordPress Caddy Plugin <= 1.9.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49855 | WordPress BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter Plugin <= 1.49.3 is vulnerable to Cross Site Request Forg... |
| CVE-2023-49920 | Apache Airflow: Missing CSRF protection on DAG/trigger |
| CVE-2023-5006 | WP Discord Invite < 2.5.1 - Arbitrary Settings Update via CSRF |
| CVE-2023-5036 | Cross-Site Request Forgery (CSRF) in usememos/memos |
| CVE-2023-50372 | WordPress Custom Post Type Page Template Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-50722 | XWiki Platform XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass |
| CVE-2023-50835 | WordPress Advanced Category Template Plugin <= 0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-50858 | WordPress Anti Hacker Plugin <= 4.34 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-50861 | WordPress HUSKY plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-50873 | WordPress Add Any Extension to Pages Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-50878 | WordPress MStore API Plugin <= 4.10.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-50886 | WordPress Legal Pages plugin <= 1.3.7 - CSRF + Broken Access Control vulnerability |
| CVE-2023-50900 | WordPress Master Slider plugin <= 3.9.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-50902 | WordPress New User Approve Plugin <= 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51354 | WordPress Webba Booking Plugin <= 4.5.33 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51358 | WordPress Block IPs for Gravity Forms Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51369 | WordPress Customize My Account for WooCommerce plugin <= 1.8.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51378 | WordPress Rise Blocks Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51402 | WordPress Ultimate Addons for WPBakery Page Builder Plugin <= 3.19.17 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51407 | WordPress Split Test For Elementor plugin <= 1.6.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51416 | WordPress EnvíaloSimple plugin <= 2.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51474 | WordPress TerraClassifieds plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability |
| CVE-2023-51486 | WordPress WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <= 1.2.101 - Cross Site Request For... |
| CVE-2023-51487 | WordPress ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.2.32 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51489 | WordPress Crowdsignal Polls & Ratings plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51491 | WordPress Depicter Slider plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51510 | WordPress Export Media URLs plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51521 | WordPress Quiz And Survey Master plugin <= 8.1.18 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51522 | WordPress Paid Membership Subscriptions plugin <= 2.10.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51525 | WordPress WP Simple Booking Calendar plugin <= 2.0.8.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-51528 | WordPress GPT3 AI Content Writer Plugin <= 1.8.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51529 | WordPress HT Mega Plugin <= 2.3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51530 | WordPress GS Logo Slider Plugin <= 3.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51531 | WordPress Thrive Automator Plugin <= 1.17 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51533 | WordPress Ecwid Shopping Cart Plugin <= 6.12.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51535 | WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51538 | WordPress Awesome Support Plugin <= 6.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51539 | WordPress Apollo13 Framework Extensions Plugin <= 1.9.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51545 | WordPress Job Manager & Career Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injec... |
| CVE-2023-51668 | WordPress Inline Image Upload for BBPress Plugin <= 1.1.18 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51673 | WordPress Stylish Price List Plugin <= 7.0.17 is vulnerable to Broken Access Control |
| CVE-2023-51678 | WordPress Doofinder for WooCommerce Plugin <= 2.0.33 is vulnerable to Broken Access Control |
| CVE-2023-51681 | WordPress Duplicator Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51683 | WordPress Easy PayPal Buy Now Button Plugin <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-51696 | WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52119 | WordPress Icegram Plugin <= 3.1.18 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52120 | WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52121 | WordPress NitroPack Plugin <= 1.10.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52122 | WordPress Simple Job Board Plugin <= 2.10.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52123 | WordPress Strong Testimonials Plugin <= 3.1.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52127 | WordPress WPC Product Bundles for WooCommerce Plugin <= 7.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52128 | WordPress White Label Plugin <= 2.9.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52129 | WordPress teachPress Plugin <= 9.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52130 | WordPress Affiliates Manager Plugin <= 2.9.31 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52136 | WordPress Custom Twitter Feeds (Tweets Widget) Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52145 | WordPress Republish Old Posts Plugin <= 1.21 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52149 | WordPress Floating Button Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52150 | WordPress Dynamic Content for Elementor Plugin < 2.12.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52184 | WordPress WP Job Portal Plugin <= 2.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52200 | WordPress ARMember Plugin <= 4.0.22 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injection |
| CVE-2023-52216 | WordPress JS & CSS Script Optimizer Plugin <= 0.3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52222 | WordPress WooCommerce Plugin <= 8.2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52223 | WordPress MailerLite – WooCommerce integration Plugin <= 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52226 | WordPress Advanced Flamingo plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-53688 | Nagios XI < 5.11.3 XSS & CSRF via Hypermap Replay |
| CVE-2023-5444 | CSRF in ePO leading to privilege escalation |
| CVE-2023-5455 | Ipa: invalid csrf protection |
| CVE-2023-5498 | Cross-Site Request Forgery (CSRF) in chiefonboarding/chiefonboarding |
| CVE-2023-5511 | Cross-Site Request Forgery (CSRF) in snipe/snipe-it |
| CVE-2023-5519 | EventPrime < 3.2.0 - Booking Creation via CSRF |
| CVE-2023-5611 | Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import |
| CVE-2023-5626 | Cross-Site Request Forgery (CSRF) in pkp/ojs |
| CVE-2023-5651 | WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion |
| CVE-2023-5687 | Cross-Site Request Forgery (CSRF) in mosparo/mosparo |
| CVE-2023-5690 | Cross-Site Request Forgery (CSRF) in modoboa/modoboa |
| CVE-2023-5802 | WordPress WP Knowledgebase Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5803 | WordPress Business Directory Plugin Plugin <= 6.3.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5823 | WordPress TK Google Fonts GDPR Compliant Plugin <= 2.2.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5882 | WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF |
| CVE-2023-5884 | Word Balloon < 4.20.3 - Avatar Removal via CSRF |
| CVE-2023-5886 | WP All Export (Free < 1.4.1, Pro < 1.8.6) - Author+ PHAR Deserialization via CSRF |
| CVE-2023-5893 | Cross-Site Request Forgery (CSRF) in pkp/pkp-lib |
| CVE-2023-5897 | Cross-Site Request Forgery (CSRF) in pkp/customLocale |
| CVE-2023-5898 | Cross-Site Request Forgery (CSRF) in pkp/pkp-lib |
| CVE-2023-5899 | Cross-Site Request Forgery (CSRF) in pkp/pkp-lib |
| CVE-2023-5900 | Cross-Site Request Forgery in pkp/pkp-lib |
| CVE-2023-5902 | Cross-Site Request Forgery (CSRF) in pkp/pkp-lib |
| CVE-2023-5934 | Travelpayouts < 1.1.13 - Settings Update via CSRF |
| CVE-2023-5953 | Welcart e-Commerce < 2.9.5 - Subscriber+ Arbitrary File Upload |
| CVE-2023-5961 | ioLogik E1200 Series: Cross-Site Request Forgery (CSRF) Vulnerability |
| CVE-2023-5979 | eCommerce Product Catalog Plugin for WordPress < 3.3.26 - Products Deletion via CSRF |
| CVE-2023-5990 | Funnelforms Free < 3.4.2 - Form Deletion/Duplication via CSRF |
| CVE-2023-5991 | Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion |
| CVE-2023-6022 | Cross-Site Request Forgery (CSRF) in prefecthq/prefect |
| CVE-2023-6029 | EazyDocs < 2.3.6 - Unauthenticated Arbitrary Posts Deletion and Document Management |
| CVE-2023-6137 | WordPress Frontier Post Plugin <= 6.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-6243 | EventON PRO - WordPress Virtual Event Calendar Plugin <= 4.6.8 - Cross-Site Request Forgery via admin_test_email |
| CVE-2023-6251 | CSRF in delete_user_message |
| CVE-2023-6292 | Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF |
| CVE-2023-6373 | ArtPlacer Widget < 2.20.7 - Editor+ SQLi |
| CVE-2023-6385 | WordPress Ping Optimizer <= 2.35.1.3.0 - Log Clearing via CSRF |
| CVE-2023-6390 | WordPress Users <= 1.4 - Settings Update via CSRF |
| CVE-2023-6391 | Custom User CSS <= 0.2 - Settings Update via CSRF |
| CVE-2023-6474 | PHPGurukul Nipah Virus Testing Management System manage-phlebotomist.php cross-site request forgery |
| CVE-2023-6499 | lasTunes <= 3.6.1 - Settings Update via CSRF |
| CVE-2023-6501 | Splashscreen <= 0.20 - Settings Update via CSRF |
| CVE-2023-6503 | WP Plugin Lister <= 2.1.0 - Settings Update to Stored XSS via CSRF |
| CVE-2023-6529 | WP VR < 8.3.15 - Unauthenticated Plugin Downgrade leading to XSS |
| CVE-2023-6532 | WP Blogs' Planetarium <= 1.0 - Settings Update via CSRF |
| CVE-2023-6625 | Product Enquiry for WooCommerce < 3.1 - Arbitrary Enquiry Deletion via CSRF |
| CVE-2023-6633 | Site Notes <= 2.0.0 - Admin Note Deletion via CSRF |
| CVE-2023-3414 | Cross-Site Request Forgery (CSRF) in Jenkins Plug-in for ServiceNow DevOps |
| CVE-2023-34169 | WordPress TS Webfonts for さくらのレンタルサーバ Plugin <= 3.1.2 is vulnerable to Broken Access Control |
| CVE-2023-34171 | WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34177 | WordPress WP-Cache.com Plugin <= 1.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34178 | WordPress Groundhogg Plugin <= 2.7.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34181 | WordPress WP-Cirrus Plugin <= 0.6.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34182 | WordPress LH Password Changer Plugin <= 1.55 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34185 | WordPress NextGen GalleryView Plugin <= 0.5.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34371 | WordPress Download SpamReferrerBlock Plugin <= 2.22 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34373 | WordPress Zephyr Project Manager Plugin <= 3.3.93 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34378 | WordPress WP Hide Post Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34384 | WordPress Kebo Twitter Feed Plugin <= 1.5.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34386 | WordPress WPC Smart Wishlist for WooCommerce Plugin <= 4.7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3492 | WP Shopping Pages <= 1.14 - Stored XSS via CSRF |
| CVE-2023-35030 | Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7... |
| CVE-2023-35038 | WordPress WP PDF Generator Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35041 | WordPress Webpushr Plugin <= 4.34.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35044 | WordPress Securimage-WP Plugin <= 3.6.16 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35047 | WordPress All Bootstrap Blocks Plugin <= 1.3.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3507 | WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF |
| CVE-2023-3508 | WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF |
| CVE-2023-35089 | WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35091 | WordPress WooCommerce Stock Manager Plugin <= 2.10.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35096 | WordPress myCred Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3510 | FTP Access <= 1.0 - Subscriber+ Stored XSS |
| CVE-2023-35120 | PiiGAB M-Bus Cross-Site Request Forgery |
| CVE-2023-3547 | All in One B2B for WooCommerce <= 1.0.3 - Multiple CSRF |
| CVE-2023-35773 | WordPress Template Debugger Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35774 | WordPress LWS Tools Plugin <= 2.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35778 | WordPress Recent Posts Slider Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35780 | WordPress Galleria Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35781 | WordPress LWS Cleaner Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3579 | HadSky User cross-site request forgery |
| CVE-2023-35877 | WordPress Extra User Details Plugin <= 0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36511 | WordPress WooCommerce Order Barcodes Plugin <= 1.6.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36513 | WordPress AutomateWoo Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36514 | WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36517 | WordPress WP Abstracts Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36522 | WordPress Quiz Expert – Easy Quiz Maker, Exam and Test Manager Plugin <= 1.5.0 is vulnerable to Cross Site Request Forgery (C... |
| CVE-2023-36682 | WordPress Schema Pro Plugin <= 2.7.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36685 | WordPress CartFlows Pro Plugin <= 1.11.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36687 | WordPress Menubar Plugin <= 5.8.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36690 | WordPress WPLMS Theme < 4.900 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36691 | WordPress WebwinkelKeur Plugin <= 3.24 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36693 | WordPress WP RSS Images Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37386 | WordPress Media Library Helper by Codexin Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37387 | WordPress Classified Listing Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37391 | WordPress WordPress Mobile Pack Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37392 | WordPress WP Dummy Content Generator Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37968 | WordPress Falang multilanguage Plugin <= 1.3.39 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37973 | WordPress Replace Word Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37974 | WordPress WP-FB-AutoConnect Plugin <= 4.6.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37985 | WordPress Five Star Restaurant Menu Plugin <= 2.4.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37990 | WordPress Perelink Pro Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37991 | WordPress WP Emoji One Plugin <= 0.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37992 | WordPress Smarty for WordPress Plugin <= 3.1.35 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37995 | WordPress WP-CopyProtect [Protect your blog posts] Plugin <= 3.1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37996 | WordPress GTmetrix for WordPress Plugin <= 0.4.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37998 | WordPress Disabler Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-38001 | IBM Aspera Orchestrator cross-site request forgery |
| CVE-2023-38579 | Westermo Lynx 206-F2G Cross-Site Request Forgery |
| CVE-2023-38739 | IBM Sterling B2B Integrator cross-site request forgery |
| CVE-2023-39158 | WordPress Woocommerce Category Banner Management Plugin <= 2.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39159 | WordPress Fraud Prevention For Woocommerce Plugin <= 2.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39165 | WordPress Sign-up Sheets Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39166 | WordPress tagDiv Composer Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-0522 | Allegro RomPager HTTP POST Request cross-site request forgery |
| CVE-2024-0555 | Cross-Site Request Forgery (CSRF) vulnerability on WIC1200 |
| CVE-2024-10040 | Infinite-Scroll <= 2.6.2 - Cross-Site Request Forgery to Plugin Settings Update |
| CVE-2024-10045 | Transients Manager <= 2.0.6 - Cross-Site Request Forgery |
| CVE-2024-10480 | 3DPrint Lite < 2.1 - Settings Update via CSRF |
| CVE-2024-10481 | Cross-Site Request Forgery (CSRF) in comfyanonymous/comfyui |
| CVE-2024-10521 | WordPress Contact Forms by Cimatti <= 1.9.2 - Cross-Site Request Forgery via process_bulk_action Function |
| CVE-2024-10557 | code-projects Blood Bank Management System updateprofile.php cross-site request forgery |
| CVE-2024-10581 | DirectoryPress Frontend <= 2.7.9 - Cross-Site Request Forgery to Listing Status Update |
| CVE-2024-10593 | WPForms – Easy Form Builder for WordPress <= 1.9.1.6 - Cross-Site Request Forgery (CSRF) to Plugin's Log Deletion |
| CVE-2024-10906 | Cross-Site Request Forgery (CSRF) in eosphoros-ai/db-gpt |
| CVE-2024-11014 | Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to... |
| CVE-2024-11141 | Sailthru Triggermail < 1.1 - Subscriber+ Stored XSS |
| CVE-2024-11142 | CSRF in Gosoft Software's Proticaret E-Commerce |
| CVE-2023-4013 | GDPR Cookie Compliance < 4.12.5 - License Update/Deactivation via CSRF |
| CVE-2023-40172 | Cross-Site Request Forgery (CSRF) in fobybus/social-media-skeleton |
| CVE-2023-40198 | WordPress Easy Cookie Law Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40199 | WordPress WP Like Button Plugin <= 1.7.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40201 | WordPress Futurio Extra Plugin <= 1.8.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40202 | WordPress WP HTML Mail Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40210 | WordPress SB Child List Plugin <= 4.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40212 | WordPress WooCommerce Product Attachment Plugin <= 2.1.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40335 | WordPress Cleverwise Daily Quotes Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40556 | WordPress Schedule Posts Calendar Plugin <= 5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40558 | WordPress Video Gallery & Management Plugin <= 3.3.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40559 | WordPress WooCommerce Dynamic Pricing and Discount Rules Plugin <= 2.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40561 | Enhanced Ecommerce Google Analytics for WooCommerce |
| CVE-2023-40572 | XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action |
| CVE-2023-4059 | Profile Builder < 3.9.8 - Unauthenticated Plugin's Pages Creation |
| CVE-2023-40607 | WordPress CLUEVO LMS, E-Learning Platform Plugin <= 1.10.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40671 | WordPress DX-auto-save-images Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41129 | WordPress Patreon WordPress Plugin <= 1.8.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41131 | WordPress Sp*tify Play Button for WordPress Plugin <= 2.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41244 | WordPress Localize Remote Images Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-4150 | User Activity Tracking and Log < 4.0.9 - License Update/Deactivation via CSRF |
| CVE-2023-41650 | WordPress Remove/hide Author, Date, Category Like Entry-Meta Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41654 | WordPress authLdap Plugin <= 2.5.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41659 | WordPress Responsive Gallery Grid Plugin <= 2.3.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41660 | WordPress WP Migration Plugin DB & Files – WP Synchro Plugin <= 1.9.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41667 | WordPress WP-dTree Plugin <= 4.4.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41668 | WordPress Leadster Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41669 | WordPress Live News Plugin <= 1.06 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41670 | WordPress Use Memcached Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41672 | WordPress Hide admin notices – Admin Notification Center Plugin <= 2.3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41684 | WordPress SIS Handball Plugin <= 1.0.45 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41686 | WordPress Woocommerce Support System plugin <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-41693 | WordPress MyCryptoCheckout Plugin <= 2.125 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41694 | WordPress Realbig Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41697 | WordPress Easy WP Cleaner Plugin <= 1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-4209 | POEditor < 0.9.8 - Settings Reset via CSRF |
| CVE-2023-4301 | CSRF vulnerability in Fortify Plugin allow capturing credentials |
| CVE-2023-4307 | Lock User Account <= 1.0.3 - Arbitrary Account Lock/Unlock via CSRF |
| CVE-2023-44146 | WordPress Checkfront Online Booking System Plugin <= 3.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44160 | Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Prot... |
| CVE-2023-44161 | Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Prot... |
| CVE-2023-44385 | Client-Side Request Forgery in Home Assistant iOS/macOS native Apps |
| CVE-2023-44470 | WordPress Kv TinyMCE Editor Add Fonts Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44471 | WordPress Backend Localization Plugin <= 2.1.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44473 | WordPress Table of Contents Plus Plugin <= 2302 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44475 | WordPress Add Shortcodes Actions And Filters Plugin <= 2.0.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44476 | WordPress CopyRightPro Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44478 | WordPress Events Rich Snippets for Google plugin <= 1.8 - CSRF Leading to Privilege Escalation vulnerability |
| CVE-2023-4454 | Cross-Site Request Forgery (CSRF) in wallabag/wallabag |
| CVE-2023-4455 | Cross-Site Request Forgery (CSRF) in wallabag/wallabag |
| CVE-2023-44993 | WordPress ChatBot Plugin <= 4.7.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44994 | WordPress ShortCodes UI Plugin <= 1.9.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44995 | WordPress WooCommerce Login Redirect Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44996 | WordPress Post View Count Plugin <= 1.8.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44997 | WordPress WP Forms Puzzle Captcha Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44998 | WordPress Category Meta Plugin <= 1.2.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44999 | WordPress WooCommerce Stripe Gateway plugin <= 7.6.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-45011 | WordPress WP Power Stats Plugin <= 2.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45605 | WordPress Feed Statistics Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45606 | WordPress Simple URLs Plugin <= 120 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45629 | WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45638 | WordPress Eupago Gateway For Woocommerce Plugin <= 3.1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45639 | WordPress Sort SearchResult By Title Plugin <= 10.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45641 | WordPress Caret Country Access Limit Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45642 | WordPress Snap Pixel Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45643 | WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45645 | WordPress WP Open Street Map Plugin <= 1.25 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45647 | WordPress Constant Contact Forms by MailMunch Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45650 | WordPress HTML5 Maps Plugin <= 1.7.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45651 | WordPress WP Attachments Plugin <= 5.0.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45653 | WordPress Video Playlist For YouTube Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45654 | WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45655 | WordPress PixFields Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45656 | WordPress Lazy Load for Videos Plugin <= 2.18.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45670 | Frigate cross-site request forgery in `config_save` and `config_set` request handlers |
| CVE-2024-12526 | Arena.IM – Live Blogging for real-time events <= 0.3.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2024-12541 | Chative Live chat and Chatbot <= 1.1 - Cross-Site Request Forgery via add_chative_widget_action Function |
| CVE-2024-12545 | Scratch & Win – Giveaways and Contests <= 2.7.1 - Cross-Site Request Forgery via reset_installation Function |
| CVE-2024-12554 | Peter’s Custom Anti-Spam <= 3.2.3 - Cross-Site Request Forgery via cas_register_post Function |
| CVE-2024-12555 | SIP Calculator <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-12557 | Transporters.io <= 2.0.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-12709 | Bulk Me Now <= 2.0 - Message Deletion via CSRF |
| CVE-2024-12750 | Competition Form <= 2.0 - Competition Deletion via CSRF |
| CVE-2024-12771 | eCommerce Product Catalog Plugin for WordPress <= 3.3.43 - Cross-Site Request Forgery to Password Reset |
| CVE-2024-12774 | Altra Side Menu <= 2.0 - Abitrary Menu Deletion via CSRF |
| CVE-2024-13057 | Dyn Business Panel <= 1.0.0 - Stored XSS via CSRF |
| CVE-2024-1306 | Smart Forms < 2.6.94 - Edit Entries via CSRF |
| CVE-2024-13096 | WP Finance <= 1.3.6 - Stored XSS via CSRF |
| CVE-2024-13203 | kurniaramadhan E-Commerce-PHP cross-site request forgery |
| CVE-2024-13244 | Migrate Tools - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-008 |
| CVE-2024-13250 | Drupal Symfony Mailer Lite - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-014 |
| CVE-2024-13260 | Migrate queue importer - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-024 |
| CVE-2024-13261 | Acquia DAM - Moderately critical - Cross Site Request Forgery, Denial of Service - SA-CONTRIB-2024-025 |
| CVE-2024-13405 | Apptivo Business Site CRM <= 5.3 - Cross-Site Request Forgery to IP Address Block |
| CVE-2024-13432 | Webcamconsult <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13436 | Appsero Helper <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13437 | Book a Room <= 2.9 - Cross-Site Request Forgery to Settings Update |
| CVE-2024-13438 | SpeedSize Image & Video AI-Optimizer <= 1.5.1 - Cross-Site Request Forgery to Clear Cache |
| CVE-2024-13444 | wp-greet <= 6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13494 | WordPress File Upload <= 4.25.2 - Cross-Site Request Forgery in wfu_file_details |
| CVE-2024-13510 | ShopSite <= 1.5.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13511 | Variation Swatches for WooCommerce 1.0.8 - 1.3.2 - Cross-Site Request Forgery to Plugin Settings Reset |
| CVE-2024-13512 | Wonder FontAwesome <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13518 | Simple:Press <= 6.10.11 - Cross-Site Request Forgery to Unauthorized Post Editing |
| CVE-2024-13521 | MailUp Auto Subscription <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13522 | magayo Lottery Results <= 2.0.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13523 | MemorialDay <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13555 | 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.1 - Cross-Site Request Forgery to Backup Process Cance... |
| CVE-2024-13560 | Subscriptions & Memberships for PayPal <= 1.1.6 - Cross-Site Request Forgery to Arbitrary Post Deletion |
| CVE-2024-13580 | XV Random Quotes <= 1.40 - Settings Reset via CSRF |
| CVE-2024-13647 | School Management System – SakolaWP <= 1.0.8 - Cross-Site Request Forgery to Exam Setting Manipulation |
| CVE-2023-6653 | PHPGurukul Teacher Subject Allocation Management System Create a new Subject subject.php cross-site request forgery |
| CVE-2023-6671 | Cross-Site Request Forgery on OPEN JOURNAL SYSTEMS |
| CVE-2023-6676 | Cross Site Request Forgery in National Keep's CyberMath |
| CVE-2023-6689 | Cross-Site Request Forgery in EFACEC BCU 500 |
| CVE-2023-6766 | PHPGurukul Teacher Subject Allocation Management System Delete Course course.php cross-site request forgery |
| CVE-2023-6845 | CommentTweets <= 0.6 - Settings Update via CSRF |
| CVE-2023-6904 | Jahastech NxFilter config,admin.jsp cross-site request forgery |
| CVE-2023-6946 | Autotitle for WordPress <= 1.0.3 - Settings Update to Stored XSS via CSRF |
| CVE-2023-7038 | automad User Creation cross-site request forgery |
| CVE-2023-7045 | Cross-Site Request Forgery (CSRF) in GitLab |
| CVE-2023-7051 | PHPGurukul Online Notes Sharing System manage-notes.php cross-site request forgery |
| CVE-2023-7052 | PHPGurukul Online Notes Sharing System profile.php cross-site request forgery |
| CVE-2023-7074 | WP Social Bookmark Menu <= 1.2 - Settings Update via CSRF |
| CVE-2023-7083 | Voting Record <= 2.0 - Settings Update to Stored XSS via CSRF |
| CVE-2023-7092 | Uniway UW-302VP Admin Web Interface wlan_basic_set.cgi cross-site request forgery |
| CVE-2023-7125 | Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF |
| CVE-2023-7174 | aBitGone CommentSafe <= 1.0.0 - Settings Update to Stored XSS via CSRF |
| CVE-2023-7195 | WP-Reply Notify <= 1.1 - Settings Update via CSRF |
| CVE-2023-7196 | Ultimate Noindex Nofollow Tool <= 1.1.2 - Settings Update via CSRF |
| CVE-2023-7197 | Marketing Twitter Bot <= 1.11 - Settings Update to Stored XSS via CSRF |
| CVE-2023-7202 | Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending |
| CVE-2023-7203 | Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion |
| CVE-2023-7229 | illi Link Party! <= 1.0 - Settings Update via CSRF |
| CVE-2023-7269 | ArtPlacer Widget < 2.21.2 - Stored XSS via CSRF |
| CVE-2023-7273 | Cross Site Request Forgery in Kiteworks OwnCloud |
| CVE-2023-7297 | TwitterPosts <= 1.0.2 - Settings Update via CSRF |
| CVE-2024-0392 | Cross-Site Request Forgery (CSRF) in WSO2 Enterprise Integrator 6.6.0 Management Console Due to Missing CSRF Token Validation |
| CVE-2024-0779 | Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking |
| CVE-2024-0856 | Booking Calendar < 1.3.83 - CSRF appointment scheduling |
| CVE-2024-0858 | Innovs HR <= 1.0.3.4 - Employee Creation via CSRF |
| CVE-2024-0880 | Qidianbang qdbcrm Password Reset cross-site request forgery |
| CVE-2024-10448 | code-projects Blood Bank Management System delete.php cross-site request forgery |
| CVE-2024-10605 | code-projects Blood Bank Management System request.php cross-site request forgery |
| CVE-2024-10634 | Nokaut Offers Box <= 1.4.0 - Plugin Reset via CSRF |
| CVE-2024-10677 | BTEV <= 2.0.2 - Settings Update via CSRF |
| CVE-2024-10711 | WooCommerce Report <= 1.5.1 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-10726 | Friendly Functions for Welcart <= 1.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-10789 | WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update |
| CVE-2024-10819 | CSRF to XSS in binary-husky/gpt_academic |
| CVE-2024-10832 | Posti Shipping <= 3.10.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via generate_notices_html Function |
| CVE-2024-10892 | Cost Calculator Builder < 3.2.43 - Settings update via CSRF |
| CVE-2024-11071 | Improper Access Control In DestinyECM |
| CVE-2024-11118 | 404 Error Monitor <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update via updatePluginSettings Function |
| CVE-2024-11125 | GetSimpleCMS profile.php cross-site request forgery |
| CVE-2024-11336 | Clickbank WordPress Plugin (Storefront) <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11341 | Simple Redirection <= 1.5 - Cross-Site Request Forgery to Arbitrary Site Redirect |
| CVE-2024-11342 | Skt NURCaptcha <= 3.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11373 | Connexion Logs <= 3.0.2 - Log Deletion via CSRF |
| CVE-2024-11415 | WP-Orphanage Extended <= 1.2 - Cross-Site Request Forgery to Orphan Account Privilege Escalation |
| CVE-2024-11416 | WIP Incoming Lite <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11417 | dejure.org Vernetzungsfunktion <= 1.97.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11419 | Password for WP <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11444 | CLUEVO LMS, E-Learning Platform <= 1.13.2 - Cross-Site Request Forgery to Module Deletion |
| CVE-2024-11673 | 1000 Projects Bookstore Management System cross-site request forgery |
| CVE-2024-11689 | HQ Rental Software <= 1.5.29 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-11719 | tarteaucitron.js for WordPress < 0.3.0 - Stored XSS via CSRF |
| CVE-2024-11743 | SourceCodester Best House Rental Management System POST Request ajax.php cross-site request forgery |
| CVE-2024-11812 | Wtyczka SeoPilot dla WP <= 3.3.091 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11813 | Pulsating Chat Button <= 1.3.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11842 | DN Shipping by Weight for WooCommerce < 1.2 - Settings Update via CSRF |
| CVE-2024-1211 | Cross-Site Request Forgery (CSRF) in GitLab |
| CVE-2024-12115 | Poll Maker <= 5.5.4 - Cross-Site Request Forgery to Poll Duplication |
| CVE-2024-1522 | Cross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webui |
| CVE-2024-1727 | CSRF Vulnerability in gradio-app/gradio |
| CVE-2024-1747 | WooCommerce Customers Manager < 30.2 - Subscriber+ Stored XSS |
| CVE-2024-1755 | NPS computy <= 2.7.5 - Results Deletion via CSRF |
| CVE-2024-1756 | WooCommerce Customers Manager < 29.8 - Subscriber+ Email Disclosure |
| CVE-2024-1845 | VikRentCar Car Rental Management System < 1.3.2 - Cross Site Request Forgery |
| CVE-2024-1879 | CSRF to RCE in significant-gravitas/autogpt |
| CVE-2024-1889 | Cross-Site Request Forgery vulnerability in SMA Cluster Controller |
| CVE-2024-1962 | CM Download and File Manager < 2.9.1 - Download Edit via CSRF |
| CVE-2024-20368 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated,... |
| CVE-2024-2040 | Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF |
| CVE-2024-20421 | Cisco ATA 190 Series Analog Telephone Adapter Firmware Cross-Site Request Forgery Vulnerability |
