CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
---|---|---|---|---|---|
CVE-2024-52424Cross-Site Request Forgery (CSRF) vulnerability in Suresh Kumar wp-login customizer allows Stored XSS.This issue affects wp-login customizer: from n/a through 1.0. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-52421Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Popup Window Maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through 2.0. | CVSS 7.1 | Wp-buy, et al | - | - | |
CVE-2024-52420Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Disable Admin Notices individually allows Cross Site Request Forgery.This issue affects Disable Admin Notices individually: from n/a through 1.3.5. | CVSS 4.3 | Wordpress | - | - | |
CVE-2024-52415Cross-Site Request Forgery (CSRF) vulnerability in Skpstorm SK WP Settings Backup allows Object Injection.This issue affects SK WP Settings Backup: from n/a through 1.0. | CVSS 8.8 | Wordpress | - | - | |
CVE-2024-52402Cross-Site Request Forgery (CSRF) vulnerability in Cliconomics Exclusive Content Password Protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content Password Protect: from n/a through 1.1.0. | CVSS 9.6 | Wordpress | - | - | |
CVE-2024-52401Cross-Site Request Forgery (CSRF) vulnerability in 荒野无灯 Hacklog DownloadManager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through 2.1.4. | CVSS 9.6 | Wordpress | - | - | |
CVE-2024-52392Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.25. | CVSS 6.3 | - | - | ||
CVE-2024-52388Cross-Site Request Forgery (CSRF) vulnerability in Mike “Mikeage” Miller Hebrew Date allows Stored XSS.This issue affects Hebrew Date: from n/a through 2.1.0. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-5203A Cross-site request forgery (CSRF) flaw was found in Keycloak and occurs due to the lack of a unique token sent during the authentication POST request, /login-actions/authenticate. This flaw allows an attacker to craft a malicious login page and trick a legitimate user of an application into authenticating with an attacker-controlled account instead of their own. | CVSS 3.7 | Keycloak | - | - | |
CVE-2024-52002Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS Low | Combodo | - | - | |
CVE-2024-5185The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability due to the absence of a secure session management implementation and weak CORS policies weakness. An attacker can direct a user to a malicious webpage that exploits a CSRF vulnerability within the EmbedAI application. By leveraging this CSRF vulnerability, the attacker can deceive the user into inadvertently uploading and integrating incorrect data into the application’s language model. | CVSS 7.3 | - | - | ||
CVE-2024-51688Cross-Site Request Forgery (CSRF) vulnerability in FraudLabs Pro FraudLabs Pro SMS Verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from n/a through 1.10.1. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51687Cross-Site Request Forgery (CSRF) vulnerability in Platform.Ly Platform.Ly Official allows Stored XSS.This issue affects Platform.Ly Official: from n/a through 1.1.3. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51686Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar, Surender Khokhar Manage User Columns allows Cross Site Request Forgery.This issue affects Manage User Columns: from n/a through 1.0.5. | CVSS 4.3 | Wordpress | - | - | |
CVE-2024-51684Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu W3P SEO allows Stored XSS.This issue affects W3P SEO: from n/a before 1.8.6. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51679Cross-Site Request Forgery (CSRF) vulnerability in GentleSource Appointmind allows Stored XSS.This issue affects Appointmind: from n/a through 4.0.0. | CVSS 6.1 | Wordpress | - | - | |
CVE-2024-51669Cross-Site Request Forgery (CSRF) vulnerability in Vivwebs Dynamic Widgets.This issue affects Dynamic Widgets: from n/a through 1.6.4. | CVSS 4.3 | Qurl | - | - | |
CVE-2024-51659Cross-Site Request Forgery (CSRF) vulnerability in GeekRMX Twitter @Anywhere Plus allows Stored XSS.This issue affects Twitter @Anywhere Plus: from n/a through 2.0. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51658Cross-Site Request Forgery (CSRF) vulnerability in Henrik Hoff WP Course Manager allows Stored XSS.This issue affects WP Course Manager: from n/a through 1.3. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51657Cross-Site Request Forgery (CSRF) vulnerability in Woopy Plugins SmartLink Dynamic URLs allows Stored XSS.This issue affects SmartLink Dynamic URLs: from n/a through 1.1.0. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51656Cross-Site Request Forgery (CSRF) vulnerability in litefeel Flash Show And Hide Box allows Stored XSS.This issue affects Flash Show And Hide Box: from n/a through 1.6. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51655Cross-Site Request Forgery (CSRF) vulnerability in Microkid Custom Author URL allows Stored XSS.This issue affects Custom Author URL: from n/a through 2.0.1. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51654Cross-Site Request Forgery (CSRF) vulnerability in APK.Support APK Downloader allows Stored XSS.This issue affects APK Downloader: from n/a through 1.0.0. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51653Cross-Site Request Forgery (CSRF) vulnerability in Mario Spinaci UPDATE NOTIFICATIONS allows Stored XSS.This issue affects UPDATE NOTIFICATIONS: from n/a through 0.3.4. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51652Cross-Site Request Forgery (CSRF) vulnerability in Prem Nawaz Khan, Victor Tsaran, Ron Feathers, and Marc Kocher Skip To allows Stored XSS.This issue affects Skip To: from n/a through 2.0.0. | CVSS 7.1 | Marc project | - | - | |