| CVE-2024-20437 | A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacke... |
| CVE-2024-20718 | [Spain] CSRF to delete Requisition Lists at Adobe Commerce |
| CVE-2024-2134 | Bdtask Hospita AutoManager Investigation Report cross-site request forgery |
| CVE-2024-21749 | WordPress 1 click disable all Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-21752 | WordPress Ajax Search Lite Plugin <= 4.11.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-11143 | Kognetiks Chatbot for WordPress <= 2.1.8 - Cross-Site Request Forgery to Authenticated (Subscriber+) Assistant Modification |
| CVE-2024-11607 | GTPayment Donations <= 1.0.0 - Stored XSS via CSRF |
| CVE-2024-11640 | VikRentCar Car Rental Management System <= 1.4.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File U... |
| CVE-2024-11641 | VikBooking Hotel Booking Engine & PMS <= 1.7.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upl... |
| CVE-2024-11975 | Reactflow Visitor Recording and Heatmaps <= 1.0.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12003 | WP System <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-12004 | WPC Order Notes for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12005 | WP-BibTeX <= 3.0.1 - Cross-Site Request Forgery to Stored and Reflected Cross-Site Scripting |
| CVE-2024-12170 | ViewMedica Embed <= 1.4.15 - Cross-Site Request Forgery to SQL Injection |
| CVE-2024-12206 | Wordpress Header Builder Plugin <= 1.3.8 - Cross-Site Request Forgery to Header Deletion |
| CVE-2024-12218 | Woocommerce check pincode/zipcode for shipping <= 2.0.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12219 | Stop Registration Spam <= 1.23 - Cross-Site Request Forgery to Cross-Site Scripting |
| CVE-2024-12220 | SMS for WooCommerce <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12279 | WP Social AutoConnect <= 4.6.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12280 | WP Customer Area <= 8.2.4 - Event Log Deletion via CSRF |
| CVE-2024-12282 | WordPress连接微博 <= 2.5.6 - Stored XSS via CSRF |
| CVE-2024-12288 | Simple add pages or posts <= 2.0.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12291 | ViewMedica 9 <= 1.4.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12293 | User Role Editor <= 4.64.3 - Cross-Site Request Forgery to Privilege Escalation |
| CVE-2024-12301 | JSP Store Locator <= 1.0 - Deletion via Missing CSRF |
| CVE-2024-1231 | CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF |
| CVE-2024-1232 | CM Download Manager < 2.9.0 - Download Deletion via CSRF |
| CVE-2024-12322 | ThePerfectWedding.nl Widget <= 2.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-12349 | JFinalCMS save cross-site request forgery |
| CVE-2024-12383 | Binary MLM Woocommerce <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-12385 | WP Abstracts <= 2.7.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12386 | WP Abstracts <= 2.7.3 - Cross-Site Request Forgery to Arbitrary Account Deletion |
| CVE-2024-12394 | Action Network <= 1.4.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12414 | Themify Store Locator <= 1.1.9 - Cross-Site Request Forgery |
| CVE-2024-12436 | WP Customer Area <= 8.2.4 - Bulk Delete via CSRF |
| CVE-2024-12454 | Affiliate Program Suite — SliceWP Affiliates <= 1.1.23 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12572 | Hello in All Languages <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-12605 | AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GP... |
| CVE-2024-12634 | Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.59 - Cross-Site Request... |
| CVE-2024-12636 | Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.2.7 - Cross-Site Request Forger... |
| CVE-2024-12642 | Chunghwa Telecom TenderDocTransfer - Arbitrary File Write |
| CVE-2024-12643 | Chunghwa Telecom tbm-client - Arbitrary File Delete |
| CVE-2024-12644 | Chunghwa Telecom tbm-client - Arbitrary File Copy and Paste |
| CVE-2024-12645 | Chunghwa Telecom topm-client - Arbitrary File Read |
| CVE-2024-12646 | Chunghwa Telecom topm-client - Arbitrary File Delete |
| CVE-2024-12955 | PHPGurukul Blood Bank & Donor Management System logout.php cross-site request forgery |
| CVE-2024-13115 | WP Projects Portfolio with Client Testimonials <= 3.0 - Stored XSS via CSRF |
| CVE-2024-13118 | IP Based Login < 2.4.1 - Log Deletion via CSRF |
| CVE-2024-13146 | Booknetic < 4.1.5 - Staff Creation via CSRF |
| CVE-2024-13284 | Gutenberg - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-048 |
| CVE-2024-13293 | POST File - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-059 |
| CVE-2024-13304 | Minify JS - Moderately critical - Cross site request forgery - SA-CONTRIB-2024-070 |
| CVE-2024-13315 | Shopwarden – Automated WooCommerce monitoring & testing <= 1.0.11 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-13317 | ShipWorks Connector for Woocommerce <= 5.2.5 - Cross-Site Request Forgery to Service Password/Username Update |
| CVE-2024-13336 | Disable Auto Updates <= 1.4 - Cross-Site Request Forgery to Auto-update Disable |
| CVE-2024-13337 | Webcraftic Clearfy – WordPress optimization plugin <= 2.3.2 - Cross-Site Request Forgery to Plugin Settings Update via 'setup... |
| CVE-2024-13338 | Webcraftic Clearfy – WordPress optimization plugin <= 2.3.1 - Cross-Site Request Forgery to Clear Cache |
| CVE-2024-13682 | Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Cross-Site R... |
| CVE-2024-13683 | Automate Hub Free by Sperse.IO <= 1.7.0 - Cross-Site Request Forgery to Activation Status Update |
| CVE-2024-13684 | Reset <= 1.6 - Cross-Site Request Forgery to Database Reset |
| CVE-2024-13707 | WP Image Uploader <= 1.0.1 - Cross-Site Request Forgery to Arbitrary File Deletion |
| CVE-2024-13709 | Linear <= 2.8.1 - Cross-Site Request Forgery to Cache Reset |
| CVE-2024-13710 | Estatebud – Properties & Listings <= 5.5.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2024-13718 | Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later <= 1.2.26 - Cross-Site Request Forgery to Wishlist Cr... |
| CVE-2024-13720 | WP Image Uploader <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2024-13753 | Ultimate Classified Listings <= 1.4 - Cross-Site Request Forgery to Account Takeover |
| CVE-2024-13758 | CP Contact Form with PayPal <= 1.3.52 - Cross-Site Request Forgery |
| CVE-2024-13768 | CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Font Assignment... |
| CVE-2024-13774 | Wishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.7 - Cross-Site Request Forgery to Cross-Site Scriping via Wishl... |
| CVE-2024-13795 | Ecwid by Lightspeed Ecommerce Shopping Cart <= 6.12.27 - Cross-Site Request Forgery to Send Deactivation Message |
| CVE-2024-13826 | Email Keep <= 1.1 - Email Deletion via CSRF |
| CVE-2024-13852 | Option Editor <= 1.0 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-13883 | WPUpper Share Buttons <= 3.51 - Cross-Site Request Forgery to Custom CSS Update |
| CVE-2024-13913 | InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.83 - Cross-Site Request Forgery to Local File Inclusion |
| CVE-2024-13933 | FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Cross-Site Request Forgery in Multiple Functions |
| CVE-2024-20252 | Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an un... |
| CVE-2024-20254 | Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an un... |
| CVE-2024-20255 | A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an u... |
| CVE-2024-20281 | A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services coul... |
| CVE-2024-20347 | A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which... |
| CVE-2024-20486 | Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability |
| CVE-2024-21381 | Microsoft Azure Active Directory B2C Spoofing Vulnerability |
| CVE-2024-22136 | WordPress Droit Elementor Addons Plugin <= 3.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22140 | WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22143 | WordPress WP Spell Check Plugin <= 9.17 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22155 | WordPress WooCommerce plugin <= 8.5.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-22285 | WordPress Frontpage Manager Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22287 | WordPress Better Anchor Links Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22290 | WordPress Custom Dashboard Widgets Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22291 | WordPress Browser Theme Color Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-22304 | WordPress FreshMail For WordPress Plugin <= 2.3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-2322 | WooCommerce Cart Abandonment Recovery < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF |
| CVE-2024-23319 | CSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin) |
| CVE-2024-2376 | WPQA < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF |
| CVE-2024-23831 | Privilege escalation through CSRF attack on 'setup.pl' |
| CVE-2024-23910 | Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unau... |
| CVE-2024-2405 | Float menu < 6.0.1 - Menu Deletion via CSRF |
| CVE-2024-2416 | Cross-Site Request Forgery vulnerability in Movistar 4G router |
| CVE-2024-2429 | Salon booking system <= 9.6.5 - Settings Update via CSRF |
| CVE-2024-24777 | A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e... |
| CVE-2024-24798 | WordPress Debug Plugin <= 1.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24802 | WordPress JTRT Responsive Tables Plugin <= 4.1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24819 | icingaweb2-module-incubator base implementation for HTML forms is susceptible to CSRF |
| CVE-2024-24820 | Icinga Director configuration is susceptible to Cross-Site Request Forgery |
| CVE-2024-2483 | Surya2Developer Hostel Management Service Password Change change-password.php cross-site request forgery |
| CVE-2024-24837 | Cross-Site Request Forgery (CSRF) vulnerability in FG PrestaShop, FG Drupal and FG Joomla WordPress plugins |
| CVE-2024-24843 | WordPress PowerPack Pro for Elementor Plugin < 2.10.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-26153 | ETIC Telecom Remote Access Server (RAS) Cross-Site Request Forgery |
| CVE-2024-27265 | IBM Integration Bus for z/OS cross-site request forgery |
| CVE-2024-2739 | Advance Search <= 1.1.6 - Shortcode Deletion via CSRF |
| CVE-2024-2741 | Cross-Site Request Forgery in Planet IGS-4215-16T2S |
| CVE-2024-27439 | Apache Wicket: Possible bypass of CSRF protection |
| CVE-2024-2748 | CSRF vulnerability was identified in GitHub Enterprise Server that allowed performing actions on behalf of a user |
| CVE-2024-2843 | WooCommerce Customers Manager < 30.1 - User Deletion via CSRF |
| CVE-2024-2857 | Simple Buttons Creator <= 1.04 - Unauthenticated Stored XSS |
| CVE-2024-2858 | Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF |
| CVE-2024-28828 | 1-Click compromize via CSRF |
| CVE-2024-29773 | WordPress BizPrint plugin <= 4.5.5 - CSRF to XSS vulnerability |
| CVE-2024-30493 | WordPress Church Admin plugin <= 4.1.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30518 | WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30521 | WordPress Landingi Landing Pages plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30526 | WordPress Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin <= 6.5.6 - Cross Site Request Forgery (CSRF)... |
| CVE-2024-30536 | WordPress Slugs Manager plugin <= 2.6.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30541 | WordPress LWS Optimize plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30545 | WordPress Social Author Bio plugin <= 2.4 - Stored XSS via Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30546 | WordPress Login With Ajax plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30560 | WordPress DX-Watermark plugin <= 1.0.4 - CSRF to Arbitrary File Upload and XSS vulnerability |
| CVE-2024-3058 | ENL Newsletter <= 1.0.1 - Stored XSS via CSRF |
| CVE-2024-3059 | ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF |
| CVE-2024-3076 | MM-email2image <= 0.2.5 - Stored XSS via CSRF |
| CVE-2024-3083 | A “CWE-352: Cross-Site Request Forgery (CSRF)” can be exploited by remote attackers to perform state-changing operations with... |
| CVE-2024-3089 | PHPGurukul Emergency Ambulance Hiring Portal Manage Ambulance Page manage-ambulance.php cross-site request forgery |
| CVE-2024-31086 | WordPress Change default login logo,url and title plugin <= 2.0 - CSRF to XSS vulnerability |
| CVE-2024-31093 | WordPress Broken Images plugin <= 0.2 - CSRF to XSS vulnerability |
| CVE-2024-31096 | WordPress Nictitate theme <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31100 | WordPress Popup Cart Lite for WooCommerce plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31105 | WordPress Tax Rate Upload plugin <= 2.4.5 - CSRF leading to Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31985 | XWiki Platform CSRF in the job scheduler |
| CVE-2024-31986 | XWiki Platform CSRF remote code execution through scheduler job's document reference |
| CVE-2024-31988 | XWiki Platform CSRF remote code execution through the realtime HTML Converter API |
| CVE-2024-31998 | CSRF security issue on CSV import in Combodo iTop |
| CVE-2024-32082 | WordPress Sync Post With Other Site plugin <= 1.5.1 - Cross Site Request Forgery (CSRF) to XSS vulnerability |
| CVE-2024-32084 | WordPress Before And After plugin <= 3.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32085 | WordPress Citadela Listing plugin < 5.20.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32088 | WordPress Website Builder plugin <= 6.15.20 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32089 | WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32090 | WordPress Church Admin plugin <= 4.0.27 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32091 | WordPress Sangar Slider plugin <= 1.3.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32092 | WordPress Kimili Flash Embed plugin <= 2.5.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32093 | WordPress Novelist plugin <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32094 | WordPress Church Content plugin <= 2.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32095 | WordPress MultiParcels Shipping For WooCommerce plugin < 1.16.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32096 | WordPress WP Synchro plugin <= 1.11.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32097 | WordPress GEO my WordPress plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32099 | WordPress WP Mail Catcher plugin <= 2.1.6 - Cross Site Request Forgery vulnerability |
| CVE-2024-32101 | WordPress Email Marketing for WooCommerce plugin <= 1.14.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32102 | WordPress Crony Cronjob Manager plugin <= 0.5.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32103 | WordPress Siteimprove plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32104 | WordPress NextMove Lite plugin <= 2.18.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32105 | WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32106 | WordPress WP Compress plugin <= 6.10.35 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32107 | WordPress Finale Lite plugin <= 2.18.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32108 | WordPress Convert Post Types plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32109 | WordPress WP Matterport Shortcode plugin <= 2.1.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32112 | WordPress Leadinfo plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32141 | WordPress Libsyn Publisher Hub plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3238 | WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.29 - Cross-Site Request Forgery to Arbitrary File Deletion |
| CVE-2024-32433 | WordPress BEAF plugin <= 4.5.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32434 | WordPress Order Delivery Date for WooCommerce plugin <= 3.20.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32435 | WordPress AffiEasy plugin <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32436 | WordPress Gift Cards plugin <= 4.4.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32437 | WordPress eCommerce Product Catalog plugin <= 3.3.28 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32438 | WordPress SEO Booster plugin <= 3.8.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32439 | WordPress WP Client Reports plugin <= 1.0.22 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32440 | WordPress Asgaros Forum plugin <= 2.8.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32441 | WordPress Zoho Campaigns plugin <= 2.0.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32442 | WordPress Zoho Campaigns plugin <= 2.0.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32443 | WordPress IP2Location Country Blocker plugin <= 2.34.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32445 | WordPress WebinarIgnition plugin <= 3.05.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32446 | WordPress Wallet System for WooCommerce plugin <= 2.5.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32447 | WordPress AWP Classifieds plugin <= 4.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32448 | WordPress Ads.txt Admin plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32449 | WordPress RestroPress plugin <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32450 | WordPress WpTravelly plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32451 | WordPress Legal Pages plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32452 | WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3246 | LiteSpeed Cache <= 6.2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-32538 | WordPress Easy CountDowner plugin <= 1.0.8 - CSRF to XSS vulnerability |
| CVE-2024-32549 | WordPress Related Posts for WordPress plugin <= 4.0.3 - CSRF to XSS vulnerability |
| CVE-2024-32550 | WordPress BMI Adult & Kid Calculator plugin <= 1.2.1 - CSRF to XSS vulnerability |
| CVE-2024-32693 | WordPress Automatic plugin < 3.93.0 - Multiple Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32699 | WordPress YITH WooCommerce Compare plugin <= 2.37.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32728 | WordPress Paid Membership Subscriptions plugin <= 2.11.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32773 | WordPress Royal Elementor Kit theme <= 1.0.116 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32785 | WordPress The Pack Elementor addons plugin <= 2.0.8.3 - Cross Site Request Forgery (CSRF) to XSS vulnerability |
| CVE-2024-32789 | WordPress Seers plugin <= 8.0.6 - Cross Site Request Forgery (CSRF) to XSS vulnerability |
| CVE-2024-32793 | WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32794 | WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32795 | WordPress WPCal.io <= 0.9.5.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32806 | WordPress Headline Analyzer plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32863 | exacqVison - CSRF issues with Web Service |
| CVE-2024-32947 | WordPress WP ADA Compliance Check Basic plugin <= 3.1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32958 | WordPress Slash Admin plugin <= 3.8.1 - CSRF to XSS vulnerability |
| CVE-2024-33632 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33638 | WordPress Smart Maintenance Mode plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33646 | WordPress Sticky Anything plugin <= 2.1.5 - Broken Access Control to XSS vulnerability |
| CVE-2024-33650 | WordPress Serious Slider plugin <= 1.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33651 | WordPress MF Gig Calendar plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33677 | WordPress Contact Form 7 Extension For Mailchimp plugin <= 0.5.70 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33678 | WordPress ClickCease Click Fraud Protection plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33679 | WordPress FameTheme Demo Importer plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33680 | WordPress MainWP Child Reports plugin <= 2.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33681 | WordPress Regenerate post permalink plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) leading to XSS vulnerability |
| CVE-2024-33682 | WordPress WP GDPR Compliance plugin <= 2.0.23 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33683 | WordPress Hide Dashboard Notifications plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33688 | WordPress Teluro theme <= 1.0.31 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33689 | WordPress Radio Station plugin <= 2.5.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33690 | WordPress Financio theme <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-33691 | WordPress Popup Builder by OptinMonster plugin <= 2.15.3 - Cross Site Request Forgery (CSRF) Notice Dismissal vulnerability |
| CVE-2024-33913 | WordPress Xserver Migrator plugin <= 1.6.1 - CSRF to Arbitrary File Upload vulnerability |
| CVE-2024-34001 | moodle: CSRF risk in admin preset tool management of presets |
| CVE-2024-34007 | moodle: logout CSRF in admin/tool/mfa/auth.php |
| CVE-2024-34008 | moodle: CSRF risk in analytics management of models |
| CVE-2024-3405 | WP Prayer <= 2.0.9 - Settings Update via CSRF |
| CVE-2024-3406 | WP Prayer <= 2.0.9 - Email Settings Update via CSRF |
| CVE-2024-34069 | Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution |
| CVE-2024-3407 | WP Prayer <= 2.0.9 - Arbitrary Prayer Deletion via CSRF |
| CVE-2024-34367 | WordPress Popup Box plugin <= 4.1.2 - CSRF to XSS vulnerability |
| CVE-2024-34379 | WordPress Restaurant and Cafe theme <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34427 | WordPress WP Favorite Posts plugin <= 1.6.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34439 | WordPress DS Site Message plugin <= 1.14.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34557 | WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3471 | Button Generator < 3.0 - Button Deletion via CSRF |
| CVE-2024-3472 | Modal Window < 5.3.10 - Modal Deletion via CSRF |
| CVE-2024-3474 | Wow Skype Buttons < 4.0.4 - Button Deletion via CSRF |
| CVE-2024-3475 | Sticky Buttons < 3.2.4 - Button Deletion via CSRF |
| CVE-2024-34755 | WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.3.9 - Cross... |
| CVE-2024-34756 | WordPress Integration for HubSpot and Contact Form 7 plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3476 | Side Menu Lite < 4.2.1 - Menu Deletion via CSRF |
| CVE-2024-3477 | Popup Box < 2.2.7 - Popup Deletion via CSRF |
| CVE-2024-3478 | Herd Effects < 5.2.7 - Effect Deletion via CSRF |
| CVE-2024-34806 | WordPress Clearfy Cache plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34807 | WordPress Fast Custom Social Share by CodeBard plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34809 | WordPress EmpowerWP theme <= 1.0.21 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-2196 | CSRF Vulnerability in aimhubio/aim |
| CVE-2024-2232 | Himer - Social Questions and Answers < 2.1.3 - CSRF While Sending the Invites |
| CVE-2024-2233 | Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section |
| CVE-2024-2235 | Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF |
| CVE-2024-22416 | Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation |
| CVE-2024-22424 | Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd |
| CVE-2024-22438 | HPE OfficeConnect 1820 Network switches, Cross-Site Request Forgery (CSRF) |
| CVE-2024-2262 | WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF |
| CVE-2024-2277 | Bdtask G-Prescription Gynaecology & OBS Consultation Software Password Reset change_password_save cross-site request forgery |
| CVE-2024-2288 | CSRF File Upload Vulnerability in parisneo/lollms-webui |
| CVE-2024-2316 | Bdtask Hospital AutoManager Update Bill Page cross-site request forgery |
| CVE-2024-23510 | WordPress Don't Muck My Markup plugin <= 1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-23515 | WordPress Cincopa video and media plugin <= 1.159 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-23519 | WordPress Email Before Download Plugin <= 6.9.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-2354 | Dreamer CMS toEdit cross-site request forgery |
| CVE-2024-23554 | HCL BigFix Platform is susceptible to Cross-Site Request Forgery |
| CVE-2024-2449 | LoadMaster Cross-Site Request Forgery (CSRF) |
| CVE-2024-24593 | A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s Cl... |
| CVE-2024-24701 | WordPress Setka Editor Plugin <= 2.1.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24702 | WordPress Page Restrict Plugin <= 2.5.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24705 | WordPress Accessibility Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24706 | WordPress WP-CFM Plugin <= 1.7.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24708 | WordPress W3SPEEDSTER Plugin <= 7.19 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24849 | WordPress Quicksand Post Filter jQuery Plugin Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24872 | WordPress Themify Builder Plugin <= 7.0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24875 | WordPress Link Library Plugin <= 7.5.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24876 | WordPress Admin Menu Editor Plugin <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24884 | WordPress Contact Form 7 Connector Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24887 | WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24929 | WordPress WP Contact Form Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-24935 | WordPress Basic Log Viewer Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-25904 | WordPress TinyMCE Professional Formats and Styles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-25905 | WordPress Multi Step Form Plugin <= 1.7.18 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-25914 | WordPress SMTP Mail Plugin <= 1.3.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-25930 | WordPress Custom Order Statuses for WooCommerce Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-25931 | WordPress Heureka Plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-25932 | WordPress Change Table Prefix Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-25982 | Msa-24-0005: csrf risk in language import utility |
| CVE-2024-27194 | WordPress Fontific plugin <= 0.1.6 - CSRF to XSS vulnerability |
| CVE-2024-27195 | WordPress Watermark RELOADED plugin <= 1.3.5 - CSRF to XSS vulnerability |
| CVE-2024-27197 | WordPress BeePress plugin <= 6.9.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-28141 | Cross-Site Request-Forgery |
| CVE-2024-2816 | Tenda AC15 SysToolReboot fromSysToolReboot cross-site request forgery |
| CVE-2024-2817 | Tenda AC15 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery |
| CVE-2024-28195 | Cross-Site Request Forgery (CSRF) vulnerability in API and login in your_spotify |
| CVE-2024-2820 | DedeCMS baidunews.php cross-site request forgery |
| CVE-2024-2821 | DedeCMS friendlink_edit.php cross-site request forgery |
| CVE-2024-2822 | DedeCMS vote_edit.php cross-site request forgery |
| CVE-2024-2823 | DedeCMS mda_main.php cross-site request forgery |
| CVE-2024-28233 | XSS in JupyterHub via Self-XSS leveraged by Cookie Tossing |
| CVE-2024-28948 | Advantech ADAM-5630 Cross-Site Request Forgery |
| CVE-2024-29019 | ESPHome vulnerable to Authentication bypass via Cross site request forgery |
| CVE-2024-29192 | GHSL-2023-206 gotortc Cross-Site Request Forgery vulnerability |
| CVE-2024-2951 | WordPress RegistrationMagic plugin <= 5.3.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30252 | GitHub Security Lab (GHSL) Vulnerability Report, livemarks: `GHSL-2024-015` |
| CVE-2024-30421 | WordPress Events Manager plugin <= 6.4.7.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30454 | WordPress WP SMS plugin <= 6.6.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30455 | WordPress GamiPress plugin <= 6.8.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30456 | WordPress WPCS – WordPress Currency Switcher Professional plugin <=1.2.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30457 | WordPress MDTF plugin <= 1.3.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30458 | WordPress FOX – Currency Switcher Professional for WooCommerce plugin <= 1.4.1.7 - Cross Site Request Forgery (CSRF) vulnerab... |
| CVE-2024-30460 | WordPress Tumult Hype Animations plugin <= 1.9.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30462 | WordPress HUSKY plugin <= 1.3.5.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30468 | WordPress All-In-One Security (AIOS) – Security and Firewall plugin <= 5.2.6 - Cross Site Request Forgery (CSRF) vulnerabilit... |
| CVE-2024-30482 | WordPress Simple Revisions Delete plugin <= 1.5.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31109 | WordPress Woocommerce Social Media Share Buttons plugin <= 1.3.0 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2024-31113 | WordPress Easy Digital Downloads plugin <= 3.2.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31205 | Saleor CSRF bypass in refreshToken mutation |
| CVE-2024-3151 | Bdtask Multi-Store Inventory Management System Stock Movement Page cross-site request forgery |
| CVE-2024-3163 | Easy Property Listings < 3.5.4 - Arbitrary Contact Deletion via CSRF |
| CVE-2024-31902 | IBM InfoSphere Information Server cross-site request forgery |
| CVE-2024-31920 | WordPress Currency per Product for WooCommerce plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31921 | WordPress Ultimate Product Catalog plugin <= 5.2.15 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31922 | WordPress Hosting Benchmark tool plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31923 | WordPress Feather Login Page plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31924 | WordPress EWWW Image Optimizer plugin <= 7.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31932 | WordPress Blocksy Companion plugin <= 2.0.28 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31933 | WordPress Page Builder: Live Composer plugin <= 1.5.35 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31934 | WordPress Link Whisper Free plugin <= 0.6.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31935 | WordPress Simple Post Notes plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31936 | WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31938 | WordPress NewsXpress theme <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31939 | WordPress Import any XML or CSV File to WordPress plugin <= 3.7.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31940 | WordPress Extra Product Options Builder for WooCommerce plugin <= 1.2.104 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31941 | WordPress CP Media Player plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31942 | WordPress Calendarista Basic Edition plugin <= 3.0.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31943 | WordPress USPS Shipping for WooCommerce plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31944 | WordPress WooCommerce UPS Shipping plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37272 | WordPress Travel Monster theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37274 | WordPress WP Mobile Menu plugin <= 2.8.4.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37306 | CVAT's export and backup-related API endpoints are susceptible to CSRF |
| CVE-2024-37518 | WordPress The Events Calendar plugin <= 6.5.1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37540 | WordPress Leaky Paywall plugin <= 4.21.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37543 | WordPress Ultimate Auction plugin <= 4.2.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3756 | MF Gig Calendar <= 1.2.1 - Arbitrary Event Deletion via CSRF |
| CVE-2024-3782 | Cross-Site Request Forgery (CSRF) vulnerability in WBSAirback |
| CVE-2024-37923 | WordPress Cliengo - Chatbot plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37925 | WordPress BuddyBoss Theme theme <= 2.4.61 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37931 | WordPress Point theme <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37937 | WordPress Rara Business theme <= 1.2.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37938 | WordPress SociallyViral theme <= 1.0.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37939 | WordPress Patricia Lite theme <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37940 | WordPress Seraphinite Accelerator (Full, premium) plugin <= 2.21.13 - CSRF Leading to Arbitrary File Deletion vulnerability |
| CVE-2024-37941 | WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin <= 2.24.3 - Cross Site Request Forgery (CSRF) vulnerabil... |
| CVE-2024-3798 | Insecure handling of GET argument in Phoniebox |
| CVE-2024-3823 | Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF |
| CVE-2024-3824 | Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF |
| CVE-2024-3825 | CSRF in BlazeMeter Jenkins plugin |
| CVE-2024-38276 | moodle: CSRF risks due to misuse of confirm_sesskey |
| CVE-2024-38691 | WordPress Metorik plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38724 | WordPress Contact Form 7 Summary and Print plugin <= 1.2.5 - Cross Site Request Forgery (CSRF) to XSS vulnerability |
| CVE-2024-38729 | WordPress MBE eShip plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3873 | SMI SMI-EX-5414W Web Interface cross-site request forgery |
| CVE-2024-38731 | WordPress i-amaze theme <= 1.3.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38732 | WordPress Patricia Blog theme <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38751 | WordPress AdsforWP plugin <= 1.9.28 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38753 | WordPress Animated Rotating Words Plugin <= 5.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38754 | WordPress Tagbox plugin <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38762 | WordPress Event Tickets and Registration plugin <= 5.11.0.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38763 | WordPress Popularis Verse theme <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38764 | WordPress i-transform theme <= 3.0.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38765 | WordPress Oceanic theme <= 1.0.48 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38766 | WordPress Matomo Analytics plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) leading to Notice Dismissal vulnerability |
| CVE-2024-38776 | WordPress WP GoToWebinar plugin <= 15.7 - CSRF to XSS vulnerability |
| CVE-2024-38778 | WordPress WP Fast Total Search <= 1.69.234 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38789 | WordPress Telegram Bot & Channel plugin <= 3.8.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-38790 | WordPress Smartsupp plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3903 | Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF |
| CVE-2024-3932 | Totara LMS User Selector cross-site request forgery |
| CVE-2024-39326 | SkillTree CSRF Vulnerability allows an attacker to modify the Video and Captions of a Skill |
| CVE-2024-3940 | reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF |
| CVE-2024-39408 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) |
| CVE-2024-39409 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) |
| CVE-2024-3941 | reCAPTCHA Jetpack <= 0.2.2 - Stored XSS via CSRF |
| CVE-2024-39410 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) |
| CVE-2024-39623 | WordPress ListingPro theme <= 2.9.4 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability |
| CVE-2024-13339 | DeBounce Email Validator <= 5.6.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13356 | DSGVO All in one for WP <= 4.6 - Cross-Site Request Forgery to Account Deletion |
| CVE-2024-2559 | Tenda AC18 SysToolReboot fromSysToolReboot cross-site request forgery |
| CVE-2024-2560 | Tenda AC18 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery |
| CVE-2024-25692 | BUG-000154722 - Cross-site request forgery (CSRF) issue in Portal for ArcGIS |
| CVE-2024-26271 | Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Li... |
| CVE-2024-26272 | Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Lif... |
| CVE-2024-26273 | Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Lif... |
| CVE-2024-27783 | Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticate... |
| CVE-2024-27948 | WordPress Atahualpa Theme <= 3.7.24 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2024-27955 | WordPress Automatic plugin <= 3.92.0 - CSRF to Privilege Escalation vulnerability |
| CVE-2024-27967 | WordPress DSGVO All in one for WP plugin <= 4.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-27968 | WordPress Super Page Cache for Cloudflare plugin <= 4.7.5 - Cross Site Request Forgery (CSRF) to XSS vulnerability |
| CVE-2024-29026 | Owncast cross origin request |
| CVE-2024-2904 | WordPress Calliope theme <= 1.0.33 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-29093 | WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.3 - Cross Site Request Forgery (CSRF) vulne... |
| CVE-2024-2911 | Tianjin PubliCMS cross-site request forgery |
| CVE-2024-31235 | WordPress Comments Import & Export plugin <= 2.3.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31238 | WordPress Smart Online Order for Clover plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31239 | WordPress Nudgify Social Proof, Sales Popup & FOMO plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31250 | WordPress WP Server Health Stats plugin <= 1.7.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31251 | WordPress Community by PeepSo plugin <= 6.3.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31262 | WordPress WooCommerce Checkout Field Editor (Checkout Manager) plugin <= 2.1.8 - Cross Site Request Forgery (CSRF) vulnerabil... |
| CVE-2024-31263 | WordPress Loan Repayment Calculator and Application Form plugin <= 2.9.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31264 | WordPress Post Views Counter plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31265 | WordPress Sumo plugin <= 1.34 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31268 | WordPress AppPresser plugin <= 4.3.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31269 | WordPress Easy Google Maps plugin <= 1.11.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31271 | WordPress Ultimate Maps plugin <= 1.2.16 - Cross Site Request Forgery vulnerability |
| CVE-2024-31272 | WordPress ARForms Form Builder plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31279 | WordPress Generate Child Theme plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31285 | WordPress WordPress Tooltips plugin <= 9.5.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31289 | WordPress Hello Elementor theme <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31293 | WordPress Easy Digital Downloads plugin <= 3.2.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31299 | WordPress ReDi Restaurant Reservation plugin <= 24.0128 - Cross Site Request Forgery (CSRF) to XSS vulnerability |
| CVE-2024-31301 | WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31303 | WordPress Sign-up Sheets plugin <= 2.2.11.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31305 | WordPress Transcoder plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3135 | Cross-Site Request Forgery (CSRF) Vulnerability in mudler/localai |
| CVE-2024-31354 | WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31360 | WordPress Benchmark Email Lite plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31362 | WordPress ProfileGrid – User Profiles, Memberships, Groups and Communities plugin <= 5.7.8 - Cross Site Request Forgery (CSRF... |
| CVE-2024-31363 | WordPress LifterLMS plugin <= 7.5.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31364 | WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31369 | WordPress Soledad theme <= 8.4.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31371 | WordPress WP Event Aggregator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31372 | WordPress No-Bot Registration plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31373 | WordPress E2Pdf plugin <= 1.20.27 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31374 | WordPress AppPresser – Mobile App Framework plugin <= 4.3.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31376 | WordPress Dashboard To-Do List plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31378 | WordPress MailChimp Forms by MailMunch plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31379 | WordPress Smash Balloon Social Post Feed plugin <= 4.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31381 | WordPress Spotlight Social Feeds plugin <= 1.6.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31382 | WordPress Blocksy theme <= 2.0.22 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31383 | WordPress PopularFX theme <= 1.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31384 | WordPress Spa and Salon theme <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31385 | WordPress ReDi Restaurant Reservation plugin <= 24.0128 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31386 | Multiple WordPress themes affected by Cross-Site Request Forgery vulnerability |
| CVE-2024-31388 | WordPress Tablesome plugin <= 1.0.25 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31389 | WordPress MihanPanel plugin < 12.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3142 | Clavister E10/E80 Setting cross-site request forgery |
| CVE-2024-31422 | WordPress Favicon by RealFaviconGenerator plugin <= 1.3.29 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31424 | WordPress Login with Phone Number plugin <= 1.6.93 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31425 | WordPress Amelia plugin <= 1.0.95 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31426 | WordPress Inline Related Posts plugin <= 3.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31427 | WordPress Marker.io plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31428 | WordPress The Conference theme <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31429 | WordPress Sarada Lite theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3143 | DedeCMS member_rank.php cross-site request forgery |
| CVE-2024-31430 | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR and WOLF WordPress plugins |
| CVE-2024-31431 | WordPress Product Input Fields for WooCommerce plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31433 | WordPress The Events Calendar plugin <= 6.3.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31434 | WordPress Newsletter plugin <= 8.0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3144 | DedeCMS makehtml_spec.php cross-site request forgery |
| CVE-2024-3145 | DedeCMS makehtml_js_action.php cross-site request forgery |
| CVE-2024-3146 | DedeCMS makehtml_rss_action.php cross-site request forgery |
| CVE-2024-3147 | DedeCMS makehtml_map.php cross-site request forgery |
| CVE-2024-43356 | WordPress oik plugin <= 4.12.0 - Arbitrary File Deletion vulnerability |
| CVE-2024-43684 | Cross-Site Request Forgery vulnerability in TimeProvider 4100 |
| CVE-2024-43945 | WordPress LatePoint plugin <= 4.9.91 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43947 | WordPress WP Armour Extended plugin <= 1.26 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43984 | WordPress Podlove Podcast Publisher plugin <= 4.1.13 - CSRF to Remote Code Execution (RCE) vulnerability |
| CVE-2024-44028 | WordPress NiceJob plugin < 3.6.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-4403 | CSRF in restart_program in parisneo/lollms-webui |
| CVE-2024-44064 | WordPress Like Button Rating LikeBtn plugin <= 2.6.54 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-45693 | Apache CloudStack: Request origin validation bypass makes account takeover possible |
| CVE-2024-45737 | Maintenance mode state change of App Key Value Store (KVStore) through Cross-Site Request Forgery (CSRF) |
| CVE-2024-47082 | Strawberry GraphQL Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2024-47100 | A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC... |
| CVE-2024-47305 | WordPress Use Any Font plugin <= 6.3.08 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-47315 | WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 3.15.1 - Cross Site Request Forgery (CSRF) vulnerabili... |
| CVE-2024-4751 | WP Prayer II <= 2.4.7 - Settings Update via CSRF |
| CVE-2024-4757 | Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF |
| CVE-2024-4758 | Muslim Prayer Time BD <= 2.4 - Settings Reset via CSRF |
| CVE-2024-47634 | WordPress CartBounty plugin <= 8.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-47635 | WordPress TinyPNG plugin <= 3.4.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-47644 | WordPress Copyscape Premium plugin <= 1.3.6 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-47828 | Cross-Site Request Forgery in ampache |
| CVE-2024-47846 | Special:DeleteCargoTable and Special:SwitchCargoTable have no CSRF protection |
| CVE-2024-47879 | OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) |
| CVE-2024-47914 | VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF) |
| CVE-2024-48031 | WordPress Featured Posts with Multiple Custom Groups (FPMCG) plugin <= 4.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2024-48037 | WordPress Contact Form Widget – Contact Query, Contact Page, Form Maker, Query Table plugin <= 1.4.2 - CSRF vulnerability |
| CVE-2024-48038 | WordPress wp-Monalisa plugin <= 6.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-48047 | WordPress Linked Variation for WooCommerce plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-48048 | WordPress Wsify Widget plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-4839 | CSRF in Servers Configurations in parisneo/lollms-webui |
| CVE-2024-48846 | Cross Side Request Forgery, CSRF |
| CVE-2024-48913 | Hono vulnerable to bypass of CSRF Middleware by a request without Content-Type header. |
| CVE-2024-48962 | Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE) |
| CVE-2024-49220 | WordPress Cookie Scanner plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-49221 | WordPress cSlider plugin <= 2.4.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-49223 | WordPress CJ Change Howdy plugin <= 3.3.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-49229 | WordPress Better Author Bio plugin <= 2.7.10.11 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49237 | WordPress Ahmeti Wp Timeline plugin <= 5.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-49250 | WordPress Table of Contents Plus plugin <= 2408 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49272 | WordPress Social Auto Poster plugin <= 5.3.15 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49274 | WordPress VOD Infomaniak plugin <= 1.5.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49275 | WordPress IdeaPush plugin <= 8.69 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-4929 | SourceCodester Simple Online Bidding System cross-site request forgery |
| CVE-2024-49290 | WordPress Cooked Pro plugin < 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49294 | WordPress WpBusTicketly plugin <= 5.4.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49304 | WordPress Pinpoint Booking System plugin <= 2.9.9.5.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49306 | WordPress WP Content Copy Protection & No Right Click plugin <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49313 | WordPress VKontakte Wall Post plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49335 | WordPress GoogleDrive folder list plugin <= 2.2.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49340 | IBM Watson Studio Local cross-site request forgery |
| CVE-2024-49605 | WordPress Community Lite Video Chat plugin <= 2.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-49615 | WordPress SafetyForms plugin <= 1.0.0 - CSRF to SQL Injection vulnerability |
| CVE-2024-49617 | WordPress Back Link Tracker plugin <= 1.0.0 - CSRF to SQL Injection vulnerability |
| CVE-2024-49621 | WordPress APA Register Newsletter Form plugin <= 1.0.0 - CSRF to SQL Injection vulnerability |
| CVE-2024-49622 | WordPress Apa Banner Slider plugin <= 1.0.0 - CSRF to SQL Injection vulnerability |
| CVE-2024-49627 | WordPress WordPress Image SEO plugin <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49628 | WordPress Most And Least Read Posts Widget plugin <= 2.5.18 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49629 | WordPress Endless Posts Navigation plugin <= 2.2.7 - CSRF to Stored XSS vulnerability |
| CVE-2024-49672 | WordPress Google Docs RSVP plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49674 | WordPress EKC Tournament Manager plugin <= 2.2.1 - CSRF to Arbitrary File Upload vulnerability |
| CVE-2024-49685 | WordPress Custom Twitter Feeds plugin <= 2.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-4969 | Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF |
| CVE-2024-49779 | IBM OpenPages cross-site request forgery |
| CVE-2024-49794 | IBM ApplinX Cross-Site Request Forgery |
| CVE-2024-49795 | IBM ApplinX Cross-Site Request Forgery |
| CVE-2024-4994 | Cross-Site Request Forgery (CSRF) in GitLab |
| CVE-2024-5003 | WP Stacker <= 1.8.5 - Stored XSS via CSRF |
| CVE-2024-5028 | CM WordPress Search And Replace Plugin < 1.3.9 - Plugin Reset via CSRF |
| CVE-2024-5029 | CM Table Of Contents – WordPress TOC Plugin < 1.2.4 - Stored XSS via CSRF |
| CVE-2024-5030 | CM Table Of Contents – WordPress TOC Plugin < 1.2.3 - Settings Reset via CSRF |
| CVE-2024-5033 | SULly < 4.3.1 - Admin+ Stored XSS via CSRF |
| CVE-2024-5034 | SULly < 4.3.1 - Plugin Reset via CSRF |
| CVE-2024-50466 | WordPress DarkMySite – Advanced Dark Mode Plugin for WordPress plugin <= 1.2.8 - Cross Site Request Forgery (CSRF) vulnerabil... |
| CVE-2024-50533 | WordPress Domain Sharding plugin <= 1.2.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-50534 | WordPress World Prayer Time plugin <= 2.0 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-5076 | WP eMember < 10.6.6 - Bulk Delete via CSRF |
| CVE-2024-5077 | WP eMember < 10.6.6 - Stored XSS in Blacklist via CSRF |
| CVE-2024-5081 | WP eMember <= v10.7.0 - Stored XSS via CSRF |
| CVE-2024-5097 | SourceCodester Simple Inventory System tableedit.php#page=editprice cross-site request forgery |
| CVE-2024-51484 | Insufficient Validation in Controllers (Activation/Deactivation) in Ampache |
| CVE-2024-51485 | Insufficient Validation in Plugins (Activation/Deactivation) in Ampache |
| CVE-2024-51487 | Insufficient Validation in Catalog (Activation/Deactivation) in Ampache |
| CVE-2024-51488 | Insufficient Validation in Delete Message in Ampache |
| CVE-2024-51489 | Insufficient Message Token Validation in Ampache |
| CVE-2024-5155 | Inquiry Cart <= 3.4.2 - Stored XSS via CSRF |
| CVE-2024-51630 | WordPress Responsive Flickr Gallery plugin <= 1.3.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-51631 | WordPress Sticky Social Bar plugin <= 2.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51632 | WordPress SH Slideshow plugin <= 4.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51633 | WordPress Simple Page Specific Sidebars plugin <= 2.14.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51634 | WordPress Webriti Custom Login plugin <= 0.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51635 | WordPress While Loading plugin <= 3.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-3481 | Counter Box < 1.2.4 - Counter Deletion via CSRF |
| CVE-2024-34814 | WordPress Unyson plugin <= 2.7.29 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34816 | WordPress WPCal.io plugin <= 0.9.5.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34817 | WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request... |
| CVE-2024-34818 | WordPress Webinar plugin <= 1.33.17 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34823 | WordPress Arigato Autoresponder and Newsletter plugin <= 2.7.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34825 | WordPress Social Warfare plugin <= 4.4.5.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34827 | WordPress Translate Multilingual sites – TranslatePress plugin <= 2.7.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34828 | WordPress Church Admin plugin <= 4.1.32 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35138 | IBM Security Verify Access cross-site request forgery |
| CVE-2024-35207 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The web interface o... |
| CVE-2024-35632 | WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site R... |
| CVE-2024-35636 | WordPress Uploadcare File Uploader and Adaptive Delivery plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35638 | WordPress ActiveDEMAND plugin <= 0.2.43 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35657 | WordPress WP-Recall plugin <= 16.26.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35673 | WordPress Pure Chat plugin <= 2.22 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35684 | WordPress ElasticPress plugin <= 5.1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35689 | WordPress Analytify plugin <= 5.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35770 | WordPress Vimeography plugin <= 2.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35771 | WordPress Customizr theme <= 4.4.21 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35772 | WordPress Hueman theme <= 3.7.24 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35773 | WordPress Comment Reply Email plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2024-3582 | Ungallery <= 2.2.4 - Stored XSS via CSRF |
| CVE-2024-3590 | LetterPress <= 1.2.2 - Subscriber Deletion via CSRF |
| CVE-2024-36255 | Post actions can run playbook checklist task commands |
| CVE-2024-3629 | HL Twitter <= 2014.1.18 - Settings Update via CSRF |
| CVE-2024-3631 | HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF |
| CVE-2024-3632 | Smart Image Gallery < 1.0.19 - Update/Delete Google API Key via CSRF |
| CVE-2024-3642 | Newsletter Popup <= 1.2 - Subscriber Deletion via CSRF |
| CVE-2024-3643 | Newsletter Popup <= 1.2 - List Deletion via CSRF |
| CVE-2024-37093 | WordPress MasterStudy LMS WordPress Plugin plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37102 | WordPress Vilva theme <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37103 | WordPress Education Zone theme <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37104 | WordPress Chic Lite theme <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37198 | WordPress Digital Newspaper theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37212 | WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - CSRF to PHP Object Injection vulnerability |
| CVE-2024-37213 | WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.9 - CSRF to XSS vulnerability |
| CVE-2024-37230 | WordPress Book Landing Page theme <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37235 | WordPress Groundhogg plugin <= 3.4.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37236 | WordPress Loco Translate plugin <= 2.6.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37237 | WordPress FS Poster plugin <= 6.5.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37238 | WordPress WPAdverts – Classifieds plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37240 | WordPress Falang multilanguage for WordPress plugin <= 1.3.51 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37241 | WordPress WP Job Manager Resume Manager plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37242 | WordPress Newspack Newsletters plugin <= 2.13.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37243 | WordPress Vandana Lite theme <= 1.1.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37251 | WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37412 | WordPress Blossom Shop theme <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37413 | WordPress Preschool and Kindergarten theme <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37417 | WordPress Coachify theme <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37421 | WordPress JobScout theme <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37426 | WordPress Elegant Pink theme 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37431 | WordPress Mesmerize theme <= 1.6.120 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37435 | WordPress Perfect Portfolio theme <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37438 | WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37441 | WordPress NewsMash theme <= 1.0.34 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37448 | WordPress OnePress theme <= 2.3.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37450 | WordPress Benevolent theme <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37451 | WordPress Travel Agency theme <= 1.4.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37452 | WordPress Schema Lite theme <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37458 | WordPress Highlight theme <= 1.0.29 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37467 | WordPress Hestia theme <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37469 | WordPress Blocksy theme <= 1.9.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37473 | WordPress Trendy News theme <= 1.0.15 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37478 | WordPress Ashe theme <= 2.233 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37490 | WordPress Bard theme <= 2.210 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37491 | WordPress Rife Free theme <= 2.4.18 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37493 | WordPress Posterity theme <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37503 | WordPress Lawyer Landing Page theme <= 1.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37508 | WordPress Construction Landing Page theme <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37511 | WordPress Swift Performance Lite plugin <= 2.3.6.20 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-5280 | WP Affiliate Platform < 6.5.1 - POST Reflected XSS |
| CVE-2024-5284 | WP Affiliate Platform < 6.5.1 - Stored XSS via CSRF |
| CVE-2024-5285 | WP Affiliate Platform < 6.5.2 - Affiliate Deletion via CSRF |
| CVE-2024-5287 | WP Affiliate Platform < 6.5.1 - Profile Update via CSRF |
| CVE-2024-39628 | WordPress Ninja Forms plugin <= 3.8.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-39641 | WordPress LearnPress plugin <= 4.2.6.8.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-39645 | WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-3965 | Pray For Me <= 1.0.4 - Settings Update via CSRF |
| CVE-2024-39657 | WordPress Sender plugin <= 2.6.18 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-39678 | WordPress Cooked Plugin - Cross-Site Request Forgery to Get Recipe IDs |
| CVE-2024-39679 | WordPress Cooked Plugin - Cross-Site Request Forgery to Recipe Template Reset |
| CVE-2024-39680 | WordPress Cooked Plugin - Cross-Site Request Forgery to Default Recipe Template Save |
| CVE-2024-39681 | WordPress Cooked Plugin - Cross-Site Request Forgery to Apply Template to All Recipes |
| CVE-2024-3971 | Similarity <= 3.0 - Plugin Reset via CSRF |
| CVE-2024-3972 | Similarity <= 3.0 - Stored XSS via CSRF |
| CVE-2024-39744 | IBM Sterling Connect:Direct Web Services cross-site request forgery |
| CVE-2024-3983 | WooCommerce Customers Manager < 30.1 - Bulk Action via CSRF |
| CVE-2024-3993 | AZAN Plugin <= 0.6 - Stored XSS via CSRF |
| CVE-2024-40883 | Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to... |
| CVE-2024-40886 | One-click Client-Side Path Traversal Leading to CSRF in User Management admin page |
| CVE-2024-4128 | CSRF in firebase-tools emulator suite |
| CVE-2024-4172 | idcCMS cross-site request forgery |
| CVE-2024-41776 | IBM Cognos Controller cross-site request forgery |
| CVE-2024-41795 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices... |
| CVE-2024-41811 | ipl/web susceptible to Cross-Site Request Forgery (CSRF) |
| CVE-2024-41987 | Cross-Site Request Forgery (CSRF) vulnerability in TEM Opera Plus FM Family Transmitter |
| CVE-2024-42475 | OAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG ins... |
| CVE-2024-42476 | oauth CSRF vulnerability |
| CVE-2024-42504 | HPE IceWall Agent products, Cross-Site Request Forgery (CSRF) |
| CVE-2024-43116 | WordPress Simple Local Avatars plugin <= 2.7.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43117 | WordPress Hummingbird plugin <= 3.9.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43192 | IBM Storage TS4500 Library cross-site request forgery |
| CVE-2024-43255 | WordPress MyBookTable Bookstore by Stormhill Media plugin <= 3.3.9 - CSRF to XSS vulnerability |
| CVE-2024-43265 | WordPress Analytify plugin <= 5.3.1 - CSRF Leading to Optout Vulnerability |
| CVE-2024-43269 | WordPress Backup and Restore WordPress plugin <= 1.50 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43275 | WordPress Insert PHP Code Snippet plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-4328 | CSRF in clear_personality_files_list in parisneo/lollms-webui |
| CVE-2024-43287 | WordPress Brevo plugin <= 3.1.82 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43295 | WordPress WP Data Access plugin <= 5.5.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43299 | WordPress SpeedyCache plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43301 | WordPress Fonts plugin <= 3.7.7 - Cross Site Request Forgery (CSRF) to Stored XSSvulnerability |
| CVE-2024-43316 | WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43325 | WordPress Dark Mode for WP Dashboard plugin <= 1.2.3 - Cross Site Request Forgery vulnerability |
| CVE-2024-43336 | WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.10 - Cross Site Request Forgery (CSRF) vulnerabil... |
| CVE-2024-43337 | WordPress Brave plugin <= 0.7.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43338 | WordPress Crowdsignal Polls & Ratings plugin <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43339 | WordPress WordPress Webinar Plugin – WebinarPress plugin <= 1.33.20 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43340 | WordPress AFI – The Easiest Integration Plugin plugin <= 1.89.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43787 | Hono CSRF middleware can be bypassed using crafted Content-Type header |
| CVE-2024-4382 | CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF |
| CVE-2024-43927 | WordPress Email Address Encoder plugin <= 1.0.23 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-43930 | WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.3 - Broken Access Control vulnerability |
| CVE-2024-43933 | WordPress WPMobile.App plugin <= 11.48 - CSRF to Stored XSS vulnerability |
| CVE-2024-4429 | Cross Site Request Forgery vulnerability in iManager |
| CVE-2024-4474 | WP Logs Book <= 1.0.1 - Disable Logging via CSRF |
| CVE-2024-4475 | WP Logs Book <= 1.0.1 - Log Clearing via CSRF |
| CVE-2024-4480 | WP Prayer II <= 2.4.7 - Email Settings Update via CSRF |
| CVE-2024-4499 | CSRF Vulnerability in parisneo/lollms XTTS Server |
| CVE-2024-4529 | Business Card <= 1.0.0 - Category Deletion via CSRF |
| CVE-2024-4530 | Business Card <= 1.0.0 - Category Edit via CSRF |
| CVE-2024-4531 | Business Card <= 1.0.0 - Card Edit via CSRF |
| CVE-2024-4532 | Business Card <= 1.0.0 - Arbitrary Card Deletion via CSRF |
| CVE-2024-4534 | KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF |
| CVE-2024-4535 | KKProgressbar2 Free <= 1.1.4.2 - Progress Bar Deletion via CSRF |
| CVE-2024-45372 | MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page wh... |
| CVE-2024-4585 | DedeCMS member_type.php cross-site request forgery |
| CVE-2024-4586 | DedeCMS shops_delivery.php cross-site request forgery |
| CVE-2024-51636 | WordPress Plugin Name: GMO Social Connection plugin <= 1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51637 | WordPress Admin SMS Alert plugin <= 1.1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51638 | WordPress Awesome Shortcodes For Genesis plugin 1.1.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51639 | WordPress Naver Blog plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-51640 | WordPress MDR Webmaster Tools plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-51641 | WordPress Advanced PDF Generator plugin <= 0.4.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-51642 | WordPress Seo Free plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-51643 | WordPress Amazon Associate Filter plugin <= 0.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-51644 | WordPress Addressbook plugin <= 1.1.3 - CSRF to Stored XSS vulnerability |
| CVE-2024-51645 | WordPress ThemeFuse Maintenance Mode plugin <= 1.1.3 - CSRF to Stored XSS vulnerability |
| CVE-2024-51647 | WordPress Featured Posts Scroll plugin <= 1.25 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51648 | WordPress e-shops plugin 1.0.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51649 | WordPress Mobilize plugin <= 3.0.7 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51650 | WordPress Random Featured Post plugin <= 1.1.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51652 | WordPress Skip To plugin <= 2.0.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51653 | WordPress UPDATE NOTIFICATIONS plugin <= 0.3.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51654 | WordPress APK Downloader plugin <= 1.0.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51655 | WordPress Custom Author URL plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51656 | WordPress Flash Show And Hide Box plugin <= 1.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51657 | WordPress SmartLink Dynamic URLs plugin <= 1.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-51658 | WordPress WP Course Manager plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2024-51659 | WordPress Twitter @Anywhere Plus plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-51669 | WordPress Dynamic Widgets plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-5167 | CM Email Registration Blacklist and Whitelist < 1.4.9 - Add/Delete Emails via CSRF Add and delete any item from blacklist/whi... |
| CVE-2024-51679 | WordPress Appointmind plugin <= 4.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-51684 | WordPress W3P SEO plugin < 1.8.6 - CSRF to Stored XSS vulnerability |
| CVE-2024-51686 | WordPress Manage User Columns plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-51687 | WordPress Platform.ly Official plugin <= 1.1.3 - CSRF to Stored XSS vulnerability |
| CVE-2024-51688 | WordPress FraudLabs Pro SMS Verification plugin <= 1.10.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-5185 | Data Poisoning in EmbedAI |
| CVE-2024-52002 | Cross-Site Request Forgery (CSRF) in several iTop pages |
| CVE-2024-52388 | WordPress Hebrew Date plugin <= 2.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-52392 | WordPress W3SPEEDSTER plugin <= 7.25 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-52401 | WordPress Hacklog DownloadManager plugin <=2.1.4 - CSRF to Arbitrary File Upload vulnerability |
| CVE-2024-52402 | WordPress Exclusive Content Password Protect plugin <= 1.1.0 - CSRF to Arbitrary File Upload vulnerability |
| CVE-2024-52415 | WordPress SK WP Settings Backup plugin <= 1.0 - CSRF to PHP Object Injection vulnerability |
| CVE-2024-52420 | WordPress Disable Admin Notices individually plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-52421 | WordPress WP Popup Window Maker plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-52424 | WordPress wp-login customizer plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52446 | WordPress Buying Buddy IDX CRM plugin <= 1.1.12 - CSRF to PHP Object Injection vulnerability |
| CVE-2024-52451 | WordPress Post Ideas plugin <= 2 - CSRF to SQL Injection vulnerability |
| CVE-2024-52477 | WordPress Document & Data Automation plugin <= 1.6.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-52479 | WordPress Jobify plugin <= 4.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-53707 | WordPress Ahmeti Wp Güzel Sözler plugin <= 4.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-53710 | WordPress ITERAS plugin <= 1.7.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-53711 | WordPress Hotlink2Watermark plugin <= 0.3.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-53712 | WordPress Kevin's plugin <= 2.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-53713 | WordPress Silverlight Video Player plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-53714 | WordPress Continue Shopping From Cart plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2024-53715 | WordPress Simple Travel Map plugin <= 0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53716 | WordPress wp auto top plugin <= 2.9.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53717 | WordPress yPHPlista plugin <= 1.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53718 | WordPress Multi Feed Reader plugin <= 2.2.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53719 | WordPress Zajax – Ajax Navigation plugin <= 0.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53720 | WordPress WP-ISPConfig 3 plugin <= 1.5.6 - CSRF to Stored XSS vulnerability |
| CVE-2024-53722 | WordPress Favicon My Blog plugin <= 1.0.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53723 | WordPress Google Plus Share and +1 Button plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53724 | WordPress IceStats plugin <= 1.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53725 | WordPress Post Hits Counter plugin <= 2.8.23 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53726 | WordPress RealtyCandy IDX Broker Extended plugin <= 1.5.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53727 | WordPress LinkLaunder SEO plugin <= 0.92.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53728 | WordPress Protect Your Content plugin <= 1.0.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53729 | WordPress Blizzard Quotes plugin <= 1.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53730 | WordPress April's Call Posts plugin <= 2.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-53732 | WordPress Footer Flyout Widget plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-53734 | WordPress Idealien Category Enhancements plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-53736 | WordPress Custom Shortcode Sidebars plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-53750 | WordPress PayPal Responder plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-53751 | WordPress Build App Online plugin <= 1.0.22 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-53753 | WordPress CultBooking Hotel Booking Engine plugin <= 2.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-53754 | WordPress Out Of Stock Badge plugin <= 1.3.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-53755 | WordPress Third Party Cookie Eraser plugin <= 1.0.2 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53761 | WordPress WP Revisions Manager plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-53762 | WordPress FastBook plugin <= 1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53765 | WordPress Mins To Read plugin <= 1.2.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-53769 | WordPress Custom Post Type to Map Store plugin <= 1.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-53789 | WordPress Advanced What should we write next about plugin <=1.0.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53793 | WordPress eDoc Easy Tables plugin <= 1.29 - CSRF to SQL Injection vulnerability |
| CVE-2024-53809 | WordPress Namaste! LMS plugin <= 2.6.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-53829 | Cross-Site Request Forgery in CodeChecker API |
| CVE-2024-54139 | Combodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameter |
| CVE-2024-54172 | IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site request forgery |
| CVE-2024-54205 | WordPress Paloma Widget plugin <= 1.14 - CSRF to Stored XSS vulnerability |
| CVE-2024-54226 | WordPress Country Blocker plugin <= 3.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-54248 | WordPress Eewee Admin Custom plugin <= 1.8.2.4 - CSRF to Privilege Escalation vulnerability |
| CVE-2024-5428 | SourceCodester Simple Online Bidding System HTTP POST Request save_product cross-site request forgery |
| CVE-2024-54300 | WordPress AutoWP plugin <= 2.0.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54306 | WordPress AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot plugin <= 1.6.2 - Cross Site Request Forgery (CSRF) v... |
| CVE-2024-54307 | WordPress AIcomments plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54321 | WordPress Hive Support plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54331 | WordPress I Plant A Tree plugin <= 1.7.3 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54332 | WordPress WP Currency Exchange Rates plugin <= 1.2.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54337 | WordPress DX Dark Site plugin <= 1.0.1 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54351 | WordPress Fancy Roller Scroller plugin <= 1.4.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54352 | WordPress Sogrid plugin <= 1.5.2 - CSRF to Privilege Escalation vulnerability |
| CVE-2024-54353 | WordPress Hack-Info plugin <= 3.17 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54355 | WordPress WP Mailster plugin <= 1.8.17.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54356 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5 - Cross Site Request Forgery (CSRF) vulne... |
| CVE-2024-54357 | WordPress Avada theme <= 7.11.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54368 | WordPress GitSync plugin <= 1.1.0 - CSRF to Remote Code Execution vulnerability |
| CVE-2024-54372 | WordPress Insertify plugin <= 1.1.4 - CSRF to Remote Code Execution vulnerability |
| CVE-2024-54386 | WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability |
| CVE-2024-54388 | WordPress Multiple Admin Emails plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54389 | WordPress addWeather plugin <= 2.5.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54391 | WordPress WordPress Filter plugin <= 1.4.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54392 | WordPress WP微信机器人 plugin <= 5.3.5 - CSRF to Stored XSS vulnerability |
| CVE-2024-54393 | WordPress WP Fiddle plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54394 | WordPress Mandrill WP plugin <= 1.0.5 - CSRF to Stored XSS vulnerability |
| CVE-2024-54396 | WordPress Bet sport Free plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54397 | WordPress Go Animate plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54398 | WordPress Flaming Forms plugin <= 1.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54399 | WordPress CRUDLab Google Plus Button plugin <= 1.0.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-54400 | WordPress AppMaps plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54401 | WordPress Advanced Fancybox plugin <= 1.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54404 | WordPress MDC Comment Toolbar plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54405 | WordPress ECT Social Share plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2024-54407 | WordPress CK and SyntaxHighlighter plugin <= 3.4.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-54408 | WordPress Youtube Video Grid plugin <= 1.9 - CSRF to Settings Change vulnerability |
| CVE-2024-54409 | WordPress XPD Reduce Image Filesize plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54410 | WordPress SOPA Blackout plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-54411 | WordPress WP Controller plugin <= 3.2.0 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54412 | WordPress ECT Product Carousel plugin <= 1.9 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54413 | WordPress Display Future Posts plugin <= 0.2.3 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54414 | WordPress Geoportail Shortcode plugin <= 2.4.4 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54415 | WordPress WP-HideThat plugin <= 1.2 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54416 | WordPress Wp Login with Ajax plugin <= 0.6 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54418 | WordPress DTC Documents plugin <= 1.1.05 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54419 | WordPress Ui Slider Filter By Price plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54420 | WordPress Metrika plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-54421 | WordPress Floating Video Player plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54423 | WordPress Social Media Sharing plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54425 | WordPress LionScripts: Site Maintenance plugin <= 2.1 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54426 | WordPress LeaderBoard Plugin plugin <= 1.2.4 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-54427 | WordPress Category of Posts plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54428 | WordPress Add image to Post plugin <= 0.6 - CSRF to Stored XSS vulnerability |
| CVE-2024-54429 | WordPress Aphorismus plugin <= 1.2.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54430 | WordPress EELV Newsletter plugin <= 4.8.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54431 | WordPress Admin Customization plugin <= 2.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-54432 | WordPress WP Flipkart Importer plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-54433 | WordPress Simple Booking – Widget plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54434 | WordPress phZoom plugin <= 1.2.92 - CSRF to Stored XSS vulnerability |
| CVE-2024-4587 | DedeCMS tpl.php cross-site request forgery |
| CVE-2024-4588 | DedeCMS mytag_add.php cross-site request forgery |
| CVE-2024-4589 | DedeCMS mytag_edit.php cross-site request forgery |
| CVE-2024-4590 | DedeCMS sys_info.php cross-site request forgery |
| CVE-2024-4591 | DedeCMS sys_group_add.php cross-site request forgery |
| CVE-2024-4592 | DedeCMS sys_group_edit.php cross-site request forgery |
| CVE-2024-4593 | DedeCMS sys_multiserv.php cross-site request forgery |
| CVE-2024-4594 | DedeCMS sys_safe.php cross-site request forgery |
| CVE-2024-4597 | Cross-Site Request Forgery (CSRF) in GitLab |
| CVE-2024-4600 | Cross-Site Request Forgery vulnerability in Socomec Net Vision |
| CVE-2024-46872 | Client-Side Path Traversal Leading to CSRF in Playbooks |
| CVE-2024-4689 | WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-46911 | Apache Roller: Weakness in CSRF protection allows privilege escalation |
| CVE-2024-55076 | Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password. |
| CVE-2024-55893 | TYPO3 Cross-Site Request Forgery in Log Module |
| CVE-2024-55894 | TYPO3 Cross-Site Request Forgery in Backend User Module |
| CVE-2024-55920 | Cross-Site Request Forgery in Dashboard Module in TYPO3 |
| CVE-2024-55921 | Cross-Site Request Forgery in Extension Manager Module in TYPO3 |
| CVE-2024-55922 | Cross-Site Request Forgery in Form Framework Module in TYPO3 |
| CVE-2024-55923 | Cross-Site Request Forgery in Indexed Search Module in TYPO3 |
| CVE-2024-55924 | Cross-Site Request Forgery in Scheduler Module in TYPO3 |
| CVE-2024-55945 | Cross-Site Request Forgery in DB Check Module in TYPO3 |
| CVE-2024-56005 | WordPress Posti Shipping Plugin <= 3.10.3 - CSRF to Settings Change vulnerability |
| CVE-2024-56012 | WordPress Post Title (TypeWriter) and Flash News / Post (Responsive) plugins <= 4.1 - CSRF to Privilege Escalation vulnerabil... |
| CVE-2024-56015 | WordPress Tidy Up Plugin <= 1.3 - CSRF to Reflected Cross-Site Scripting vulnerability |
| CVE-2024-56017 | WordPress Stop Registration Spam Plugin <= 1.23 - CSRF to Stored XSS vulnerability |
| CVE-2024-56140 | Bypass of CSRF Middleware in Astro |
| CVE-2024-5616 | CSRF Vulnerability in mudler/LocalAI |
| CVE-2024-56203 | WordPress Wayne Audio Player plugin <= 1.0 - CSRF to Privilege Escalation vulnerability |
| CVE-2024-56204 | WordPress Sinking Dropdowns plugin <= 1.25 - CSRF to Privilege Escalation vulnerability |
| CVE-2024-56206 | WordPress gap-hub-user-role. plugin <= 3.4.1 - CSRF to Broken Authentication vulnerability |
| CVE-2024-56207 | WordPress EditionGuard for WooCommerce – eBook Sales with DRM plugin <= 3.4.2 - CSRF to Privilege Escalation vulnerability |
| CVE-2024-56218 | WordPress Contact Form 7 - Dynamic Text Extension plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-56222 | WordPress CodeBard Help Desk plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-56229 | WordPress SearchIQ plugin <= 4.6 - Cross-Site Requst Forgery (CSRF) vulnerability |
| CVE-2024-56232 | WordPress WP Nice Loader plugin <= 0.1.0.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-56251 | WordPress Event Espresso plugin <= 5.0.28.decaf - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-56474 | IBM TXSeries for Multiplatforms cross-site request forgery |
| CVE-2024-5676 | Paradox IP150 Internet Module Cross-Site Request Forgery |
| CVE-2024-5712 | CSRF Vulnerability in stitionai/devika |
| CVE-2024-5767 | Sitetweet <= 0.2 - Stored XSS via CSRF |
| CVE-2024-5786 | Cross-Site Request Forgery vulnerability in Comtrend router |
| CVE-2024-5804 | Conditional Fields for Contact Form 7 <= 2.4.13 - Cross-Site Request Forgery to Plugin Setting Reset |
| CVE-2024-5808 | WP Ajax Contact Form <= 2.2.2 - Arbitrary Email Deletion via CSRF |
| CVE-2024-5815 | Cross Site Request Forgery was identified in GitHub Enterprise Server that allowed write in a user owned repository |
| CVE-2024-5935 | CSRF Vulnerability in imartinez/privategpt |
| CVE-2024-6017 | Music Request Manager <= 1.3 - Stored XSS via CSRF |
| CVE-2024-6022 | ContentLock <= 1.0.3 - Settings Update via CSRF |
| CVE-2024-6023 | ContentLock <= 1.0.3 - Email Adding via CSRF |
| CVE-2024-6024 | ContentLock <= 1.0.3 - Groups/Emails Deletion via CSRF |
| CVE-2024-6040 | Missing client_id in parisneo/lollms-webui |
| CVE-2024-6075 | WP eStore < 8.5.5 - Coupon Deletion via CSRF |
| CVE-2024-6136 | WP eStore < 8.5.6 - Settings Reset via CSRF |
| CVE-2024-6224 | Send email only on Reply to My Comment <= 1.0.6 - Stored XSS via CSRF |
| CVE-2024-6230 | Pardakht Delkhah <= 2.9.8 - Form Fields Reset via CSRF |
| CVE-2024-6244 | pz-frontend-manager < 1.0.6 - CSRF change user profile picture |
| CVE-2024-6271 | Community Events < 1.5 - Event Deletion via CSRF |
| CVE-2024-6490 | Master Slider – Responsive Touch Slider <= 3.9.10 - CSRF to slider deletion |
| CVE-2024-6496 | Light Poll <= 1.0.0 - Polls Deletion via CSRF |
| CVE-2024-6751 | Social Auto Poster <= 5.3.14 - Cross-Site Request Forgery via Multiple Functions |
| CVE-2024-6841 | CSRF in vanna-ai/vanna |
| CVE-2024-6852 | WP MultiTasking <= 0.1.12 - Settings Update via CSRF |
| CVE-2024-6853 | WP MultiTasking <= 0.1.12 - Welcome Popup Update via CSRF |
| CVE-2024-6855 | WP MultiTasking <= 0.1.12 - Exit Popup Update via CSRF |
| CVE-2024-6856 | WP MultiTasking <= 0.1.12 - SMTP Settings Update via CSRF |
| CVE-2024-6857 | WP MultiTasking <= 0.1.12 - Header/Footer/Body Script Update via CSRF |
| CVE-2024-6859 | WP MultiTasking <= 0.1.12 - Reflected XSS via Shortcode |
| CVE-2024-6860 | WP MultiTasking <= 0.1.12 - Permalink Suffix Update via CSRF |
| CVE-2024-6862 | Cross-Site Request Forgery (CSRF) in lunary-ai/lunary |
| CVE-2024-6925 | TrueBooker < 1.0.3 - Settings Update via CSRF |
| CVE-2024-6959 | Denial of Service (DOS) in multipart boundary while uploading file in parisneo/lollms-webui |
| CVE-2024-7161 | SeaCMS Password Change cross-site request forgery |
| CVE-2024-7169 | SourceCodester School Fees Payment System ajax.php cross-site request forgery |
| CVE-2024-7226 | SourceCodester Medicine Tracker System Password Change cross-site request forgery |
| CVE-2024-7386 | Premium Packages – Sell Digital Products Securely <= 5.9.1 - Cross-Site Request Forgery |
| CVE-2024-7420 | Insert PHP Code Snippet <= 1.3.6 - Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion |
| CVE-2024-7422 | Theme My Login <= 7.1.7 - Cross-Site Request Forgery to Settings Update |
| CVE-2024-7423 | Stream <= 4.0.1 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-7459 | OSWAPP Warehouse Inventory System edit_account.php cross-site request forgery |
| CVE-2024-7460 | OSWAPP Warehouse Inventory System change_password.php cross-site request forgery |
| CVE-2024-7492 | MainWP Child Reports <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-9434 | WPGlobus Translate Options <= 2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-9450 | Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking < 1.3.15 - Subscriber+ PayPal Settings Update |
| CVE-2024-9649 | WP ULike <= 4.7.4 - Cross-Site Request Forgery to Statistic Deletion |
| CVE-2024-9661 | WP All Import Pro <= 4.9.7 - Cross-Site Request Forgery to Imported Content Deletion |
| CVE-2024-9665 | Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability |
| CVE-2024-9689 | Post From Frontend <= 1.0.0 - Post Deletion via CSRF |
| CVE-2024-9709 | EKC Tournament Manager < 2.2.2 - Create Tournaments/Teams via CSRF |
| CVE-2024-9711 | EKC Tournament Manager < 2.2.2 - Delete Tournaments via CSRF |
| CVE-2025-0393 | Royal Elementor Addons and Templates <= 1.7.1006 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-0522 | LikeBot – Decentralized like-system <= 0.85 - Admin+ Stored XSS via CSRF |
| CVE-2025-0610 | CSRF in Akinsoft's QR Menu |
| CVE-2025-0748 | Homey <= 2.4.3 - Cross-Site Request Forgery to User Verification |
| CVE-2025-0796 | Mortgage Lead Capture System <= 8.2.10 - Cross-Site Request Forgery to Settings Reset |
| CVE-2025-0801 | RateMyAgent Official <= 1.4.0 - Cross-Site Request Forgery to API Key Update |
| CVE-2025-0807 | CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-0808 | Houzez Property Feed <= 2.4.21 - Cross-Site Request Forgery to Property Feed Export Deletion |
| CVE-2025-0810 | Read More & Accordion <= 3.4.5 - Cross-Site Request Forgery to Local File Inclusion |
| CVE-2025-0990 | I Am Gloria <= 1.1.4 - Cross-Site Request Forgery |
| CVE-2025-10188 | The Hack Repair Guy's Plugin Archiver <= 2.0.4 - Cross-Site Request Forgery to Arbitrary Directory Deletion in /wp-content |
| CVE-2025-10498 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Limited File Deletion |
| CVE-2025-10499 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update |
| CVE-2025-10588 | PixelYourSite <= 11.1.2 – Cross-Site Request Forgery to GDPR Options Modification |
| CVE-2024-53770 | WordPress RingCentral Communications plugin <= 1.6.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-53775 | WordPress DancePress (TRWA) plugin <= 3.1.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-53776 | WordPress Donate Me plugin <= 1.2.5 - CSRF to Stored XSS vulnerability |
| CVE-2024-53777 | WordPress Simple Header and Footer plugin <= 1.0.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53778 | WordPress Essential Breadcrumbs plugin <= 1.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53779 | WordPress Yahoo! WebPlayer plugin <= 2.0.6 - CSRF to Stored XSS vulnerability |
| CVE-2024-53780 | WordPress Load More Posts plugin <= 1.4.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-53781 | WordPress SpatialMatch IDX plugin <= 3.0.9 - CSRF to Stored XSS vulnerability |
| CVE-2024-53782 | WordPress Photo Video Store plugin <= 21.07 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2024-6412 | HTML Forms – Simple WordPress Forms Plugin < 1.3.34 - Bulk Delete via CSRF |
| CVE-2024-6628 | EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Cross-Site Request Forgery |
| CVE-2024-6649 | SourceCodester Employee and Visitor Gate Pass Logging System Users.php save_users cross-site request forgery |
| CVE-2024-6662 | CSRF in MegaBIP |
| CVE-2024-6673 | CSRF Vulnerability in parisneo/lollms-webui |
| CVE-2024-6712 | MapFig Studio <= 0.2.1 - Stored XSS via CSRF |
| CVE-2024-6719 | Offload Videos – Bunny.net, AWS S3 <= 1.0.1 Subscriber+ CSRF |
| CVE-2024-6720 | Light Poll <= 1.0.0 - Poll Answers Deletion via CSRF |
| CVE-2024-7035 | Cross-Site Request Forgery (CSRF) in open-webui/open-webui |
| CVE-2024-7065 | Spina CMS cross-site request forgery |
| CVE-2024-7106 | Spina CMS media_folders cross-site request forgery |
| CVE-2024-7141 | CSRF in Gliffy |
| CVE-2024-7313 | Shield Security < 20.0.6 - Reflected XSS |
| CVE-2024-7360 | SourceCodester Tracking Monitoring Management System ajax.php cross-site request forgery |
| CVE-2024-7367 | SourceCodester Simple Realtime Quiz System ajax.php cross-site request forgery |
| CVE-2024-7501 | Download Plugins and Themes from Dashboard <= 1.8.7 - Cross-Site Request Forgery |
| CVE-2024-7568 | Favicon Generator <= 1.5 - Cross-Site Request Forgery to Arbitrary File Deletion |
| CVE-2024-7574 | Christmasify! <= 1.5.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-7645 | SourceCodester Clinics Patient Management System User Page users.php cross-site request forgery |
| CVE-2024-7647 | OTA Sync Booking Engine Widget 1.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-7661 | SourceCodester Car Driving School Management System index.php save_users cross-site request forgery |
| CVE-2024-7662 | SourceCodester Car Driving School Management System manag_package.php save_package cross-site request forgery |
| CVE-2024-7687 | AZIndex <= 0.8.1 - Stored XSS via CSRF |
| CVE-2024-7688 | AZIndex <= 0.8.1 - Index Deletion via CSRF |
| CVE-2024-7689 | Snapshot Backup <= 2.1.1 - Stored XSS via CSRF |
| CVE-2024-7690 | DN Popup <= 1.2.2 - Settings Update via CSRF |
| CVE-2024-8026 | CSRF due to overly permissive CORS headers in netease-youdao/qanything |
| CVE-2024-8032 | Smooth Gallery Replacement <= 1.0 - CSRF to Stored XSS |
| CVE-2024-8043 | Vikinghammer Tweet <= 0.2.4 - Stored XSS via CSRF |
| CVE-2024-8044 | infolinks Ad Wrap <= 1.0.2 - Settings Update via CSRF |
| CVE-2024-8047 | Visual Sound (old) <= 1.06 - Settings Update via CSRF |
| CVE-2024-8050 | Custom Author Base <= 1.1.1 - Settings Update via CSRF |
| CVE-2024-8051 | Special Feed Items <= 1.0.1 - Stored XSS via CSRF |
| CVE-2024-8052 | Review Ratings <= 1.6 - Stored XSS via CSRF |
| CVE-2024-8054 | MM-Breaking News <= 0.7.9 - Stored XSS via CSRF |
| CVE-2024-8065 | CSRF in danswer-ai/danswer |
| CVE-2024-8082 | Widgets Reset <= 0.1 - Settings Update via CSRF |
| CVE-2024-8085 | PeoplePond <= 1.1.9 - CSRF to Stored XSS |
| CVE-2024-8090 | JavaScript Logic <= 0.1 - CSRF to Stored XSS |
| CVE-2024-8091 | Enhanced Search Box <= 0.6.1 - Settings Update via CSRF |
| CVE-2024-8092 | Accordion Image Menu <= 3.1.3 - Stored XSS via CSRF |
| CVE-2024-8093 | Posts reminder <= 0.20 - Settings Update via CSRF |
| CVE-2024-8094 | Ntz Antispam <= 2.0e - Settings Update via CSRF |
| CVE-2024-8095 | BabelZ – Google Translate Widget <= 1.1.5 - CSRF to Stored XSS |
| CVE-2024-8120 | ImageRecycle pdf & image compression <= 3.1.14 - Cross-Site Request in Several AJAX Actions |
| CVE-2024-8157 | Alphabetical List <= 1.0.3 - Settings Update via CSRF |
| CVE-2024-8200 | Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Cross-Site R... |
| CVE-2024-8243 | Plugin Upgrade Time Out <= 1.0 - Stored XSS via CSRF |
| CVE-2024-8245 | GamiPress - Reset User <= 1.0.0 - GamiPress User Data Removal via CSRF |
| CVE-2024-8286 | GDPR Cookie Consent <= 2.6.0 - Bulk Delete via CSRF |
| CVE-2024-54435 | WordPress Onlywire Multi Autosubmitter plugin <= 1.2.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-54436 | WordPress Jet Footer Code plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2024-54438 | WordPress Gaxx Keywords plugin <= 0.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-54439 | WordPress Amazon Product Price plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54440 | WordPress WP-Ban-User plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-7760 | CSRF in aimhubio/aim |
| CVE-2024-7806 | Remote Code Execution by Non-Admin Users via CSRF in open-webui/open-webui |
| CVE-2024-7816 | Gixaw Chat <= 1.0 - Stored XSS via CSRF |
| CVE-2024-7817 | Misiek Photo Album <= 1.4.3 - Album Deletion via CSRF |
| CVE-2024-7818 | Misiek Photo Album <= 1.4.3 - Stored XSS via CSRF |
| CVE-2024-7820 | ILC Thickbox <= 1.0 - Settings update via CSRF |
| CVE-2024-7822 | Quick Code <= 1.0 - Stored XSS via CSRF |
| CVE-2024-7850 | BP Profile Search <= 5.7.5 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-7859 | Visual Sound <= 1.03 - Settings Update via CSRF |
| CVE-2024-7860 | Simple Headline Rotator <= 1.0 - Stored XSS via CSRF |
| CVE-2024-7861 | Misiek Paypal <= 1.1.20090324 - Stored XSS via CSRF |
| CVE-2024-7862 | Blog Introduction <= 0.3.0 - Settings Update via CSRF |
| CVE-2024-7863 | Favicon Generator < 2.1 - Arbitrary File Upload via CSRF |
| CVE-2024-7864 | Favicon Generator < 2.1 - Arbitrary File Deletion via CSRF |
| CVE-2024-7892 | adstxt Plugin <= 1.0.0 - Settings Update via CSRF |
| CVE-2024-7984 | Joy Of Text Lite – SMS messaging for WordPress <= 2.3.1 - Settings Update via CSRF |
| CVE-2024-8398 | Simple Nav Archives <= 2.1.3 - Settings Update via CSRF |
| CVE-2024-8414 | SourceCodester Insurance Management System cross-site request forgery |
| CVE-2024-8458 | PLANET Technology switch devices - Cross-site Request Forgery |
| CVE-2024-8476 | Easy PayPal Events <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion |
| CVE-2024-8477 | Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) <= 3.1.87 - Cross-Site Request Forgery |
| CVE-2024-8489 | CSRF due to overly permissive CORS headers in modelscope/agentscope |
| CVE-2024-8490 | PropertyHive <= 2.0.19 - Cross-Site Request Forgery via save_account_details |
| CVE-2024-8507 | File Manager Pro <= 8.3.9 - Cross-Site Request Forgery to Arbitrary File Upload |
| CVE-2024-8520 | Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change |
| CVE-2024-8736 | Denial of Service (DoS) via Multipart Boundary in parisneo/lollms-webui |
| CVE-2024-8795 | BA Book Everything <= 1.6.20 - Cross-Site Request Forgery to Email Address Update/Account Takeover |
| CVE-2024-8980 | The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through upd... |
| CVE-2024-9233 | GS Logo Slider < 3.7.1 - Settings Update via Cross-Site Request Forgery |
| CVE-2024-9281 | bg5sbk MiniCMS post-edit.php cross-site request forgery |
| CVE-2024-9282 | bg5sbk MiniCMS page-edit.php cross-site request forgery |
| CVE-2024-9311 | Cross-Site Request Forgery to XSS in haotian-liu/llava |
| CVE-2024-9351 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Quiz Crea... |
| CVE-2024-9352 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Custom Fo... |
| CVE-2024-9365 | Cross-Site Request Forgery (CSRF) in polyaxon/polyaxon |
| CVE-2024-9588 | Category and Taxonomy Meta Fields <= 1.0.0 - Cross-Site Request Forgery to Taxonomy Meta Add/Delete |
| CVE-2024-9592 | Easy PayPal Gift Certificate <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wpppgc_plugin_options |
| CVE-2024-9598 | AMP for WP – Accelerated Mobile Pages <= 1.0.99.1 - Cross-Site Request Forgery to Privilege Escalation |
| CVE-2024-9778 | ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update |
| CVE-2024-9847 | Cross-Site Request Forgery (CSRF) in flatpressblog/flatpress |
| CVE-2024-9943 | MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Cross-Site Request Forgery to Vendor Upda... |
| CVE-2024-9990 | Crypto <= 2.15 - Cross-Site Request Forgery to Authentication Bypass |
| CVE-2025-0669 | BOINC Server Cross-Site Request Forgery |
| CVE-2025-0687 | Spiritual Gifts Survey <= 0.9.10 - Unauthenticated CSRF to XSS |
| CVE-2025-0688 | Spiritual Gifts Survey <= 0.9.10 - Unauthenticated CSRF to XSS |
| CVE-2025-0865 | WP Media Category Management 2.0 - 2.3.3 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-10300 | TopBar <= 1.0.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-10301 | FunKItools <= 1.0.2 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-10302 | Ultimate Viral Quiz <= 1.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-10309 | PayPal Forms <= 1.0.3 - Cross-Site Request Forgery |
| CVE-2025-10311 | Comment Info Detector <= 1.0.5 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-10312 | Theme Importer <= 1.0 - Cross-Site Request Forgery |
| CVE-2025-10317 | Multiple Cross-Site Request Forgery in Quick.Cart |
| CVE-2025-10375 | Web Accessibility By accessiBe <= 2.10 - Cross-Site Request Forgery |
| CVE-2025-10376 | Course Redirects for Learndash Plugin <= 0.4 - Cross-Site Request Forgery |
| CVE-2025-10377 | System Dashboard <= 2.8.20 - Cross-Site Request Forgery |
| CVE-2025-1358 | Pix Software Vivaz cross-site request forgery |
| CVE-2025-1362 | easy-broken-link-checker <= 9.0.2 - Bulk Actions via CSRF |
| CVE-2025-1382 | Contact Us By Lord Linus <= 2.6 - Admin+ Stored XSS via CSRF |
| CVE-2025-1383 | Podlove Podcast Publisher <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete Function |
| CVE-2025-1813 | zj1983 zz cross-site request forgery |
| CVE-2025-20321 | Membership State Change in Splunk Search Head Cluster through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise |
| CVE-2025-20322 | Denial of Service (DoS) in Search Head Cluster through Cross-Site Request Forgery (CSRF) in Splunk Enterprise |
| CVE-2025-20326 | Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability |
| CVE-2025-2042 | huang-yk student-manage cross-site request forgery |
| CVE-2025-22538 | WordPress Virtual Bot Plugin <= 1.0.0 - CSRF Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22552 | WordPress Affiliate Disclosure Statement plugin <= 0.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-22555 | WordPress Smoothness Slider Shortcode plugin <= v1.2.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-22556 | WordPress Norse Rune Oracle plugin <= 1.4.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-22557 | WordPress News Publisher Autopilot plugin <= 2.1.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-22559 | WordPress TubePress.NET Plugin <= 4.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-22562 | WordPress Title Experiments Free plugin <= 9.0.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22563 | WordPress Pretty Urls Plugin <= 1.5.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22571 | WordPress Instabot plugin <= 1.10 - CSRF to Stored XSS vulnerability |
| CVE-2025-22582 | WordPress Uptime Robot plugin <= 0.1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-22589 | WordPress Quote Tweet plugin <= 0.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-22590 | WordPress Prayer Times Anywhere plugin <= 2.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23411 | mySCADA myPRO Manager Cross-Site Request Forgery |
| CVE-2025-23424 | WordPress Marquee Style RSS News Ticker plugin <= 3.2.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-10691 | Easy Email Subscription <= 1.3 - Cross-Site Request Forgery to Arbitrary Subscriber Deletion |
| CVE-2025-10700 | Ally - Web Accessibility & Usability <= 3.8.0 - Cross-Site Request Forgery to Plugin Settings Update |
| CVE-2025-1074 | Webkul QloApps URL mylogout cross-site request forgery |
| CVE-2025-10752 | OAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 - Cross-Site Request Forgery |
| CVE-2025-1084 | Mindskip xzs-mysql 学之思开源考试系统 cross-site request forgery |
| CVE-2025-10930 | Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110 |
| CVE-2025-11029 | givanz Vvveb cross-site request forgery |
| CVE-2025-11051 | SourceCodester Pet Grooming Management Software cross-site request forgery |
| CVE-2025-11154 | IDonate < 2.1.13 - Unauthenticated User Deletion |
| CVE-2025-11166 | WP Go Maps (formerly WP Google Maps) <= 9.0.46 - Cross-Site Request Forgery to Plugin Settings Update |
| CVE-2025-11442 | JhumanJ OpnForm API Endpoint cross-site request forgery |
| CVE-2025-11886 | CTL Arcade Lite <= 1.0 - Cross-Site Request Forgery to Plugin Activation and Deactivation |
| CVE-2025-12070 | ViaAds <= 2.1.1 - Cross-Site Request Forgery to API Key Update |
| CVE-2025-12072 | Disable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration Update |
| CVE-2025-12095 | Simple Registration for WooCommerce <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request Approval |
| CVE-2025-12132 | WP Custom Admin Login Page Logo <= 1.4.8.4 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-12188 | Posts Navigation Links for Sections and Headings - Free by WP Masters <= 1.0.1 - Cross-Site Request Forgery to Settings Updat... |
| CVE-2025-12202 | ajayrandhawa User-Management-PHP-MYSQL web cross-site request forgery |
| CVE-2025-12588 | USB Qr Code Scanner For Woocommerce <= 1.0.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-12589 | WP-Walla <= 0.5.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12590 | YSlider <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-1288 | wooexim <= 5.0.0 - CSRF to Reflected XSS |
| CVE-2025-12901 | Asgaros Forum <= 3.2.1 - Cross-Site Request Forgery to Subscription Settings Update |
| CVE-2025-1305 | NewsBlogger <= 0.2.5.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation |
| CVE-2025-1306 | Newscrunch <= 1.8.4 - Cross-Site Request Forgery to Arbitrary File Upload |
| CVE-2025-13119 | Fabian Ros/SourceCodester Simple E-Banking System cross-site request forgery |
| CVE-2025-1314 | Custom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function |
| CVE-2025-13177 | Bdtask/CodeCanyon SalesERP cross-site request forgery |
| CVE-2025-13179 | Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System cross-site request forgery |
| CVE-2025-1320 | teachPress <= 9.0.9 - Cross-Site Request Forgery to Import Delete |
| CVE-2025-13282 | Chunghwa Telecom|TenderDocTransfer - Arbitrary File Delete |
| CVE-2025-13283 | Chunghwa Telecom|TenderDocTransfer - Arbitrary File Copy and Paste |
| CVE-2025-1557 | OFCMS cross-site request forgery |
| CVE-2025-1643 | Benner ModernaNet SG_AlterarSenha cross-site request forgery |
| CVE-2025-1644 | Benner ModernaNet SG_Gravar cross-site request forgery |
| CVE-2025-1687 | Cardealer <= 1.6.4 - Cross-Site Request Forgery to User Update via update_user_profile |
| CVE-2025-1745 | LinZhaoguan pb-cms Logout cross-site request forgery |
| CVE-2025-1762 | Event Tickets with Ticket Scanner < 2.5.4 - Arbitrary Tickets Deletion via CSRF |
| CVE-2025-1764 | LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2025-20195 | A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacke... |
| CVE-2025-20228 | Maintenance mode state change of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF) in Splunk Enterpri... |
| CVE-2025-2111 | WP Headers And Footers <= 3.1.1 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2025-2168 | Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table,... |
| CVE-2025-22297 | WordPress AI WP Writer plugin <= 3.8.4.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22300 | WordPress PixelYourSite plugin <= 10.0.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22301 | WordPress MyBookTable Bookstore by Stormhill Media plugin <= 3.5.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22325 | WordPress Autocompleter plugin <= 1.3.5.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-22328 | WordPress Elevio plugin <= 4.4.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-22336 | WordPress Wizhi Multi Filters by Wenprise plugin <= 1.8.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22342 | WordPress WP Simple Sitemap plugin <= 0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-22343 | WordPress wpSOL plugin <= 1.2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-22347 | WordPress BSK Forms Blacklist plugin <= 3.9 - CSRF to SQL Injection vulnerability |
| CVE-2025-22634 | WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22637 | WordPress Print PDF Generator and Publisher Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22658 | WordPress Listings for Appfolio plugin <= 1.2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-22669 | WordPress Awesome Event Booking plugin <= 2.7.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22685 | WordPress Tags to Keywords plugin <= 1.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-22688 | WordPress Unlimited Page Sidebars plugin <= 0.2.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-22690 | WordPress DigiTimber cPanel Integration plugin <= 1.4.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-22703 | WordPress Forge – Front-End Page Builder plugin <= 1.4.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22704 | WordPress Signature plugin <= 0.1 - Cross Site Request Forgery ( CSRF ) vulnerability |
| CVE-2025-22705 | WordPress Disqus Popular Posts plugin <= 2.1.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22731 | WordPress Build Private Store For Woocommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-23793 | WordPress Auto FTP plugin <= 1.0.1 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-23797 | WordPress WP Options Editor plugin <= 1.1 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-23800 | WordPress OrangeBox plugin <= 3.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23801 | WordPress Style Admin Plugin <= 1.4.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-23803 | WordPress Snippy Plugin <= 1.4.1 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23804 | WordPress WP Service Payment Form With Authorize.net Plugin <= 2.6.0 - CSRF to Reflected Cross Site Scripting (XSS) vulnerabi... |
| CVE-2025-23805 | WordPress SEOReseller Partner plugin <= 1.3.15 - CSRF to Stored XSS vulnerability |
| CVE-2025-23806 | WordPress Ultimate Subscribe Plugin <=1.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23808 | WordPress Custom List Table Example Plugin <=1.4.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23810 | WordPress Len Slider Plugin <= 2.0.11 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23815 | WordPress root Cookie plugin <= 1.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-23817 | WordPress MHR-Custom-Anti-Copy plugin <= 2.0 - CSRF to Stored Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-23818 | WordPress More Link Modifier plugin <= 1.0.3 - CSRF to Cross-Site Scripting vulnerability |
| CVE-2025-23820 | WordPress Content Security Policy Pro plugin <= 1.3.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-23821 | WordPress WP Cookies Alert plugin <= 1.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23822 | WordPress Category Custom Fields plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23823 | WordPress CNZZ&51LA for WordPress plugin <= 1.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23832 | WordPress Admin Cleanup plugin <= 1.0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23842 | WordPress WordPress Gallery Plugin plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-23844 | WordPress Custom Widget Classes plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23848 | WordPress Hotspots Analytics plugin <= 4.0.12 - CSRF to Stored XSS vulnerability |
| CVE-2025-23861 | WordPress Debt Calculator plugin <= 1.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23869 | WordPress CJ Custom Content plugin <= 2.0 - CSRF to Cross-Site Scripting vulnerability |
| CVE-2025-23870 | WordPress Copyright Safeguard Footer Notice plugin <= 3.0 - CSRF to Stored Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-23871 | WordPress LSD Google Maps Embedder plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23872 | WordPress PayForm plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23875 | WordPress Better Protected Pages plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-23880 | WordPress amr personalise plugin <= 2.10 - CSRF to Stored XSS vulnerability |
| CVE-2025-23884 | WordPress Annie plugin <= 2.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23895 | WordPress Add RSS plugin <= 1.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-23898 | WordPress Apply with LinkedIn buttons plugin <= 2.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-23900 | WordPress Genki Announcement plugin <= 1.4.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23901 | WordPress GravatarLocalCache plugin <= 1.1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23902 | WordPress Error Notification plugin <= 0.2.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-23922 | WordPress iSpring Embedder plugin <= 1.0 - CSRF to Arbitrary File Upload vulnerability |
| CVE-2025-23972 | WordPress Contact Form 7 reCAPTCHA plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-23976 | WordPress Issuu Panel plugin <= 2.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23977 | WordPress Post Carousel Slider plugin <= 2.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23978 | WordPress FlashCounter plugin <= 1.1.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23980 | WordPress Full Circle plugin <= 0.5.7.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23985 | WordPress Dynamic URL SEO plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-23989 | WordPress Internal Link Builder plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23990 | WordPress Scroll Styler plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23996 | WordPress AnyRoad plugin <= 1.3.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-8319 | Tourfic <= 2.11.20 - Cross-Site Request Forgery in Multiple Functions |
| CVE-2025-11976 | FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.2... |
| CVE-2025-12028 | IndieAuth <= 4.5.4 - Cross-Site Request Forgery to Account Takeover via Stolen OAuth Tokens |
| CVE-2025-12069 | WP Global Screen Options <= 0.2 - Cross-Site Request Forgery to Screen Options Update |
| CVE-2025-12400 | LMB^Box Smileys <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12401 | Label Plugins <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12402 | LinkedIn Resume <= 2.00 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12403 | Associados Amazon Plugin <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12410 | SH Contextual Help <= 3.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12412 | Top Bar Notification <= 1.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12413 | Social Media WPCF7 Stop Words <= 1.1.3 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-12415 | MapMap <= 1.1 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting |
| CVE-2025-12416 | Pagerank Tools <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12452 | Visit Counter 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12456 | Centangle Team Showcase <= 1.0.0 - Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripti... |
| CVE-2025-12479 | Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation |
| CVE-2025-1435 | bbPress <= 2.6.11 - Cross-Site Request Forgery to Limited Privilege Escalation |
| CVE-2025-1436 | Limit Bio <= 1.0 - Stored XSS via CSRF |
| CVE-2025-1441 | Royal Elementor Addons and Templates <= 1.7.1007 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2025-1463 | Spreadsheet Integration <= 3.8.2 - Cross-Site Request Forgery to Arbitrary Post Publish |
| CVE-2025-1473 | CSRF in mlflow/mlflow |
| CVE-2025-1506 | Wp Social Login and Register Social Counter <= 3.1.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-1530 | Tripetto <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion |
| CVE-2025-1891 | shishuocms cross-site request forgery |
| CVE-2025-1926 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modific... |
| CVE-2025-21193 | Active Directory Federation Server Spoofing Vulnerability |
| CVE-2025-2247 | WP-PManager <= 1.2 - Category Deletion via CSRF |
| CVE-2025-2248 | WP-PManager <= 1.2 - Admin+ SQL Injection |
| CVE-2025-22503 | WordPress Admin debug wordpress – enable debug Plugin <= 1.0.13 - Cross Site Request Forgery vulnerability |
| CVE-2025-22520 | WordPress Tock Widget Plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-22768 | WordPress Rocket Media Library Mime Type plugin <= 2.1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22784 | WordPress Background Control plugin <= 1.0.5 - CSRF to Arbitrary File Deletion vulnerability |
| CVE-2025-22814 | WordPress Zephyr Admin Theme Plugin <= 1.4.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-22963 | Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin. |
| CVE-2025-23044 | Cross-Site Request Forgery (CSRF) allows creating admin account with POST request |
| CVE-2025-23081 | Various security vulnerabilities in Extension:DataTransfer |
| CVE-2025-23113 | An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing... |
| CVE-2025-2319 | EZ SQL Reports Shortcode Widget and DB Backup 4.11.13 - 5.25.08 - Cross-Site Request Forgery to Remote Code Execution |
| CVE-2025-23445 | WordPress Easy Tynt plugin <= 0.2.5.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23446 | WordPress WP SpaceContent plugin <= 0.4.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23455 | WordPress WP VTiger Synchronization plugin <= 1.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23456 | WordPress EmailShroud plugin <= 2.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23463 | WordPress MD Custom content after or before of post plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23467 | WordPress RSS News Scroller plugin <= 2.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23470 | WordPress Visit Site Link enhanced plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23471 | WordPress ECT Add to Cart Button plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-23476 | WordPress my-related-posts plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23483 | WordPress Universal Analytics Injector plugin <= 1.0.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-23497 | WordPress Simple Project Manager plugin <= 1.2.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23499 | WordPress Board Election plugin <= 1.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23501 | WordPress Cookie Consent & Autoblock for GDPR/CCPA plugin <= 1.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23502 | WordPress Curated Search plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23508 | WordPress Extra Options – Favicons plugin <= 1.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23510 | WordPress WordPress Logging Service plugin <= 1.5.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23511 | WordPress WP-BlackCheck plugin <= 2.7.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23513 | WordPress Bible Embed plugin <= 0.0.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23530 | WordPress Custom Post Type Lockdown plugin <= 1.11 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-23532 | WordPress MyAnime Widget plugin <= 1.0 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-23533 | WordPress WP Lyrics plugin <= 0.4.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23537 | WordPress add custom google tag manager plugin <= 1.0.3 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-24772 | WordPress Pay with Contact Form 7 <= 1.0.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-24875 | SameSite Defense in Depth not applied for some cookies in SAP Commerce |
| CVE-2025-24897 | Misskey CSRF vulnerability due to insecure configuration of authentication cookie attributes |
| CVE-2025-24900 | Concorde CSRF vulnerability due to insecure configuration of authentication cookie attributes |
| CVE-2025-25123 | WordPress Easy Related Posts plugin <= 2.0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-25125 | WordPress Fyrebox Quizzes plugin <= 2.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-25126 | WordPress ZMSEO plugin <= 1.14.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-25128 | WordPress Facilita Form Tracker plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-25135 | WordPress Custom Links On Admin Dashboard Toolbar plugin <= 3.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-25138 | WordPress On Page SEO + Social Live Chat (Formerly OPS) plugin <= 2.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-25139 | WordPress WP Custom Post RSS Feed plugin <= 1.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-25140 | WordPress Simple User Profile plugin <= 1.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-25143 | WordPress GlobalQuran Plugin <= 1.0 - CSRF to Settings Change vulnerability |
| CVE-2025-25145 | WordPress Infusionsoft Analytics Plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2025-25146 | WordPress Songkick Concerts and Festivals plugin <= 0.9.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-25147 | WordPress Auto SEO plugin <= 2.5.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-25148 | WordPress Read More Copy Link plugin <= 1.0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-25149 | WordPress Login-box plugin <= 2.0.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-23426 | WordPress go Social plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23430 | WordPress Mass Custom Fields Manager plugin <= 1.5 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23435 | WordPress Password Protect Plugin for WordPress plugin <= 0.8.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23436 | WordPress Wp-Scribd-List plugin <= 1.2 - CSRF to XSS vulnerability |
| CVE-2025-23442 | WordPress Shockingly Big IE6 Warning plugin <= 1.6.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-23557 | WordPress Find Your Reps plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23558 | WordPress Geotagged Media plugin <= 0.3.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23559 | WordPress MemeOne plugin <= 2.0.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-23560 | WordPress Web Testimonials plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23566 | WordPress Custom Post plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23567 | WordPress GDReseller plugin <= 1.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-23569 | WordPress Shortcode in Comment plugin <= 1.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23572 | WordPress UpDownUpDown plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23573 | WordPress WP Background Tile plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23577 | WordPress Word Freshener plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-23617 | WordPress Floatbox Plus plugin <= 1.4.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-23618 | WordPress Twitter Shortcode plugin <= 0.9 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-23627 | WordPress Comment-Emailer plugin <= 1.0.5 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-23639 | WordPress MDC YouTube Downloader plugin <= 3.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23640 | WordPress Rename Author Slug plugin <= 1.2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23649 | WordPress Auphonic Importer plugin <= 1.5.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23654 | WordPress Twitter Post plugin <= 0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23659 | WordPress MercadoLibre Integration plugin <= 1.1 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-23660 | WordPress MFPlugin plugin <= 1.3 - CSRF to Cross-Site Scripting vulnerability |
| CVE-2025-23661 | WordPress NV Slider plugin <= 1.6 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-23662 | WordPress WP Panoramio plugin <= 1.5.0 - CSRF to Cross-Site Scripting vulnerability |
| CVE-2025-23664 | WordPress Real Seguro Viagem plugin <= 2.0.5 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-23665 | WordPress RSV GMaps plugin <= 1.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-23673 | WordPress Email on Publish plugin <= 1.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-23675 | WordPress Import Users to MailChimp plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23677 | WordPress HTTP to HTTPS link changer by Eyga.net plugin <= 0.2.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-23690 | WordPress Book a Place plugin <= 0.7.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23691 | WordPress Send to Twitter plugin <= 1.7.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23692 | WordPress Slider for Writers plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-23693 | WordPress Secure CAPTCHA plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23694 | WordPress Shabbos and Yom Tov plugin <= 1.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-23698 | WordPress WP Custom Google Search plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23702 | WordPress Anonymize Links plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23703 | WordPress Free MailClient FMC plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23708 | WordPress DF Draggable plugin <= 1.13.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23710 | WordPress Flying Twitter Birds plugin <= 1.8 - CSRF to Stored XSS vulnerability |
| CVE-2025-23712 | WordPress Kapost plugin <= 2.2.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-23713 | WordPress Hack me if you can plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23715 | WordPress Post & Page Notes plugin <= 0.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-23717 | WordPress Theme My Ontraport Smartform plugin <= 1.2.11 - CSRF to Stored XSS vulnerability |
| CVE-2025-23720 | WordPress Web Push plugin <= 1.4.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-23743 | WordPress Social Analytics plugin <= 0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-23745 | WordPress Call me Now plugin <= 1.0.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-23749 | WordPress mybb Last Topics plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-24001 | WordPress PPO Call To Actions plugin <= 0.1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-2420 | 猫宁i Morning cross-site request forgery |
| CVE-2025-24358 | gorilla/csrf CSRF vulnerability due to broken Referer validation |
| CVE-2025-24533 | WordPress MetaSlider plugin <= 3.92.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24537 | WordPress The Events Calendar plugin <= 6.7.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24538 | WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24540 | WordPress Website Builder by SeedProd plugin <= 6.18.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24543 | WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24546 | WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24549 | WordPress Post Meta plugin <= 1.0.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24555 | WordPress Subscription DNA plugin <= 2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-24561 | WordPress ReviewsTap plugin <= 1.1.2 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-24562 | WordPress KBucket plugin <= 4.1.6 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-24568 | WordPress Starter Templates plugin <= 4.4.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24572 | WordPress WP Fast Total Search plugin <= 1.78.258 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24622 | WordPress Job Board Manager plugin <= 2.1.59 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24623 | WordPress Really Simple Security plugin <= 9.1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24636 | WordPress MachForm Shortcode plugin <= 1.4.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-24647 | WordPress WooCommerce Cloak Affiliate Links plugin <= 1.0.35 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24696 | WordPress Gutenberg Blocks and Page Layouts Plugin <= 1.9.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24698 | WordPress Essential Real Estate plugin <= 5.1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24699 | WordPress WP Coder Plugin <= 3.6 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24711 | WordPress Popup Box Plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24712 | WordPress Radius Blocks – WordPress Gutenberg Blocks Plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24713 | WordPress Button Generator – easily Button Builder Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24714 | WordPress Bubble Menu Plugin <= 4.0.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24715 | WordPress Counter Box Plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-24716 | WordPress Herd Effects Plugin <= 6.2.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-24717 | WordPress Modal Window Plugin <= 6.1.4 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-24720 | WordPress Sticky Buttons Plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-24724 | WordPress Side Menu Lite Plugin <= 5.3.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-24738 | WordPress Call Now Button plugin <= 1.4.13 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24739 | WordPress FluentSMTP plugin <= 2.2.80 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24742 | WordPress WP Google Maps plugin <= 9.0.40 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24749 | WordPress EZPZ SAML SP Single Sign On (SSO) plugin <= 1.2.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-24756 | WordPress Roi Calculator plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-24982 | Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicio... |
| CVE-2025-25056 | Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while... |
| CVE-2025-25071 | WordPress Vignette Ads plugin <= 0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-25072 | WordPress WP Admin Custom Page plugin <= 1.5.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-25074 | WordPress WP Social Stream plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-25075 | WordPress Show notice or message on admin area plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-25086 | WordPress Secret Meta plugin <= 1.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25088 | WordPress WP Keyword Monitor Plugin <=1.0.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-25093 | WordPress Child Themes Helper plugin <= 2.2.7 - CSRF to Arbitrary File Deletion vulnerability |
| CVE-2025-25100 | WordPress Cazamba plugin <= 1.2 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25101 | WordPress Munk Sites plugin <= 1.0.7 - CSRF to Arbitrary Plugin Installation vulnerability |
| CVE-2025-25103 | WordPress Indeed API Plugin <= 0.5 - CSRF to Settings Change vulnerability |
| CVE-2025-25104 | WordPress URL-Preview-Box plugin <= 1.20 - CSRF to Stored XSS vulnerability |
| CVE-2025-25106 | WordPress Starter Templates by FancyWP plugin <= 2.0.0 - CSRF to Arbitrary Plugin Installation vulnerability |
| CVE-2025-25107 | WordPress OneStore Sites plugin <= 0.1.1 - CSRF to Arbitrary Plugin Installation vulnerability |
| CVE-2025-25111 | WordPress WP Spell Check Plugin <= 9.21 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-26211 | Gibbon before 29.0.00 allows CSRF. |
| CVE-2025-26543 | WordPress Simple Responsive Menu plugin <= 2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-26545 | WordPress Related Posts Line-up-Exactly by Milliard plugin <= 0.0.22 - CSRF to Stored XSS vulnerability |
| CVE-2025-26547 | WordPress My Login Logout Plugin plugin <= 2.4 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-26549 | WordPress WP Html Page Sitemap plugin <= 2.2 - CSRF to Stored Cross-Site Scripting |
| CVE-2025-26550 | WordPress Global Meta Keyword & Description plugin <= 2.3 - CSRF to Cross-Site Scripting vulnerability |
| CVE-2025-26562 | WordPress RSS FIlter Plugin <= 1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26568 | WordPress Easy Amazon Product Information plugin <= 4.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-26569 | WordPress Post Thumbs Plugin <= 1.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-26570 | WordPress Glance That plugin <= 4.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-26571 | WordPress Wibiya Toolbar plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-26572 | WordPress WP PHPList Plugin <= 1.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-26577 | WordPress DX-auto-publish plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-26578 | WordPress Simple Documentation plugin <= 1.2.8 - CSRF to Stored XSS vulnerability |
| CVE-2025-26580 | WordPress Page/Post Specific Social Share Buttons plugin <= 2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-26582 | WordPress TinyMCE Advanced qTranslate fix editor problems plugin <= 1.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-25152 | WordPress Smart DoFollow plugin <= 1.0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-25153 | WordPress Simple Auto Tag plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-25154 | WordPress Custom Comment Notifications plugin <= 1.0.8 - CSRF to Stored XSS vulnerability |
| CVE-2025-25156 | WordPress Quote Comments plugin <= 2.2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-25160 | WordPress Style Tweaker plugin <= 0.11 - CSRF to Stored XSS vulnerability |
| CVE-2025-25166 | WordPress InLocation plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25168 | WordPress BookPress – For Book Authors Plugin <= 1.2.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-26748 | WordPress Arkhe theme <= 3.11.0 - CSRF to Local File Inclusion vulnerability |
| CVE-2025-26759 | WordPress Content Snippet Manager plugin <= 1.1.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-26768 | WordPress what3words Address Field plugin <= 4.0.15 - CSRF to Stored XSS vulnerability |
| CVE-2025-26899 | WordPress Recapture for WooCommerce Plugin <= 1.0.43 - CSRF to Settings Change vulnerability |
| CVE-2025-26902 | WordPress Brizy Pro plugin <= 2.6.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-26903 | WordPress InPost Gallery plugin <= 2.1.4.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-26910 | WordPress WPBookit plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-26925 | WordPress Admin Menu Manager plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-26926 | WordPress Booknetic plugin <= 4.0.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-26931 | WordPress Tribulant Gallery Voting plugin <= 1.2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-26963 | WordPress ClickWhale plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-27003 | WordPress Quick Paypal Payments Plugin <= 5.7.46 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27009 | WordPress My auctions allegro plugin <= 3.6.20 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27012 | WordPress A1POST.BG Shipping for Woo plugin <= 1.5.1 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-27328 | WordPress WP-PostRatings Cheater Plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27332 | WordPress Smart Maintenance & Countdown Plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-27335 | WordPress Auto Tag Links Plugin <= 1.0.13 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27336 | WordPress Just Variables Plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27339 | WordPress Minimum Password Strength Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27340 | WordPress F12-Profiler Plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27342 | WordPress WooCommerce Recargo de Equivalencia Plugin <= 1.6.24 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27344 | WordPress Phee's LinkPreview Plugin <= 1.6.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27353 | WordPress Namaste! LMS Plugin <= 2.6.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27355 | WordPress Woocommerce – Loi Hamon Plugin <= 1.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-27357 | WordPress Önceki Yazı Link Plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27359 | WordPress WP Media File Type Manager plugin <= 2.3.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-27360 | WordPress Quick Event Calendar <= 1.4.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-27402 | Tuleap is missing CSRF protections on tracker fields administrative operations |
| CVE-2025-27441 | Zoom Workplace Apps - Cross Site Scripting |
| CVE-2025-27442 | Zoom Workplace Apps - Cross Site Scripting |
| CVE-2025-27792 | Opal vulnerable to CSRF protection bypass |
| CVE-2025-27912 | An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra... |
| CVE-2025-2797 | Woffice Core <= 5.4.21 - Cross-Site Request Forgery to User Registration Approval |
| CVE-2025-2832 | mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 cross-site request forgery |
| CVE-2025-28940 | WordPress Back To Top Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28941 | WordPress SPAM-BYBYE Plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28948 | WordPress Mediabay - WordPress Media Library Folders plugin <= 1.4 - CSRF to Reflected XSS vulnerability |
| CVE-2025-28950 | WordPress Post Author <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-28952 | WordPress CubePoints <= 3.2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-28954 | WordPress Backwp plugin <= 2.0.2 - CSRF to Arbitrary File Deletion vulnerability |
| CVE-2025-28958 | WordPress Bg Orthodox Calendar plugin <= 0.13.10 - CSRF to Stored XSS vulnerability |
| CVE-2025-28964 | WordPress Personal Favicon plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-28966 | WordPress Recent Posts Slider Responsive plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-23765 | WordPress W3SPEEDSTER plugin <= 7.33 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27189 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) |
| CVE-2025-27276 | WordPress Photo Gallery ( Responsive ) plugin <= 4.0 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-27277 | WordPress Add Linked Images To Gallery plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-27290 | WordPress Select Erima Zarinpal Donate Plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27298 | WordPress WP Video Posts plugin <= 3.5.1 - CSRF to Remote Code Execution (RCE) vulnerability |
| CVE-2025-27311 | WordPress Bulk Content Creator Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27315 | WordPress All-In-One Cufon Plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27316 | WordPress JPG, PNG Compression and Optimization Plugin <= 1.7.35 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27317 | WordPress RAYS Grid Plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27318 | WordPress Simple Google Sitemap Plugin <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-27321 | WordPress Blightly Explorer plugin <= 2.3.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-27454 | CVE-2025-27454 |
| CVE-2025-27579 | In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address (aka stratum... |
| CVE-2025-2863 | Cross-site request forgery (CSRF) vulnerability in saTECH BCU |
| CVE-2025-2871 | WordPress Mega Menu – QuadMenu <= 3.2.0 - Cross-Site Request Forgery to Limited User Meta Update |
| CVE-2025-28856 | WordPress W3Counter Free Real-Time Web Stats plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28857 | WordPress Rankchecker.io Integration plugin <= 1.0.9 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28859 | WordPress Maintenance Notice plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28860 | WordPress Google News Editors Picks Feed Generator plugin <= 2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-28861 | WordPress WP jQuery Persian Datepicker plugin <= 0.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-28862 | WordPress Comment Date and Gravatar remover plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28863 | WordPress Delete Original Image plugin <= 0.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28864 | WordPress Builder for Contact Form 7 by Webconstruct plugin <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28866 | WordPress Login Logger plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28867 | WordPress Frontpage category filter plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28868 | WordPress ZipList Recipe plugin <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28876 | WordPress Skrill Official plugin <= 1.0.65 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28881 | WordPress Mobile Themes plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28883 | WordPress WP Compare Tables plugin <= 1.0.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-28884 | WordPress WP Bulk Post Duplicator plugin <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28886 | WordPress REST API TO MiniProgram plugin <= 4.7.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28887 | WordPress Plugins Last Updated Column plugin <= 0.1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28891 | WordPress price-calc plugin <= 0.6.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-28892 | WordPress FTP Sync plugin <= 1.1.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-28894 | WordPress List of Posts from each Category plugin for WordPress plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-28897 | WordPress Domain Theme plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-28900 | WordPress TabGarb Pro plugin <= 2.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-28901 | WordPress Members page only for logged in users plugin <= 1.4.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-28902 | WordPress Contact Form 7 Select Box Editor Button plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28909 | WordPress WP No-Bot Question plugin <= 0.1.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28910 | WordPress WP Hide Admin Bar plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28912 | WordPress Custom Dashboard Page plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28913 | WordPress WP Add Active Class To Menu Item plugin <=1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28922 | WordPress Go To Top plugin <= 0.0.8 - CSRF to Stored XSS vulnerability |
| CVE-2025-28923 | WordPress No Disposable Email plugin <= 2.5.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-28925 | WordPress WATI Chat and Notification plugin <= 1.1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28927 | WordPress Display Template Name plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28931 | WordPress WordPress Hashtags plugin <= 0.3.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-28932 | WordPress Insert Code plugin <= 2.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-28933 | WordPress MaxA/B plugin <= 2.2.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-31023 | WordPress Seo Meta Tags plugin <= 1.4 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-31026 | WordPress Comment Validation Reloaded plugin <= 0.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-31032 | WordPress Pagopar – WooCommerce Gateway plugin <= 2.7.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31033 | WordPress Buddypress Humanity plugin <= 1.2 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-31034 | WordPress Customize Login Page plugin <= 1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-31036 | WordPress WPSolr plugin <= 24.0 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-31038 | WordPress Essential Breadcrumbs plugin <= 1.1.1 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-31068 | WordPress Seven Stars <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31079 | WordPress Usermaven plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-3131 | ECA: Event - Condition - Action - Critical - Cross site request forgery - SA-CONTRIB-2025-031 |
| CVE-2025-31328 | Cross-Site Request Forgery (CSRF) vulnerability in SAP S/4 HANA (Learning Solution) |
| CVE-2025-31375 | WordPress Scheduled plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-31382 | WordPress Language Field plugin <= 0.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-26593 | WordPress FastBook <= 1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-29766 | Tuleap has missing CSRF protections on artifact submission & edition from the tracker view |
| CVE-2025-29929 | Tuleap is missing CSRF protection on tracker hierarchy administration |
| CVE-2025-3037 | yzk2356911358 StudentServlet-JSP cross-site request forgery |
| CVE-2025-30521 | WordPress GP Back To Top plugin <= 3.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30522 | WordPress Contact Form 7 Material Design plugin <= 1.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-30526 | WordPress Typekit plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30528 | WordPress Awesome Logos plugin <= 1.2 - CSRF to SQL Injection vulnerability |
| CVE-2025-30529 | WordPress Auto Load Next Post plugin <= 1.5.14 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30531 | WordPress WP Ride Booking plugin <= 2.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30534 | WordPress Image Captcha plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-30535 | WordPress External image replace plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-30538 | WordPress Simple Optimizer plugin <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30541 | WordPress Info Boxes Shortcode And Widgets plugin <= 1.15 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30542 | WordPress WP SoundCloud Ultimate plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30546 | WordPress Cackle plugin <= 4.33 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30549 | WordPress Yummly Rich Recipes plugin <= 4.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30550 | WordPress CallPhone'r plugin <= 1.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-30552 | WordPress WordPress Admin Bar Improved plugin <= 3.3.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-30555 | WordPress WordPres 同步微博 plugin <= 1.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-30556 | WordPress Fix Rss Feeds plugin <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30557 | WordPress Easy 301 Redirects plugin <= 1.33 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30558 | WordPress ANAC XML Render plugin <= 1.5.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-30560 | WordPress jQuery Dropdown Menu plugin <= 3.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-30561 | WordPress CAS Maestro plugin <= 1.1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-30564 | WordPress Custom Script Integration - <= <= 2.1 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30565 | WordPress banner-manager plugin <= 16.04.19 - CSRF to Stored XSS vulnerability |
| CVE-2025-30568 | WordPress Super Static Cache - <= <= 3.3.5 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30572 | WordPress Simple Rating plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-30576 | WordPress Hacklog Remote Image Autosave - <= <= 2.1.0 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30577 | WordPress Browser Address Bar Color plugin <= 3.3 - Cross Site Request Forgery (CSRF) to Stored XSS Vulnerability |
| CVE-2025-30578 | WordPress AdSense Privacy Policy plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) to Stored XSS Vulnerability |
| CVE-2025-30583 | WordPress Pro Rank Tracker plugin <= 1.0.0 - CSRF to Stored XSS Vulnerability |
| CVE-2025-30584 | WordPress AlphaOmega Captcha & Anti-Spam Filter plugin <= 3.3 - CSRF to Stored XSS Vulnerability |
| CVE-2025-30585 | WordPress Generate Post Thumbnails - <= <= 0.8 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30586 | WordPress cTabs plugin <= 1.3 - CSRF to Stored XSS Vulnerability |
| CVE-2025-30587 | WordPress LH OGP Meta plugin <= 1.73 - CSRF to Stored XSS Vulnerability |
| CVE-2025-30588 | WordPress Map Contact plugin <= 3.0.4 - CSRF to Stored XSS Vulnerability |
| CVE-2025-30598 | WordPress OSS Upload - <= <= 4.8.9 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30601 | WordPress Flipdish Ordering System plugin <= 1.4.16 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-30603 | WordPress CopyLink plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-30608 | WordPress WordPress SQL Backup - <= <= 3.5.2 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30612 | WordPress Replace Default Words plugin <= 1.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-30615 | WordPress WP e-Commerce Style Email plugin <= 0.6.2 - CSRF to Remote Code Execution vulnerability |
| CVE-2025-30617 | WordPress Rewrite - <= <= 0.2.1 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30619 | WordPress SpeakPipe - <= <= 0.2 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30620 | WordPress WP Odoo Form Integrator plugin <=1.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-30621 | WordPress Translator plugin <= 0.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-30629 | WordPress Bitly URL Shortener <= 1.3.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-28974 | WordPress Free WP Mail SMTP plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-28981 | WordPress WP Mail Options plugin <= 0.2.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-28984 | WordPress Subscription Renewal Reminders for WooCommerce plugin <= 1.3.7 - Cross Site Request Forgery to Notice Dismissal vul... |
| CVE-2025-28986 | WordPress Epicwin Plugin plugin <= 1.5 - CSRF to SQL Injection vulnerability |
| CVE-2025-29005 | WordPress HR Management Lite <= 3.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-2907 | Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update |
| CVE-2025-2935 | Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms <= 2024.7 - Cross-Site Request Forgery to Multiple Administrat... |
| CVE-2025-30801 | WordPress TWB Woocommerce Reviews plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30804 | WordPress wpShopGermany IT-RECHT KANZLEI plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30805 | WordPress Flexible Cookies plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30811 | WordPress ValidateCertify plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30815 | WordPress Hesabfa Accounting plugin <= 2.1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30816 | WordPress publish post email notification plugin <= 1.0.2.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabil... |
| CVE-2025-30822 | WordPress Custom Login Logo Plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30823 | WordPress Anthologize Plugin <= 0.8.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30833 | WordPress Verge3D Publishing and E-Commerce Plugin <= 4.8.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30842 | WordPress Christmas Panda plugin <= 1.0.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30854 | WordPress Serial Codes Generator and Validator with WooCommerce Support plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) v... |
| CVE-2025-30856 | WordPress Custom Field For WP Job Manager plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30857 | WordPress Currency Switcher for WooCommerce plugin <= 0.0.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-30862 | WordPress reCAPTCHA for all plugin <= 2.22 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30863 | WordPress Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.0.9 - Cross Site Requ... |
| CVE-2025-30865 | WordPress 3DPrint Lite plugin <= 2.1.3.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30872 | WordPress Product Author for WooCommerce plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30888 | WordPress Custom Fields Account Registration For Woocommerce Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30908 | WordPress Web Directory Free plugin <= 1.7.6 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30912 | WordPress Float menu plugin <= 6.1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-30919 | WordPress Store Locator Widget plugin <= 20200131 - CSRF to Stored XSS vulnerability |
| CVE-2025-30923 | WordPress Gift Message for WooCommerce plugin <= 1.7.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30946 | WordPress Custom Bulk/Quick Edit <= 1.6.10 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30948 | WordPress Layouts for Elementor <= 1.11 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30956 | WordPress Booqable Rental <= 2.4.20 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30965 | WordPress WPJobBoard plugin < 5.11.1 - Multiple Cross Site Request Forgery (CSRF) vulnerabilities vulnerability |
| CVE-2025-30967 | WordPress WPJobBoard plugin < 5.11.1 - CSRF to Remote Code Execution (RCE) vulnerability |
| CVE-2025-30968 | WordPress Advanced Post List <= 0.5.6.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30980 | WordPress Simple Keyword to Link <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30981 | WordPress WP-Recall plugin <= 16.26.14 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-30986 | WordPress Elite Video Player <= 10.0.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-3099 | Advanced Search by My Solr Server <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-30994 | WordPress CubeWP – All-in-One Dynamic Content Framework plugin <= 1.1.23 - Cross Site Request Forgery (CSRF) to Settings Chan... |
| CVE-2025-30995 | WordPress Widgetize Pages Light plugin <= 3.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-31005 | WordPress Easyfonts plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31010 | WordPress SimplyRETS Real Estate IDX plugin <= 3.0.3 - CSRF to Multiple Admin Actions vulnerability |
| CVE-2025-31435 | WordPress Microblog Poster plugin <= 2.1.6 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-31438 | WordPress WP Supersized <= 3.1.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31439 | WordPress Browser Caching with .htaccess 1.2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31440 | WordPress Terms of Use plugin <= 2.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-31443 | WordPress KK I Like It plugin <= 1.7.5.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-31444 | WordPress ShowTime Slideshow plugin <= 1.6 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-31447 | WordPress NertWorks All in One Social Share Tools <=1.26 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31448 | WordPress Simple Trackback Disabler <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31449 | WordPress The Visitor Counter plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-31456 | WordPress Ultimate Security Checker plugin <= 4.2 - Cross Site Request Forgery (CSRF) to Security Rescan vulnerability |
| CVE-2025-31457 | WordPress LWS SMS <= 2.4.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31458 | WordPress Video Embedder plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-31459 | WordPress Login Alert plugin <= 0.2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31460 | WordPress OmniLeads Scripts and Tags Manager plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-31474 | WordPress WP Database Optimizer <= 1.2.1.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31482 | FreshRSS vulnerable to DoS by malicious feed entry loading logout URL |
| CVE-2025-3150 | itning Student Homework Management System cross-site request forgery |
| CVE-2025-3153 | Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 - CSRF and XSS in Concrete CMS Custom Address attribute |
| CVE-2025-32476 | WordPress Advanced Tag Lists plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-32477 | WordPress WP-Easy Menu plugin <= 0.41 - CSRF to Stored XSS vulnerability |
| CVE-2025-32478 | WordPress WP SexyLightBox plugin <= 0.5.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-32479 | WordPress Flags Widget plugin <= 1.0.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-32480 | WordPress Windows Live Writer plugin <= 0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32481 | WordPress Nino Social Connect plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-32482 | WordPress Custom Smilies plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-31383 | WordPress FrescoChat Live Chat plugin <= 3.2.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-31385 | WordPress Site Table of Contents plugin <= 0.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-31388 | WordPress The World plugin <= 0.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-31390 | WordPress Social Crowd plugin <= 0.9.6.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31391 | WordPress Script Compressor plugin <= 1.7.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31392 | WordPress Smart Product Gallery Slider plugin <= 1.0.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-31393 | WordPress Social Bookmarking RELOADED plugin <= 3.18 - CSRF to Stored XSS vulnerability |
| CVE-2025-31395 | WordPress Easy Custom CSS plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-31399 | WordPress CG Scroll To Top plugin <= 3.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-31400 | WordPress WS Audio Player plugin <= 1.1.8 - CSRF to Stored XSS vulnerability |
| CVE-2025-31401 | WordPress MMX – Make Me Christmas plugin <= 1.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-31402 | WordPress NewsBoard Post and RSS Scroller plugin <= 1.2.12 - CSRF to Stored XSS vulnerability |
| CVE-2025-31404 | WordPress AF Tell a Friend plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-31410 | WordPress WP Church Donation plugin <= 1.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31566 | WordPress Rio Video Gallery plugin <= 2.3.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-31569 | WordPress wordpress related Posts with thumbnails plugin <= 3.0.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31570 | WordPress Related Posts Widget with Thumbnails plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-31572 | WordPress Multi Days Events and Multi Events in One Day Calendar plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerab... |
| CVE-2025-31583 | WordPress WP Copy Media URL plugin <= 2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31585 | WordPress Leadfox for WordPress plugin <= 2.1.8 - CSRF to Stored XSS vulnerability |
| CVE-2025-31588 | WordPress Elfsight Testimonials Slider plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-31600 | WordPress DesignO plugin <= 2.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31601 | WordPress Appointy Appointment Scheduler plugin <= 4.2.1 - CSRF to Settings Change vulnerability |
| CVE-2025-31602 | WordPress Apimo Connector plugin <= 2.6.3.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-31613 | WordPress AB Google Map Travel plugin <= 4.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-31616 | WordPress Varnish WordPress plugin <= 1.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-31617 | WordPress PostmarkApp Email Integrator plugin <= 2.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-31623 | WordPress Rich Text Editor plugin <= 1.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31639 | WordPress Spare <= 1.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-32112 | WordPress Sidebar Manager Light plugin <= 1.1.8 - CSRF to Stored XSS vulnerability |
| CVE-2025-32113 | WordPress Libro de Reclamaciones y Quejas plugin <= 0.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-32241 | WordPress Official CleverReach WooCommerce Integration Plugin <= 3.4.3 - CSRF to Settings Change vulnerability |
| CVE-2025-32247 | WordPress AI Content Creator plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32248 | WordPress SwiftXR (3D/AR/VR) Viewer plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32249 | WordPress DirectoryPress – Business Directory And Classified Ad Listing Plugin <=3.6.19 - Cross Site Request Forgery (CSRF) v... |
| CVE-2025-32250 | WordPress Rollbar plugin <= 2.7.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32261 | WordPress Advanced All in One Admin Search by WP Spotlight <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-32262 | WordPress RDP Wiki Embed plugin <= 1.2.20 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-32263 | WordPress Sequential Order Numbers for WooCommerce plugin <= 3.6.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32264 | WordPress UltraAddons – Elementor Addons plugin <= 2.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32265 | WordPress JobWP plugin <= 2.3.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32266 | WordPress 404 Image Redirection (Replace Broken Images) plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32267 | WordPress WP to Hootsuite plugin <= 1.5.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32268 | WordPress QR Code Tag for WC plugin <= 1.9.36 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-32269 | WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Plugin <= 1.1.3 - Cross Site Request... |
| CVE-2025-32270 | WordPress Broadstreet Plugin <= 1.51.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-32271 | WordPress Woocommerce Role Pricing Plugin <= 3.5.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32272 | WordPress Wishlist Plugin <= 1.0.44 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32273 | WordPress Freetobook Responsive Widget Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32274 | WordPress w3all phpBB integration Plugin <= 2.9.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-30632 | WordPress Global Translator <= 2.0.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-3064 | WPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function |
| CVE-2025-30764 | WordPress Football Pool plugin <= 2.12.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-30769 | WordPress WIP WooCarousel Lite plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-30783 | WordPress WP Google Review Slider plugin <= 16.0 - CSRF to SQL Injection vulnerability |
| CVE-2025-30787 | WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to Stored XSS vulnerability |
| CVE-2025-30788 | WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to SQL Injection vulnerability |
| CVE-2025-31677 | AI (Artificial Intelligence) - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-003 |
| CVE-2025-31680 | Matomo Analytics - Moderately critical - Cross site request forgery - SA-CONTRIB-2025-008 |
| CVE-2025-31683 | Google Tag - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-012 |
| CVE-2025-31684 | OAuth2 Client - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-013 |
| CVE-2025-31688 | Configuration Split - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-017 |
| CVE-2025-31689 | General Data Protection Regulation - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-018 |
| CVE-2025-31690 | Cache Utility - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-019 |
| CVE-2025-31751 | WordPress Breaking News WP Plugin <= 1.3 - CSRF to Settings Change vulnerability |
| CVE-2025-31753 | WordPress Advanced Speed Increaser Plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31756 | WordPress TZ PlusGallery Plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31763 | WordPress Cache control by Cacholong Plugin <= 5.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31769 | WordPress CLP – Custom Login Page by NiteoThemes plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31775 | WordPress Google SEO Pressor for Rich snippets Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31776 | WordPress Uptime Robot Plugin <= 2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31779 | WordPress Query Wrangler plugin <= 1.5.53 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31784 | WordPress Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more Plugin <= 1.4.0 - Cross Site Request Forgery... |
| CVE-2025-31785 | WordPress Clearbit Reveal plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31807 | WordPress Product Notices for WooCommerce plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31808 | WordPress SCSS WP Editor Plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31809 | WordPress Labinator Content Types Duplicator Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31814 | WordPress OwnerRez Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31828 | WordPress Easy!Appointments plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-31839 | WordPress Footer Contacts Bar Plugin <= 1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31840 | WordPress Simple Fixed Notice Plugin <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31845 | WordPress Theme Duplicator Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31852 | WordPress Bulk Product Sync plugin <= 8.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31859 | WordPress Feedbucket – Website Feedback Tool Plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31880 | WordPress Pearl plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31888 | WordPress WP Multi Store Locator Plugin <= 2.5.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31904 | WordPress Ebook Downloader plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-31906 | WordPress WP Profitshare Plugin <= 1.4.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-31908 | WordPress JSON Structuring Markup plugin <= 0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31915 | WordPress Pixel WordPress Form BuilderPlugin & Autoresponder <= 1.0.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31921 | WordPress WP Ultimate Tours Builder <= 1.055 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31922 | WordPress CSS3 Accordions for WordPress plugin <= 3.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-32500 | WordPress Codescar Radio Widget plugin <= 0.4.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32501 | WordPress RentSyst plugin <= 2.0.92 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-32502 | WordPress ePaper Lister for Yumpu plugin <= 1.4.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-32505 | WordPress MultiMailer plugin <= 1.0.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-32518 | WordPress ALD Login Page plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32545 | WordPress WooCommerce Products without featured images Plugin <= 0.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerabi... |
| CVE-2025-32546 | WordPress All push notification for WP Plugin <= 1.5.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32547 | WordPress All push notification for WP Plugin <= 1.5.3 - CSRF to SQL Injection vulnerability |
| CVE-2025-32555 | WordPress SEO, Nutrition and Print for Recipes by Edamam plugin <= 3.3 - CSRF to Cross-Site Scripting vulnerability |
| CVE-2025-32556 | WordPress Simple Post Meta Manager Plugin <= 1.0.9 - CSRF to Reflected Cross-Site Scripting vulnerability |
| CVE-2025-32559 | WordPress REVE Chat plugin <= 6.2.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-32563 | WordPress WP Calais Auto Tagger plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-3257 | xujiangfei admintwo updateSet cross-site request forgery |
| CVE-2025-32575 | WordPress WP w3all phpBB Plugin <= 2.9.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-32576 | WordPress WP shop plugin <= 2.6.0 - CSRF to Arbitrary File Upload vulnerability |
| CVE-2025-32584 | WordPress Chat2 plugin <= 3.6.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-32591 | WordPress WP Abstracts Plugin <= 2.7.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-32597 | WordPress WordPress Events Calendar Plugin – connectDaily plugin <= 1.4.8 - CSRF to Cross-Site Scripting vulnerability |
| CVE-2025-32606 | WordPress Listings for Buildium plugin <= 0.1.4 - CSRF to Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2025-32610 | WordPress Foliopress WYSIWYG plugin <= 2.6.18 - CSRF to Stored XSS vulnerability |
| CVE-2025-32612 | WordPress User Session Synchronizer plugin <= 1.4.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-32616 | WordPress Nimbata Call Tracking plugin <= 1.7.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32617 | WordPress Multiple Location Google Map plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32619 | WordPress KeyCAPTCHA plugin <= 2.5.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32621 | WordPress WP Map Route Planner plugin <= 1.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-32623 | WordPress PlainInventory plugin <= 3.1.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-32641 | WordPress Anant Addons for Elementor plugin <= 1.1.5 - CSRF to Arbitrary Plugin Installation vulnerability |
| CVE-2025-32642 | WordPress Vite Coupon plugin <= 1.0.7 - CSRF to Remote Code Execution (RCE) vulnerability |
| CVE-2025-32644 | WordPress IP2Location World Clock Plugin <= 1.1.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-32645 | WordPress Custom Posts Order Plugin <= 4.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32655 | WordPress Restrict User Registration plugin <= 1.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32659 | WordPress FraudLabs Pro for WooCommerce plugin <= 2.22.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-32661 | WordPress Interactive US Map plugin <= 2.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-32664 | WordPress Nepali Date Utilities plugin <= 1.0.13 - CSRF to Stored XSS vulnerability |
| CVE-2025-32667 | WordPress Doppler Forms plugin <= 2.4.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-32669 | WordPress Mergado Pack plugin <= 4.1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-41254 | Spring Framework STOMP CSRF Vulnerability |
| CVE-2025-4327 | MRCMS cross-site request forgery |
| CVE-2025-32484 | WordPress WP-Planification – WP-Planning plugin <= 2.3.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32485 | WordPress WP Performance Pack <= 2.5.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-32494 | WordPress reCAPTCHA Jetpack <= 0.2.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-32496 | WordPress Ultra Demo Importer plugin <= 1.0.5 - CSRF to RCE vulnerability |
| CVE-2025-32497 | WordPress Spoiler Block plugin <= 1.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-32498 | WordPress VKontakte Cross-Post plugin <= 0.3.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-32673 | WordPress Epeken All Kurir plugin <= 1.4.6.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-32678 | WordPress WP Show Stats plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32679 | WordPress User Registration Using Contact Form 7 plugin <= 2.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-3284 | User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request For... |
| CVE-2025-32922 | WordPress WP2LEADS plugin <= 3.5.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-34050 | AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery |
| CVE-2025-34133 | Wimi Teamwork < v7.38.17 CSRF |
| CVE-2025-35030 | Medical Informatics Engineering Enterprise Health cross site request forgery |
| CVE-2025-3557 | ScriptAndTools eCommerce-website-in-PHP cross-site request forgery |
| CVE-2025-3561 | ghostxbh uzy-ssm-mall cross-site request forgery |
| CVE-2025-3808 | zhenfeng13 My-BBS cross-site request forgery |
| CVE-2025-3843 | panhainan DS-Java cross-site request forgery |
| CVE-2025-3907 | Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046 |
| CVE-2025-39437 | WordPress Anthologize plugin <= 0.8.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39438 | WordPress Theme Changer plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39440 | WordPress Broken Links Remover plugin <= 1.2.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-39441 | WordPress Dashboard Notepads plugin <= 1.2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-39442 | WordPress Review Wave – Google Places Reviews plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39443 | WordPress Verge3D plugin <= 4.9.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39453 | WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.9.3 - Cross Site Request Forgery (CSRF) to Settings Change vul... |
| CVE-2025-39455 | WordPress IP2Location Variables plugin <= 2.9.5 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39472 | WordPress WooCommerce Social Login plugin < 2.8.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39512 | WordPress Bulk Term Editor <= 1.1.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-39517 | WordPress Basic Interactive World Map plugin <= 2.7 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-39530 | WordPress Site Search 360 plugin <= 2.1.7 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-39544 | WordPress WP Tools plugin <= 5.18 - CSRF to Arbitrary File Deletion vulnerability |
| CVE-2025-39546 | WordPress ElementsReady Addons for Elementor <= 6.6.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-39547 | WordPress Internal Link Optimiser plugin <= 5.1.3 - CSRF to XSS vulnerability |
| CVE-2025-39548 | WordPress Right Click Disable OR Ban plugin <= 1.1.17 - CSRF to Stored XSS vulnerability |
| CVE-2025-39563 | WordPress Conditional Payments for WooCommerce <= 3.3.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-39564 | WordPress Conditional Shipping for WooCommerce <= 3.4.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-3959 | withstars Books-Management-System reader_delete.html cross-site request forgery |
| CVE-2025-39593 | WordPress Ever Accounting <= 2.1.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-39600 | WordPress Integration for WooCommerce and QuickBooks <= 1.3.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-39601 | WordPress Custom CSS, JS & PHP plugin <= 2.4.1 - CSRF to RCE vulnerability |
| CVE-2025-3964 | withstars Books-Management-System Article del cross-site request forgery |
| CVE-2025-3979 | dazhouda lecms Password Change index.php cross-site request forgery |
| CVE-2025-4282 | SourceCodester/oretnom23 Stock Management System Users.php cross-site request forgery |
| CVE-2025-42908 | Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAP |
| CVE-2025-42923 | Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (F4044 Manage Work Center Groups) |
| CVE-2025-46435 | WordPress Time Based Greeting plugin <= 2.2.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-46436 | WordPress SCSS-Library <= 0.4.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46439 | WordPress Plugin Central plugin <= 2.5.1 - CSRF to Arbitrary File Deletion vulnerability |
| CVE-2025-46442 | WordPress Loan Calculator plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-46450 | WordPress occupancyplan plugin <= 1.0.3.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-46452 | WordPress Google News plugin <= 2.5.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-46457 | WordPress Wp Custom CMS Block plugin <= 2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-46458 | WordPress occupancyplan plugin <= 1.0.3.0 - CSRF to SQL Injection vulnerability |
| CVE-2025-46462 | WordPress WPVN <= 0.7.8 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46465 | WordPress Print Science Designer plugin <= 1.3.155 - CSRF to Stored XSS vulnerability |
| CVE-2025-46466 | WordPress Modern Polls plugin <= 1.0.10 - CSRF to Stored XSS vulnerability |
| CVE-2025-47466 | WordPress Ultimate WP Mail <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47468 | WordPress Hash Form <= 1.2.8 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47470 | WordPress GPT3 AI Content Writer plugin <= 1.9.14 - Cross Site Request Forgery (CSRF) to Prompt Generation vulnerability |
| CVE-2025-47473 | WordPress PW WooCommerce Bulk Edit <= 2.134 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47491 | WordPress Contact Form Widget <= 1.4.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47514 | WordPress ELI's Related Posts Footer Links and Widget plugin <= 1.2.04.20 - Cross Site Request Forgery (CSRF) to Stored XSS v... |
| CVE-2025-47517 | WordPress Accept Donations with PayPal plugin <= 1.4.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-47519 | WordPress Easy PayPal Events <= 1.2.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47523 | WordPress Seznam Webmaster <= 1.4.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47533 | WordPress Graphina plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) to Local File Inclusion vulnerability |
| CVE-2025-47542 | WordPress Simple calendar for Elementor <= 1.6.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47543 | WordPress TrueBooker <= 1.0.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47546 | WordPress WP Compress <= 6.30.30 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47551 | WordPress Wiki Embed plugin <= 1.4.6 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-47674 | WordPress Credova_Financial <= 2.5.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47681 | WordPress Web Accessibility with Max Access <= 2.0.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47684 | WordPress Smaily for WP <= 3.1.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47685 | WordPress Contribuinte Checkout plugin <= 2.0.02 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-47701 | Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047 |
| CVE-2025-47708 | Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054 |
| CVE-2025-48233 | WordPress Affiliates Manager Google reCAPTCHA Integration plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) to Stored XSS v... |
| CVE-2025-48238 | WordPress AWcode Toolkit plugin <= 1.0.18 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48243 | WordPress reCAPTCHA for all <= 2.26 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48255 | WordPress Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP <= 6.2.4 - Cross Site Request Forgery (CSRF) Vulner... |
| CVE-2025-48259 | WordPress WP Mapa Politico España plugin <= 3.8.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-48264 | WordPress Product Code for WooCommerce plugin <= 1.5.0 - CSRF to Database Update vulnerability |
| CVE-2025-48265 | WordPress Year Make Model Search for WooCommerce plugin <= 1.0.11 - Cross Site Request Forgery (CSRF) to Settings Change vuln... |
| CVE-2025-48284 | WordPress Japanized For WooCommerce <= 2.6.40 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48285 | WordPress Falang multilanguage <= 1.3.61 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48483 | FreeScout Stored XSS leads to CSRF |
| CVE-2025-48497 | Cross-site request forgery vulnerability exists in iroha Board versions v0.10.12 and earlier. If a user accesses a specially... |
| CVE-2025-48740 | A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 befor... |
| CVE-2025-4887 | SourceCodester Online Student Clearance System cross-site request forgery |
| CVE-2025-48885 | application-urlshortener users can create arbitrary pages as long as they have view access to them |
| CVE-2025-48921 | Open Social - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-079 |
| CVE-2025-48991 | Tuleap missing CSRF protection on tracker canned responses administration |
| CVE-2025-49040 | WordPress Backup Bolt plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-49044 | WordPress Simple Poll plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-49069 | WordPress Contact Forms by Cimatti plugin <= 1.9.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-49077 | WordPress Dynamic Pricing and Discount Rules plugin <= 2.2.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-49237 | WordPress POEditor plugin <= 0.9.10 - CSRF to Arbitrary File Deletion vulnerability |
| CVE-2025-49238 | WordPress Everest Backup <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49239 | WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.5.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49269 | WordPress Market Exporter <= 2.0.22 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49273 | WordPress WP Tools <= 5.24 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49283 | WordPress Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant <= 4.1.1 - Cross Site Request Forgery (CSRF)... |
| CVE-2025-49284 | WordPress WP Maintenance Mode & Site Under Construction <= 4.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49285 | WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 3.8.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49286 | WordPress WP Table Builder <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49291 | WordPress Calculated Fields Form <= 5.3.58 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49317 | WordPress WP Page Loading <= 1.0.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49332 | WordPress WP Time Slots Booking Form <= 1.2.30 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49341 | WordPress PDF Creator Lite plugin <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-49347 | WordPress WP sIFR plugin <= 0.6.8.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-49351 | WordPress Create Posts & Terms plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-49373 | WordPress Evergreen Content Poster plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-49381 | WordPress ads.txt Guru Connect Plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49382 | WordPress JobZilla - Job Board WordPress Theme Theme <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49391 | WordPress Sign-up Sheets Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49399 | WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49425 | WordPress Konami Easter Egg <= v0.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49426 | WordPress Cookie Warning plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-49435 | WordPress Wp Easy Allopass <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49439 | WordPress Atelier Create CV plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-49440 | WordPress WP Security Master <= 1.0.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49445 | WordPress Interactive UK Regional Map plugin <= 2.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-49446 | WordPress Admin Notes <=1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49449 | WordPress Interactive Regional Map of Africa <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49453 | WordPress BP Profile as Homepage plugin <= 1.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-49462 | Zoom Clients - Cross-site Scripting |
| CVE-2025-49510 | WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.1.0 - Cross Site Request Forgery (CSRF) vulnerabil... |
| CVE-2025-32276 | WordPress Administrator Z plugin <= 2025.03.04 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32278 | WordPress Table Block by RioVizual plugin <= 2.1.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32280 | WordPress WP Project Manager plugin <= 2.6.22 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-32282 | WordPress ShareThis Dashboard for Google Analytics plugin <= 3.2.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-32310 | WordPress QuickCal plugin <= 1.0.13 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-3635 | Moodle: csrf risk in moodle user tours manager allows tour duplication |
| CVE-2025-3638 | Moodle: csrf risk in brickfield tool's analysis request action |
| CVE-2025-36513 | Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd.. If a user views a crafte... |
| CVE-2025-36576 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high priv... |
| CVE-2025-36728 | SimpleHelp Cross Site Request Forgery |
| CVE-2025-3687 | misstt123 oasys Sticky Notes cross-site request forgery |
| CVE-2025-39351 | WordPress Grand Restaurant WordPress theme <= 7.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39371 | WordPress Author Box Plugin With Different Description plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39374 | WordPress Best Posts Summary plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-39375 | WordPress Easy Child Theme Creator plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39381 | WordPress KiotViet Sync plugin <= 1.8.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-39414 | WordPress spam-stopper plugin <= 3.1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-39415 | WordPress Social Media Links plugin <= 1.0.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-39416 | WordPress translit it! plugin <= 1.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-39417 | WordPress Redirect wordpress to welcome or landing page plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-39418 | WordPress RSS Manager plugin <= 0.06 - CSRF to Stored XSS vulnerability |
| CVE-2025-39419 | WordPress Revision Diet plugin <= 1.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-39421 | WordPress WP Sticky Side Buttons plugin <= 2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39422 | WordPress WP Social Bookmarking plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39423 | WordPress Add to Header plugin <= 1.0 - CSRF to XSS vulnerability |
| CVE-2025-39424 | WordPress Simple Maps plugin <= 0.98 - CSRF to XSS vulnerability |
| CVE-2025-39425 | WordPress Style Manager plugin <= 2.2.7 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-39426 | WordPress illow – Cookies Consent plugin <= 0.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39430 | WordPress mLanguage plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39431 | WordPress Amazon Showcase WordPress Plugin plugin <= 2.2 - CSRF to XSS vulnerability |
| CVE-2025-39433 | WordPress Bknewsticker plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39435 | WordPress My Marginalia plugin <= 1.0.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-3997 | dazhouda lecms Personal Information Page index.php cross-site request forgery |
| CVE-2025-41661 | Weidmueller: Security routers IE-SR-2TX are affected by CSRF |
| CVE-2025-4188 | Advanced Reorder Image Text Slider <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-4189 | Audio Comments Plugin <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-4194 | AlT Monitoring <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-4198 | Alink Tap <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-4199 | Abundatrade Plugin <= 1.8.02 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-43809 | Cross-Site Request Forgery (CSRF) vulnerability in the server (license) registration page in Liferay Portal 7.4.0 through 7.4... |
| CVE-2025-43835 | WordPress wp-cyr-cho plugin <= 0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-43840 | WordPress CheckBot plugin <= 1.05 - CSRF to Stored XSS vulnerability |
| CVE-2025-46492 | WordPress Call Now PHT Blog plugin <= 2.4.1 - CSRF to XSS vulnerability |
| CVE-2025-46495 | WordPress Drop Caps plugin <= 2.1 - CSRF to XSS vulnerability |
| CVE-2025-46497 | WordPress Navegg Analytics plugin <= 3.3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-46498 | WordPress Zalo Official Live Chat <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46504 | WordPress Vasaio QR Code plugin <= 1.2.5 - CSRF to XSS vulnerability |
| CVE-2025-46506 | WordPress WpZon – Amazon Affiliate Plugin plugin <= 1.3 - CSRF to XSS vulnerability |
| CVE-2025-46507 | WordPress Unsafe Mimetypes plugin <= 0.1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-46508 | WordPress Advanced lazy load plugin <= 1.6.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-46510 | WordPress Contact Form 7 Calendar plugin <= 3.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-4337 | AHAthat Plugin <= 1.6 - Cross-Site Request Forgery to AHA Page Deletion |
| CVE-2025-43745 | A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 throug... |
| CVE-2025-43748 | Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.... |
| CVE-2025-4375 | Cross-Site Request Forgery vulnerability in Pro Cloud Server's WebEA |
| CVE-2025-4580 | File Provider <= 1.2.3 - Item Deletion via CSRF |
| CVE-2025-4592 | AI Image Lab – Free AI Image Generator <= 1.0.6 - Cross-Site Request Forgery to API Key Update |
| CVE-2025-46231 | WordPress affiliate-toolkit <= 3.7.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46241 | WordPress Appointment Booking Calendar plugin <= 1.3.92 - CSRF to SQL Injection vulnerability |
| CVE-2025-46243 | WordPress Recover abandoned cart for WooCommerce <= 2.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46245 | WordPress CM Ad Changer <= 2.0.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46246 | WordPress CM Answers <= 3.3.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46249 | WordPress Simple calendar for Elementor <= 1.6.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46251 | WordPress VikRestaurants Table Reservations and Take-Away plugin <= 1.3.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-46257 | WordPress Element Pack Pro Plugin < 8.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-46721 | nosurf vulnerable to CSRF due to non-functional same-origin request checks |
| CVE-2025-46743 | Cross-Site Request Forgery |
| CVE-2025-47410 | Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on t... |
| CVE-2025-47446 | WordPress Listamester <= 2.3.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47447 | WordPress Cool Author Box <= 3.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47448 | WordPress WP Hotel Booking <= 2.1.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47451 | WordPress Product Quantity Dropdown For Woocommerce plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vuln... |
| CVE-2025-47459 | WordPress WP Fundraising Donation and Crowdfunding Platform <= 1.7.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47462 | WordPress Challan plugin <= 3.7.58 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-47583 | WordPress Salon booking system plugin <= 10.16 - CSRF to Arbitrary Content Deletion vulnerability |
| CVE-2025-47590 | WordPress WPSpeed <= 2.6.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47594 | WordPress Soccer Live Scores <= 1.0.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47596 | WordPress Beacon Lead Magnets and Lead Capture <= 1.5.8 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47597 | WordPress WP Podcasts Manager <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47606 | WordPress Simple Giveaways <= 2.48.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47609 | WordPress EasyMe Connect <= 3.0.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47614 | WordPress LessButtons Social Sharing and Statistics plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) to Settings Change vu... |
| CVE-2025-47620 | WordPress Martins Free Monetized Ad Exchange Network plugin <= 1.0.5 - CSRF to XSS vulnerability |
| CVE-2025-47624 | WordPress DoFollow Case by Case <= 3.5.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47633 | WordPress Awin – Advertiser Tracking for WooCommerce plugin <= 2.0.0 - CSRF to Product Feed Regeneration vulnerability |
| CVE-2025-47639 | WordPress Supertext Translation and Proofreading plugin <= 4.25 - CSRF to Stored XSS vulnerability |
| CVE-2025-47647 | WordPress Sidebar Manager Light <= 1.18 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47648 | WordPress Pays – WooCommerce Payment Gateway <= 2.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47655 | WordPress theMarketer plugin <= 1.4.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-47661 | WordPress 워드프레스 결제 심플페이 <= 5.2.11 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-47667 | WordPress LiveAgent <= 4.4.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48077 | WordPress Block Country plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48078 | WordPress Slick Google Map plugin <= 0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48083 | WordPress wpNamedUsers plugin <= 0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48085 | WordPress Simple Stripe plugin <= 0.9.17 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48099 | WordPress Search & Filter plugin <= 1.2.17 - Cross Site Request Forgery (CSRF) to Open Redirect vulnerability |
| CVE-2025-48104 | WordPress Floating Window Music Player plugin <= 3.4.2 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48109 | WordPress XM-Backup plugin <= 0.9.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-48111 | WordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-48114 | WordPress ShayanWeb Admin FontChanger plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48115 | WordPress ValidateCertify <= 1.6.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48144 | WordPress Import Export For WooCommerce plugin <= 1.6.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-48146 | WordPress SEO Flow by LupsOnline plugin <= 2.2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-48153 | WordPress Import CDN-Remote Images plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48303 | WordPress Post Type Converter plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-48304 | WordPress Google XML News Sitemap plugin plugin <= 0.02 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48306 | WordPress Savyour Affiliate Partner plugin <= 2.1.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-48307 | WordPress SEO For Images plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48308 | WordPress Newsletter subscription optin module plugin <= 1.2.9 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilit... |
| CVE-2025-48309 | WordPress BetPress plugin <= 1.0.1 Lite - CSRF to Stored XSS vulnerability |
| CVE-2025-48310 | WordPress Table Editor plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-48311 | WordPress Invisible Optin plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48318 | WordPress 多说社会化评论框 plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-48320 | WordPress 百度分享按钮 plugin <= 1.0.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-48321 | WordPress Ultimate twitter profile widget plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-48325 | WordPress WP Admin Theme plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48328 | WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) to Settings Change vulne... |
| CVE-2025-48340 | WordPress User Profile Meta Manager plugin <= 1.02 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-48342 | WordPress Dynamic Pricing & Discounts Lite for WooCommerce <= 2.0.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48343 | WordPress WPMU Ldap Authentication plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-49511 | WordPress Civi Framework plugin <= 2.1.6 - Cross Site Request Forgery (CSRF) to User Deactivation vulnerability |
| CVE-2025-49555 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) |
| CVE-2025-4966 | WP Online Users Stats <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via hk_dataset_results Function |
| CVE-2025-49856 | WordPress Responsive Plus plugin <= 3.2.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-49865 | WordPress Advanced Settings plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49895 | WordPress ServerBuddy by PluginBuddy.com plugin <= 1.0.5 - CSRF to PHP Object Injection vulnerability |
| CVE-2025-49896 | WordPress WP Discord Post Plus – Supports Unlimited Channels plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerabili... |
| CVE-2025-49964 | WordPress ClipLink plugin <= 1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49965 | WordPress PixelBeds Channel Manager and Hotel Booking Engine plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49966 | WordPress Oganro Travel Portal Search Widget for HotelBeds APITUDE API plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vuln... |
| CVE-2025-49967 | WordPress Live Sports Streamthunder plugin <= 2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49968 | WordPress XML Travel Portal Widget plugin <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49972 | WordPress TM Replace Howdy plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49975 | WordPress JobWP plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49977 | WordPress WP Inventory Manager plugin <= 2.3.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-50036 | WordPress Mailing Group Listserv plugin <= 3.0.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-50044 | WordPress Real Estate Manager plugin <= 7.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-50179 | Tuleap missing CSRF protection on tracker reports manipulation |
| CVE-2025-5019 | Hive Support <= 1.2.4 - Cross-Site Request Forgery via hs_update_ai_chat_settings Function |
| CVE-2025-5033 | XiaoBingby TeaCMS addUser cross-site request forgery |
| CVE-2025-5132 | Tmall Demo logout cross-site request forgery |
| CVE-2025-5142 | Simple Page Access Restriction <= 1.0.31 - Cross-Site Request Forgery via Multiple Parameters |
| CVE-2025-52711 | WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Cross Site Request Forgery (CSRF... |
| CVE-2025-52765 | WordPress NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52767 | WordPress NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52769 | WordPress flexo-social-gallery Plugin <= 1.0006 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52772 | WordPress Virtual Moderator plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52780 | WordPress Logo Manager For Samandehi plugin <= 0.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52781 | WordPress TinyNav plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52783 | WordPress Change Cart button Colors WooCommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52784 | WordPress Bluff Post plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52789 | WordPress Lewe ChordPress plugin <= 3.9.7 - Cross Site Request Forgery (CSRF) to Stored XSS Vulnerability |
| CVE-2025-52790 | WordPress WP-DownloadCounter plugin <= 1.01 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52791 | WordPress Knowledge Base – Knowledge Base Maker plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52792 | WordPress WP User Stylesheet Switcher plugin <= v2.2.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52793 | WordPress Esselink.nu Settings plugin <= 2.94 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52794 | WordPress Creative Contact Form plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52795 | WordPress WP Front User Submit / Front Editor plugin <= 4.9.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52797 | WordPress StoryMap Plugin <= 2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52825 | WordPress Real Estate Manager plugin <= 7.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52841 | Laundry 2.3.0 - Account Takeover via CSRF |
| CVE-2025-53262 | WordPress Writesonic plugin <= 1.0.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53263 | WordPress Address Autocomplete via Google for Gravity Forms plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53264 | WordPress ONet Regenerate Thumbnails plugin <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53265 | WordPress Virusdie plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53267 | WordPress Hide Admin Bar From Front End plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53268 | WordPress Import external attachments plugin <= 1.5.12 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53269 | WordPress My Wp Brand plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53270 | WordPress CTA plugin <= 1.6.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53271 | WordPress Additional Order Filters for WooCommerce plugin <= 1.22 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53272 | WordPress Image Cleanup plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53273 | WordPress Slickstream plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53274 | WordPress WP Permalink Translator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53277 | WordPress IS-theme-companion plugin <= 1.57 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53305 | WordPress WP Forum Server plugin <= 1.8.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53308 | WordPress Image Slider With Description plugin <= 9.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53310 | WordPress HidePost plugin <= 2.3.8 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53311 | WordPress Navayan Subscribe plugin <= 1.13 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53312 | WordPress OnionBuzz plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53313 | WordPress Twitch TV Embed Suite plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53314 | WordPress WP Optimizer plugin <= 2.3.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53315 | WordPress Relocate Upload plugin <= 0.24.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53316 | WordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53317 | WordPress WPShapere Lite plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53327 | WordPress Aioseo Multibyte Descriptions plugin <= 0.0.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46512 | WordPress Custom Functions Plugin plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-46513 | WordPress All in One Time Clock Lite <= 1.3.324 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46514 | WordPress Milat jQuery Automatic Popup plugin <= 1.3.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-46516 | WordPress Twitter Card Generator plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-46520 | WordPress Related Posts via Taxonomies plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-46522 | WordPress Tabs plugin <= 4.0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-46524 | WordPress WP Filter Post Category plugin <= 2.1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-46528 | WordPress Availability Calendar <= 0.2.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46530 | WordPress Hacklog Remote Attachment <= 1.3.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46547 | In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attack... |
| CVE-2025-5185 | Summer Pearl Group Vacation Rental Management Platform cross-site request forgery |
| CVE-2025-52463 | Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earlier. If this vulnerability... |
| CVE-2025-53095 | Sunshine application-wide CSRF in the UI leads to command injection as Administrator |
| CVE-2025-53193 | WordPress Burst Statistics plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53197 | WordPress Cookiebot plugin <= 4.5.8 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53203 | WordPress WooCommerce PDF Invoice Builder plugin <= 1.2.148 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53219 | WordPress WP-Database-Optimizer-Tools Plugin <= 0.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53249 | WordPress Build App Online Plugin <= 1.0.23 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53254 | WordPress Cyrlitera plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53261 | WordPress WP YouTube Live plugin <= 1.10.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53451 | WordPress Mihdan: No External Links Plugin <= 5.1.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53456 | WordPress SEO Backlink Monitor Plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53483 | SecurePoll: Multiple admin actions vulnerable to Cross-Site Request Forgery |
| CVE-2025-53540 | CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution |
| CVE-2025-53568 | WordPress Radio Station plugin <= 2.5.12 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53569 | WordPress Trust Payments Gateway for WooCommerce (JavaScript Library) plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) Vul... |
| CVE-2025-53587 | WordPress Findgo Theme <= 1.3.57 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53897 | Kiteworks MFT has a Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2025-54010 | WordPress FluentSnippets plugin <= 10.50 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54020 | WordPress AntiSpam for Contact Form 7 plugin <= 0.6.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54022 | WordPress Coupon Affiliates plugin <= 6.4.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54030 | WordPress WooCommerce Google Sheet Connector plugin <= 1.3.20 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54033 | WordPress Theme Builder For Elementor plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54035 | WordPress Newsletters plugin <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54036 | WordPress Webba Booking plugin <= 5.1.20 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54038 | WordPress Restaurant Menu by MotoPress plugin <= 2.4.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54039 | WordPress Animator plugin <= 3.0.16 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54041 | WordPress Wallet System for WooCommerce plugin <= 2.6.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54042 | WordPress WP Post Hide plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54052 | WordPress Realtyna Organic IDX plugin <= 5.0.0 - Local File Inclusion Vulnerability |
| CVE-2025-54541 | Cross-Site Request Forgery in QuickCMS |
| CVE-2025-54702 | WordPress Ebook Store Plugin plugin <= 5.8013 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54703 | WordPress Integrate Google Drive Plugin plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54728 | WordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54732 | WordPress WPDM – Premium Packages Plugin <= 6.0.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54782 | @nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers |
| CVE-2025-55147 | CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R... |
| CVE-2025-5521 | WuKongOpenSource WukongCRM updataPassword cross-site request forgery |
| CVE-2025-5732 | code-projects Traffic Offense Reporting System cross-site request forgery |
| CVE-2025-57960 | WordPress Travel Map Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57970 | WordPress SALESmanago Plugin <= 3.8.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57977 | WordPress Flexible PDF Invoices for WooCommerce & WordPress Plugin <= 6.0.13 - Cross Site Request Forgery (CSRF) Vulnerabilit... |
| CVE-2025-57978 | WordPress Advanced Appointment Booking & Scheduling Plugin <= 1.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57983 | WordPress BP Disable Activation Reloaded Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57992 | WordPress Mail Baby SMTP Plugin <= 2.8 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58010 | WordPress SV Proven Expert Plugin <= 2.0.06 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58013 | WordPress CouponXxL Theme <= 4.5.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58014 | WordPress Quiz Maker Plugin <= 6.7.0.61 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58032 | WordPress WP Compiler Plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58831 | WordPress Parallax Scrolling Enllax.js Plugin <= 0.0.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58833 | WordPress Invelity MyGLS connect Plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58843 | WordPress Auto Last Youtube Video Plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58844 | WordPress Database to Excel Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58845 | WordPress Bulk Watermark Plugin <= 1.6.10 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58846 | WordPress WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule Plugin <= 2020.1.0 -... |
| CVE-2025-58847 | WordPress WN Flipbox Pro Plugin <= 2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58848 | WordPress WP likes Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58849 | WordPress Hide Real Download Path Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-5885 | Konica Minolta bizhub cross-site request forgery |
| CVE-2025-58852 | WordPress MSTW League Manager Plugin <= 2.10 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58853 | WordPress Popping Sidebars and Widgets Light Plugin <= 1.27 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58854 | WordPress Ultimate AJAX Login Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58856 | WordPress Woocommerce Notify Updated Product Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58859 | WordPress Add to Feedly Plugin <= 1.2.11 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58860 | WordPress Enable Latex Plugin <= 1.2.16 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58861 | WordPress Quick Event Calendar Plugin <= 1.4.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58865 | WordPress Compact Admin Plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58869 | WordPress SimaCookie Plugin <= 1.3.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58878 | WordPress Woocommerce Gifts Product Plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-5888 | jsnjfz WebStack-Guns cross-site request forgery |
| CVE-2025-58914 | WordPress Di Themes Demo Site Importer plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Plugin Activation vulnerability |
| CVE-2025-58918 | WordPress Entrada theme <= 5.7.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-5924 | WP Firebase Push Notification <= 1.2.0 - Cross-Site Request Forgery to Broadcast Notification |
| CVE-2025-5925 | Bunny’s Print CSS <= 0.95 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-5926 | Link Shield <= 0.5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-5928 | WP Sliding Login/Dashboard Panel <= 2.1.1 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-5930 | WP2HTML <= 1.0.2 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-5932 | Homerunner <= 1.0.29 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-5933 | RD Contacto <= 1.4 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-59845 | Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass |
| CVE-2025-5988 | Aap-gateway: csrf origin checking is disabled |
| CVE-2025-59949 | FreshRSS has Logout CSRF that Leads to DoS via <track src> |
| CVE-2025-60168 | WordPress HotelRunner Booking Widget Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60169 | WordPress W3SCloud Contact Form 7 to Zoho CRM Plugin <= 3.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60170 | WordPress HTACCESS IP Blocker Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48344 | WordPress Rootspersona <= 3.7.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48351 | WordPress Kento Splash Screen plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48353 | WordPress Clickbank WordPress Plugin (Niche Storefront) plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) to Stored XSS vul... |
| CVE-2025-48357 | WordPress Century ToolKit plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Activation vulnerability |
| CVE-2025-48359 | WordPress ATT YouTube Widget plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48362 | WordPress Hesabfa Accounting plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-48363 | WordPress Popup for CF7 with Sweet Alert plugin <= 1.6.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-5410 | Mist Community Edition middleware.py session_start_response cross-site request forgery |
| CVE-2025-54174 | Cross-Site Request Forgery in QuickCMS |
| CVE-2025-54256 | Dreamweaver Desktop | Cross-Site Request Forgery (CSRF) (CWE-352) |
| CVE-2025-54286 | CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI |
| CVE-2025-54671 | WordPress oik Plugin plugin <= 4.15.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54672 | WordPress Photo Engine Plugin plugin <= 6.4.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54673 | WordPress Chartify Plugin plugin <= 3.5.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54674 | WordPress Product Configurator for WooCommerce Plugin plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54675 | WordPress YITH WooCommerce Popup Plugin plugin <= 1.48.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54682 | WordPress Connector for Gravity Forms and Google Sheets Plugin plugin <= 1.2.4 - Cross Site Request Forgery (CSRF) Vulnerabil... |
| CVE-2025-54694 | WordPress Button Block Plugin plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-55057 | Multiple CWE-352 Cross-Site Request Forgery (CSRF) |
| CVE-2025-55744 | UnoPim vulnerable to CSRF on Product edit feature and creation of other types |
| CVE-2025-55758 | Extension - jdownloads.com - CSRF vectors in jDownloads component 1.0.0 - 4.0.47 for Joomla |
| CVE-2025-5766 | code-projects Laundry System cross-site request forgery |
| CVE-2025-57885 | WordPress Fluent Support Plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57892 | WordPress Simple Statistics for Feeds Plugin <= 20250322 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57893 | WordPress WP Fast Total Search Plugin <= 1.79.270 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57895 | WordPress JobWP Plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57902 | WordPress RIS Version Switcher – Downgrade or Upgrade WP Versions Easily Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vu... |
| CVE-2025-57905 | WordPress AgreeMe Checkboxes For WooCommerce Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57914 | WordPress Deliver via Shipos for WooCommerce Plugin <= 3.0.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57915 | WordPress TOCHAT.BE Plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57918 | WordPress LinkedInclude Plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57924 | WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57927 | WordPress Dashboard Notepad Plugin <= 1.42 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57930 | WordPress Double the Donation Plugin <= 2.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57931 | WordPress Popup box plugin <= 5.5.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-57933 | WordPress Piotnet Forms Plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57934 | WordPress LWS Affiliation Plugin <= 2.3.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57942 | WordPress Emergency Password Reset Plugin <= 9.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-57946 | WordPress payOS Plugin <= 1.0.61 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58199 | WordPress Fastly Plugin <= 1.2.28 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58200 | WordPress Flexible FAQ Plugin <= 0.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58202 | WordPress Simple Page Access Restriction Plugin <= 1.0.32 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58217 | WordPress Instant Breaking News Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58219 | WordPress Show Pages List Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58224 | WordPress Printeers Print & Ship Plugin <= 1.17.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58236 | WordPress Force Update Translations Plugin <= 0.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58244 | WordPress Constructo Theme <= 4.3.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58250 | WordPress Findgo Theme <= 1.3.55 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58255 | WordPress Custom Post Type Images Plugin <= 0.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58259 | WordPress Nokri Theme <= 1.6.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58261 | WordPress Mavis HTTPS to HTTP Redirection Plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58262 | WordPress Sweet Energy Efficiency Plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58267 | WordPress Stock Message Plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58268 | WordPress WPMK PDF Generator Plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58270 | WordPress NIX Anti-Spam Light Plugin <= 0.0.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58272 | Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a mal... |
| CVE-2025-62061 | WordPress Product Catalog Simple plugin <= 1.8.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62080 | WordPress Live Shopping & Shoppable Videos For WooCommerce plugin <= 2.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62084 | WordPress iNext Woo Pincode Checker plugin <= 2.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62089 | WordPress Mergado Pack plugin <= 4.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62101 | WordPress Pardakht Delkhah plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62102 | WordPress DoFollow Case by Case plugin <= 3.5.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62103 | WordPress Media Library File Download plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62107 | WordPress Feather Login Page plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62112 | WordPress Import into Easy Property Listings plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62113 | WordPress Co-marquage service-public.fr plugin <= 0.5.77 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-53329 | WordPress Społecznościowa 6 PL 2013 plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53331 | WordPress RSS Digest plugin <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53332 | WordPress Track Everything plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53338 | WordPress re.place plugin <= 0.2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53344 | WordPress Thim Core Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53347 | WordPress Kalium Theme plugin <= 3.18.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58430 | listmonk Vulnerable to CSRF to XSS Chain That Can Lead to Admin Account Takeover |
| CVE-2025-58469 | QuLog Center |
| CVE-2025-58576 | Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to... |
| CVE-2025-58611 | WordPress Tickera Plugin <= 3.5.5.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58657 | WordPress Grid Plugin <= 2.3.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58670 | WordPress WP Content Protection Plugin <= 1.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58675 | WordPress Interact: Embed A Quiz On Your Site Plugin <= 3.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58676 | WordPress HORIZONTAL SLIDER Plugin <= 2.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58677 | WordPress ShrinkTheWeb (STW) Website Previews Plugin <= 2.8.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58687 | WordPress Current Age Plugin Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58688 | WordPress Casengo Live Chat Support Plugin <= 2.1.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58690 | WordPress Doliconnect Plugin <= 9.5.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58792 | WordPress Authors List Plugin <= 2.0.6.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58794 | WordPress Notification for Telegram Plugin <= 3.4.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58798 | WordPress BCM Duplicate Menu Plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58799 | WordPress Custom WooCommerce Checkout Fields Editor Plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58800 | WordPress WP Email Template Plugin <= 2.8.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58801 | WordPress Responder Plugin <= 4.3.8 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58802 | WordPress TrustMate.io – WooCommerce integration Plugin <= 1.14.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58804 | WordPress WooCommerce Single Page Checkout Plugin <= 1.2.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58806 | WordPress WordPress Error Monitoring by Bugsnag Plugin <= 1.6.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58807 | WordPress Purge Varnish Cache Plugin <= 2.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58809 | WordPress To Lead For Salesforce Plugin <= 2.7.3.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58818 | WordPress Developer Tools Blocker Plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58939 | WordPress Super Store Finder plugin <= 7.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-58956 | WordPress WP Attractive Donations System Plugin < 1.29 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58975 | WordPress Advanced Settings Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58991 | WordPress WooCommerce Booking Bundle Hours Plugin <= 0.7.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58997 | WordPress Mow Theme <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-58999 | WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Cross Site Request Forgery (CSRF)... |
| CVE-2025-5900 | Tenda AC9 cross-site request forgery |
| CVE-2025-59009 | WordPress Listify theme <= 3.2.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-59110 | Cross-Site Request Forgery in Windu CMS |
| CVE-2025-59112 | Cross-Site Request Forgery in Windu CMS |
| CVE-2025-59114 | Cross-Site Request Forgery in Windu CMS |
| CVE-2025-59130 | WordPress Appointify plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-59131 | WordPress WP-CalDav2ICS plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-59132 | WordPress Duplicate Content Cure plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-59137 | WordPress Behance Portfolio Manager plugin <= 1.7.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-5936 | VR Calendar <= 2.4.7 - Cross-Site Request Forgery to Calendar Sync |
| CVE-2025-5937 | MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet <= 3.2.0 - Cross-Site Request Forgery to Set... |
| CVE-2025-5938 | Digital Marketing and Agency Templates Addons for Elementor <= 1.1.1 - Cross-Site Request Forgery to Import |
| CVE-2025-59428 | EspoCRM allows arbitrary user creation via stored SVG injection and CSRF |
| CVE-2025-59480 | Inadequate validation of SSO redirect credentials permits credential theft |
| CVE-2025-59568 | WordPress Zoho Flow Plugin <= 2.14.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-59572 | WordPress WorkScout-Core Plugin < 1.7.06 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-6001 | VirtueMart - Cross Site Request Forgery (CSRF) |
| CVE-2025-60075 | WordPress hpb seo plugin for WordPress plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-60093 | WordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60111 | WordPress Javo Core Plugin <= 3.0.0.266 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60113 | WordPress Groovy Menu Plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60115 | WordPress Instapage Plugin Plugin <= 3.5.12 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60117 | WordPress Vehica Core Plugin <= 1.0.100 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60132 | WordPress Video Blogster Lite Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60134 | WordPress WP Media Categories Plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60137 | WordPress Post Featured Video Plugin <= 1.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60139 | WordPress Sendle Shipping Plugin <= 6.02 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60145 | WordPress Lenix scss compiler Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60156 | WordPress AR For WordPress Plugin <= 7.98 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60164 | WordPress NewsmanApp Plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-64482 | Tuleap missing CSRF protections in the File Release System |
| CVE-2025-60171 | WordPress Conditional Cart Messages for WooCommerce – YourPlugins.com Plugin <= 1.2.10 - Cross Site Request Forgery (CSRF) Vu... |
| CVE-2025-60172 | WordPress Flytedesk Digital Plugin <= 20181101 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60173 | WordPress GST for WooCommerce Plugin <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60208 | WordPress Advanced Custom Fields : CPT Options Pages plugin <= 2.0.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-6041 | yContributors <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-6053 | Zuppler Online Ordering <= 2.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-6054 | YANewsflash <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-6055 | Zen Sticky Social <= 0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-6059 | Seraphinite Accelerator <= 2.27.21 - Cross-Site Request Forgery to Multiple Administrative Actions |
| CVE-2025-6062 | Yougler Blogger Profile Page <= v1.01 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-6063 | XiSearch bar <= 2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-6064 | WP URL Shortener <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-6105 | jflyfox jfinal_cms HOME.java cross-site request forgery |
| CVE-2025-6106 | WuKongOpenSource WukongCRM AdminRoleController.java cross-site request forgery |
| CVE-2025-61604 | WeGIA: Cross-Site Request Forgery (CSRF) Vulnerability in `control.php` Endpoint |
| CVE-2025-61930 | Emlog Pro has CSRF issue that Enables Admin Password Reset |
| CVE-2025-62005 | WordPress SUMO Memberships for WooCommerce plugin < 7.8.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62009 | WordPress UPC/EAN/GTIN Code Generator plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62245 | Cross-site request forgery (CSRF) vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through... |
| CVE-2025-62258 | CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.... |
| CVE-2025-62346 | HCL Glovius Cloud is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62497 | Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially cra... |
| CVE-2025-62593 | Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack |
| CVE-2025-62933 | WordPress Awesome Testimonials plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62934 | WordPress WP Business Hours plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62945 | WordPress Did Prestashop Display plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62950 | WordPress Contest Gallery plugin <= 28.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62956 | WordPress Reloadly plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62957 | WordPress NikanWP WooCommerce Reporting plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62958 | WordPress Simple Content Templates for Blog Posts & Pages plugin <= 2.2.61 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62962 | WordPress CloudSearch plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62975 | WordPress Raychat plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62986 | WordPress FanBridge signup plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62992 | WordPress Everest Backup plugin <= 2.3.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-63012 | WordPress WP Hotel Booking plugin <= 2.2.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-63014 | WordPress Gmedia Photo Gallery plugin <= 1.24.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-63030 | WordPress New User Approve plugin <= 3.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64201 | WordPress PowerPress Podcasting plugin <= 11.13.12 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64226 | WordPress Stockie Extra plugin <= 1.2.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64237 | WordPress Quick Interest Slider plugin <= 3.1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64239 | WordPress RTL Tester plugin <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64240 | WordPress Freshchat plugin <= 2.3.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64256 | WordPress Simple Folio plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64262 | WordPress Auto Prune Posts plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64271 | WordPress WP Plugin Manager plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64286 | WordPress WP Rentals theme <= 3.13.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64288 | WordPress Premmerce plugin <= 1.3.19 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64290 | WordPress Premmerce Product Search for WooCommerce plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-66061 | WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-66064 | WordPress Giveaways and Contests by RafflePress plugin <= 1.12.20 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-66097 | WordPress I Order Terms plugin <= 1.5.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67465 | WordPress Simple Link Directory plugin <= 8.8.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67467 | WordPress GiveWP plugin <= 4.13.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67469 | WordPress PDF Thumbnail Generator plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67471 | WordPress Quick Contact Form plugin <= 8.2.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67472 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Cross Site Request Forgery (CSRF) vul... |
| CVE-2025-62117 | WordPress EasyIndex plugin <= 1.1.1704 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62120 | WordPress OpenHook plugin <= 4.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62123 | WordPress WP Gmail SMTP plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62133 | WordPress FormFacade plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62134 | WordPress Contact Form Widget plugin <= 1.5.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-6214 | Omnishop <= 1.0.9 - Cross-Site Request Forgery to Arbitrary User Deletion via /users/delete REST Endpoint |
| CVE-2025-62148 | WordPress Robots.txt rewrite plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62190 | CSRF Allows Call Initiation and Message Delivery |
| CVE-2025-62687 | Cross-site request forgery vulnerability exists in LogStare Collector. If a user views a crafted page while logged, unintende... |
| CVE-2025-62733 | WordPress Custom Sidebars by ProteusThemes plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62734 | WordPress Media Library Downloader plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62739 | WordPress Add Custom Codes plugin <= 4.80 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62762 | WordPress SMTP Mail plugin <= 1.3.47 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62771 | Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks. |
| CVE-2025-62797 | CSRF in FluxCP account endpoints allows account takeover / state-changing actions |
| CVE-2025-6284 | PHPGurukul Car Rental Portal cross-site request forgery |
| CVE-2025-62866 | WordPress Auto Alt Text plugin <= 2.5.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62871 | WordPress Just TinyMCE Custom Styles plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62872 | WordPress Social Photo Fetcher plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62873 | WordPress WP Flashy Marketing Automation plugin <= 2.0.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62880 | WordPress Custom 404 Pro plugin <= 3.12.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62886 | WordPress Pricing Table builder plugin <= 1.5.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62890 | WordPress Premmerce Brands for WooCommerce plugin <= 1.2.13 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62891 | WordPress Off-Canvas Sidebars & Menus (Slidebars) plugin <= 0.5.8.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62896 | WordPress Multilang Contact Form plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-63040 | WordPress Post Snippets plugin <= 4.0.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-63060 | WordPress Kallyas theme <= 4.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-6341 | code-projects School Fees Payment System cross-site request forgery |
| CVE-2025-64117 | Tuleap missing CSRF protection in the management of SVN commit rules and immutable tags |
| CVE-2025-64357 | WordPress Advanced Database Cleaner plugin <= 3.1.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64368 | WordPress Bard theme <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-6459 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Cross-Site Request Forgery to PHP Code Injection in bs... |
| CVE-2025-64700 | Cross-site request forgery vulnerability exists in GROWI v7.3.3 and earlier. If a user views a malicious page while logged in... |
| CVE-2025-6476 | SourceCodester Gym Management System cross-site request forgery |
| CVE-2025-64760 | Tuleap has missing CSRF protections in its tracker trigger management system |
| CVE-2025-6478 | CodeAstro Expense Management System cross-site request forgery |
| CVE-2025-65962 | Tuleap has missing CSRF protections its in tracker field dependencies |
| CVE-2025-66629 | HedgeDoc is missing state parameter in OAuth2 flows could lead to CSRF |
| CVE-2025-6664 | CodeAstro Patient Record Management System cross-site request forgery |
| CVE-2025-6670 | Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services |
| CVE-2025-67590 | WordPress Ultimate FAQ plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67591 | WordPress JNews Paywall plugin < 12.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67593 | WordPress UsersWP plugin <= 1.2.48 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67595 | WordPress Quiz Maker plugin <= 6.7.0.82 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67596 | WordPress Business Directory plugin <= 6.4.19 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67598 | WordPress SupportCandy plugin <= 3.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67622 | WordPress Evergreen Post Tweeter plugin <= 1.8.9 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-67625 | WordPress Trade Runner plugin <= 3.14 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67646 | TableProgressTracking's missing CSRF protection allows unauthorized state changes |
| CVE-2025-6781 | Copymatic – AI Content Writer & Generator <= 2.1 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-68529 | WordPress WP Email Capture plugin <= 3.12.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-68567 | WordPress My auctions allegro plugin <= 3.6.32 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-68573 | WordPress Simple Keyword to Link plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-68580 | WordPress Advanced Classifieds & Directory Pro plugin <= 3.2.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-68583 | WordPress Fast User Switching plugin <= 1.4.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-68584 | WordPress Vimeotheque plugin <= 2.3.5.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-68601 | WordPress Five Star Restaurant Reservations plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-6864 | SeaCMS admin_type.php cross-site request forgery |
| CVE-2025-6865 | DaiCuo index cross-site request forgery |
| CVE-2025-68885 | WordPress Custom Post Status plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-7834 | PHPGurukul Complaint Management System cross-site request forgery |
| CVE-2025-7835 | iThoughts Advanced Code Editor <= 1.2.10 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-7839 | Restore Permanently delete Post or Page Data <= 1.0 - Cross-Site Request Forgery |
| CVE-2025-7841 | Sertifier Certificate & Badge Maker for WordPress – Tutor LMS <= 1.19 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-7842 | Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion |
| CVE-2025-8223 | jerryshensjf JPACookieShop 蛋糕商城JPA版 AdminTypeCustController.java cross-site request forgery |
| CVE-2025-8335 | code-projects Simple Car Rental System cross-site request forgery |
| CVE-2025-8383 | Depicter <= 4.0.4 - Cross-Site Request Forgery |
| CVE-2025-8592 | Inspiro <= 2.1.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation |
| CVE-2025-8606 | GSheetConnector For Gravity Forms <= 1.3.23 - Cross-Site Request Forgery to Arbitrary Plugin Activation/Deactivation |
| CVE-2025-8891 | OceanWP <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation |
| CVE-2025-8992 | mtons mblog cross-site request forgery |
| CVE-2025-9213 | TextBuilder 1.0.0 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation via Account Takeover |
| CVE-2025-9616 | PopAd <= 1.0.4 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-9617 | Publish approval <= 1.1 - Cross-Site Request Forgery |
| CVE-2025-9618 | Related Posts Lite <= 1.12 - Cross-Site Request Forgery |
| CVE-2025-9620 | Seo Monster <= 3.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-9621 | WidgetPack Comment System <= 1.6.1 - Cross-Site Request Forgery |
| CVE-2025-9622 | WP Blast | SEO & Performance Booster <= 1.8.6 - Cross-Site Request Forgery to Cache Clearing |
| CVE-2025-9623 | Admin in English with Switch <= 1.1 - Cross-Site Request Forgery |
| CVE-2025-9625 | Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery |
| CVE-2025-9626 | Page Blocks <= 1.1.0 - Cross-Site Request Forgery |
| CVE-2025-9627 | Run Log <= 1.7.10 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-9628 | The integration of the AMO.CRM <= 1.0.1 - Cross-Site Request Forgery |
| CVE-2025-9629 | USS Upyun <= 1.5.0 - Cross-Site Request Forgery |
| CVE-2025-9630 | WP SinoType <= 1.0 - Cross-Site Request Forgery |
| CVE-2025-9631 | AutoCatSet <= 2.1.4 - Cross-Site Request Forgery |
| CVE-2025-9632 | PhpList Subber <= 1.1 - Cross-Site Request Forgery |
| CVE-2025-9633 | LH Signing <= 2.83 - Cross-Site Request Forgery |
| CVE-2025-9634 | Plugin updates blocker <= 0.2 - Cross-Site Request Forgery |
| CVE-2025-9635 | Analytics Reduce Bounce Rate <= 2.3 - Cross-Site Request Forgery |
| CVE-2025-9747 | Koillection csrf_protection_controller.js cross-site request forgery |
| CVE-2026-1051 | Newsletter – Send awesome emails from WordPress <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription |
| CVE-2026-21430 | Emlog: CSRF chained with stored XSS leads to ATO |
| CVE-2026-22030 | React Router has CSRF issue in Action/Server Action Request Processing |
| CVE-2026-22800 | PILOS affected by a CSRF via GET request allows unintentional termination of all active video conferences |
| CVE-2026-23622 | CSRF Protection Bypass: Sensitive endpoints accept GET requests, enabling admin account takeover |
| CVE-2025-64498 | Tuleap has a Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64499 | Tuleap is missing CSRF protections for its planning management API |
| CVE-2025-65027 | RomM Chained XSS and CSRF Vulnerabilities Enable Admin Account Takeover |
| CVE-2025-65107 | Langfuse SSO Account Takeover via CSRF or phishing attack |
| CVE-2025-66407 | Weblate has Server-Side Request Forgery vulnerability |
| CVE-2025-66529 | WordPress Chartify plugin <= 3.6.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-66531 | WordPress Salon booking system plugin <= 10.30.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-6790 | QSM < 10.2.3 - Template Creation via CSRF |
| CVE-2025-68082 | WordPress Semrush Content Toolkit plugin <= 1.1.32 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-68083 | WordPress Meks Quick Plugin Disabler plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-68158 | Authlib: 1-click Account Takeover |
| CVE-2025-68434 | opensourcepos has Cross-Site Request Forgery vulnerability that leads to Unauthorized Administrator Creation |
| CVE-2025-68481 | FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO |
| CVE-2025-7052 | LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function |
| CVE-2025-7078 | 07FLYCMS/07FLY-CMS/07FlyCRM cross-site request forgery |
| CVE-2025-7202 | Cross-Site Request Forgery (CSRF) allowed remote control of Elgato Key Lights |
| CVE-2025-7756 | code-projects E-Commerce Site cross-site request forgery |
| CVE-2025-7812 | Video Share VOD – Turnkey Video Site Builder Script <= 2.7.6 - Cross-Site Request Forgery to Command Injection |
| CVE-2025-7965 | CBX Restaurant Booking <= 1.2.1 - Plugin Reset via CSRF |
| CVE-2025-8479 | Zoho Flow <= 2.14.1 - Cross-Site Request Forgery |
| CVE-2025-8481 | Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid <= 1.1.7 - Cross-Site Request Forgery |
| CVE-2025-8491 | Easy restaurant menu manager <= 2.0.2 - Cross-Site Request Forgery to Menu Upload |
| CVE-2025-8505 | 495300897 wx-shop cross-site request forgery |
| CVE-2025-8814 | atjiu pybbs CookieUtil.java setCookie cross-site request forgery |
| CVE-2025-9374 | Ultimate Tag Warrior Importer <= 0.2 - Cross-Site Request Forgery |
| CVE-2025-9944 | Professional Contact Form <= 1.0.0 - Cross-Site Request Forgery to Test Email Sending |
| CVE-2025-9945 | Optimize More! – CSS <= 1.0.3 - Cross-Site Request Forgery to Plugin Settings Reset |
| CVE-2025-9946 | LockerPress – WordPress Security Plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-9948 | Chat by Chatwee <= 2.1.3 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-9949 | Internal Links Manager <= 3.0.1 - Cross-Site Request Forgery |
| CVE-2026-0493 | Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (Intercompany Balance Reconciliation) |
| CVE-2026-1142 | PHPGurukul News Portal cross-site request forgery |
| CVE-2026-1148 | SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System cross-site request forgery |
| CVE-2026-1153 | technical-laohu mpay cross-site request forgery |
| CVE-2026-1169 | birkir prime cross-site request forgery |
| CVE-2026-22194 | GestSup <= 3.2.56 CSRF Allows Privileged Actions |
| CVE-2025-67473 | WordPress CWW Companion plugin <= 1.3.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67534 | WordPress Rencontre plugin <= 3.13.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-68998 | WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-69021 | WordPress Popup box plugin <= 6.0.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-7133 | CodeAstro Online Movie Ticket Booking System cross-site request forgery |
| CVE-2025-7330 | Rockwell Automation 1783-NATR Cross-Site Request Forgery Vulnerability |
| CVE-2025-7369 | Shortcodes Ultimate <= 7.4.2 - Cross-Site Request Forgery to Arbitrary Shortcode Execution |
| CVE-2025-7379 | A security bypass vulnerability was found in DataSync Center installed on ADM |
| CVE-2025-7667 | Restrict File Access <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion |
| CVE-2025-7668 | Linux Promotional Plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7669 | Avishi WP PayPal Payment Button <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7683 | LatestCheckins <= 1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7684 | Last.fm Recent Album Artwork <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7685 | Like & Share My Site <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7686 | weichuncai(WP伪春菜) <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7687 | Latest Post Accordian Slider <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7688 | Add User Meta <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7690 | Affiliate Plus <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-8102 | Easy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_... |
| CVE-2025-8103 | WPeMatico RSS Feed Fetcher <= 2.8.7 - Cross-Site Request Forgery to Plugin Deactivation via handle_feedback_submission Functi... |
| CVE-2025-8104 | Memory Usage <= 3.98 - Cross-Site Request Forgery to Limited Plugin Installation via wpmemory_install_plugin Function |
| CVE-2025-8119 | Cross-Site Request Forgery in PAD CMS |
| CVE-2025-8669 | Customify <= 0.4.11 - Cross-Site Request Forgery |
| CVE-2025-8711 | CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R... |
| CVE-2025-8739 | zhenfeng13 My-Blog save cross-site request forgery |
| CVE-2025-9880 | Side Slide Responsive Menu <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-9881 | Ultimate Blogroll <= 2.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-9882 | osTicket WP Bridge <= 1.9.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-9883 | Browser Sniff <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-9884 | Mobile Site Redirect <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-9885 | MPWizard – Create Mercado Pago Payment Links <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion |
| CVE-2025-9886 | Trinity Audio <= 5.20.2 - Cross-Site Request Forgery |
| CVE-2025-9887 | Custom Login And Signup Widget <= 1.0 - Cross-Site Request Forgery |
| CVE-2025-9888 | Maspik <= 2.5.6 - Cross-Site Request Forgery |
| CVE-2025-9889 | ContentMX Content Publisher <= 1.0.6 - Cross-Site Request Forgery |
| CVE-2025-9890 | Theme Editor <= 3.0 - Cross-Site Request Forgery to Remote Code Execution |
| CVE-2025-9891 | User Sync – Remote User Sync <= 1.0.2 - Cross-Site Request Forgery to Plugin Deactivation |
| CVE-2025-9892 | Restrict User Registration <= 1.0.1 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-9893 | VM Menu Reorder plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-9894 | Sync Feedly <= 1.0.1 - Cross-Site Request Forgery to Sync Trigger |
| CVE-2025-9895 | Notification Bar <= 2.2 - Cross-Site Request Forgery |
| CVE-2025-9896 | HidePost <= 2.3.8 - Cross-Site Request Forgery |
| CVE-2025-9897 | AP Background <= 3.8.2 - Cross-Site Request Forgery |
| CVE-2025-9898 | cForms – Light speed fast Form Builder <= 3.0.0 - Cross-Site Request Forgery |
| CVE-2025-9899 | Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms <= 1.0 - Cross-Site Request Forgery |
| CVE-2026-23950 | node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS |
| CVE-2022-30705 | WordPress WordPress Ping Optimizer Plugin <= 2.35.1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-3082 | miniOrange Discord Integration < 2.1.6 - Subscriber+ App Disabling |
| CVE-2022-3097 | LBStopAttack < 1.1.3 - Arbitrary Settings Update via CSRF |
| CVE-2022-3098 | Login Block IPs <= 1.0.0 - Arbitrary Setting Update via CSRF |
| CVE-2022-31000 | CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend |
НКЦКИ уязвимости
Бюллетени НКЦКИ - уязвимости ПО
| Идентификатор | Дата бюллетеня | Описание |
|---|---|---|
| VULN:20240209-7 | 09.02.2024 | Подделка запросов на стороне сервера в Expressway Series |
| VULN:20240209-8 | 09.02.2024 | Подделка запросов на стороне сервера в Expressway Series |
| VULN:20240209-9 | 09.02.2024 | Подделка запросов на стороне сервера в Expressway Series |
| VULN:20240503-16 | 03.05.2024 | Межсайтовый скриптинг в Nexus Dashboard |
| VULN:20241111-4 | 11.11.2024 | Межсайтовый скриптинг в File Manager Pro plugin for WordPress |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.