CVE-2024-51650Cross-Site Request Forgery (CSRF) vulnerability in Scott @ MyDollarPlan.com Random Featured Post allows Stored XSS.This issue affects Random Featured Post: from n/a through 1.1.3. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51649Cross-Site Request Forgery (CSRF) vulnerability in Patrick Lumumba Mobilize allows Stored XSS.This issue affects Mobilize: from n/a through 3.0.7. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51648Cross-Site Request Forgery (CSRF) vulnerability in Hands, Inc e-shops allows Reflected XSS.This issue affects e-shops: from n/a through 1.0.3. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51647Cross-Site Request Forgery (CSRF) vulnerability in Chaser324 Featured Posts Scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through 1.25. | CVSS 7.1 | Bestwebsoft | - | - | |
CVE-2024-51645Cross-Site Request Forgery (CSRF) vulnerability in Themefuse ThemeFuse Maintenance Mode allows Stored XSS.This issue affects ThemeFuse Maintenance Mode: from n/a through 1.1.3. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51644Cross-Site Request Forgery (CSRF) vulnerability in Sam Wilson Addressbook allows Stored XSS.This issue affects Addressbook: from n/a through 1.1.3. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51643Cross-Site Request Forgery (CSRF) vulnerability in Rajan Agaskar Amazon Associate Filter allows Stored XSS.This issue affects Amazon Associate Filter: from n/a through 0.4. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51642Cross-Site Request Forgery (CSRF) vulnerability in webhostri Seo Free allows Stored XSS.This issue affects Seo Free: from n/a through 1.4. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51641Cross-Site Request Forgery (CSRF) vulnerability in jcmlmorav Advanced PDF Generator allows Stored XSS.This issue affects Advanced PDF Generator: from n/a through 0.4.0. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51640Cross-Site Request Forgery (CSRF) vulnerability in Matt Rude MDR Webmaster Tools allows Stored XSS.This issue affects MDR Webmaster Tools: from n/a through 1.1. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51639Cross-Site Request Forgery (CSRF) vulnerability in Hints Naver Blog allows Stored XSS.This issue affects Naver Blog: from n/a through 1.0. | CVSS 7.1 | Naver | - | - | |
CVE-2024-51638Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Awesome Shortcodes For Genesis allows Stored XSS.This issue affects Awesome Shortcodes For Genesis: from n/a through .8. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51637Cross-Site Request Forgery (CSRF) vulnerability in Scott E. Royalty Admin SMS Alert allows Stored XSS.This issue affects Admin SMS Alert: from n/a through 1.1.0. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51636Cross-Site Request Forgery (CSRF) vulnerability in Z.com by GMO GMO Social Connection allows Cross-Site Scripting (XSS).This issue affects GMO Social Connection: from n/a through 1.2. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51635Cross-Site Request Forgery (CSRF) vulnerability in Garmur While Loading allows Stored XSS.This issue affects While Loading: from n/a through 3.0. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51634Cross-Site Request Forgery (CSRF) vulnerability in Webriti WordPress Themes & Plugins Shop Webriti Custom Login allows Reflected XSS.This issue affects Webriti Custom Login: from n/a through 0.3. | CVSS 7.1 | Wordpress, et al | - | - | |
CVE-2024-51633Cross-Site Request Forgery (CSRF) vulnerability in IvyCat Web Services Simple Page Specific Sidebars allows Stored XSS.This issue affects Simple Page Specific Sidebars: from n/a through 2.14.1. | CVSS 7.1 | Ivycat | - | - | |
CVE-2024-51632Cross-Site Request Forgery (CSRF) vulnerability in Sam Hoe SH Slideshow allows Stored XSS.This issue affects SH Slideshow: from n/a through 4.3. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51631Cross-Site Request Forgery (CSRF) vulnerability in Eftakhairul Islam Sticky Social Bar allows Cross Site Request Forgery.This issue affects Sticky Social Bar: from n/a through 2.0. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51630Cross-Site Request Forgery (CSRF) vulnerability in Lars Schenk Responsive Flickr Gallery allows Stored XSS.This issue affects Responsive Flickr Gallery: from n/a through 1.3.1. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-51489Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS 5.4 | Ampache | Exploit | - | |
CVE-2024-51488Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to delete messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS 5.4 | Ampache | Exploit | - | |
CVE-2024-51487Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS 8.1 | Ampache | Exploit | - | |
CVE-2024-51485Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS 8.1 | Ampache | Exploit | - | |
CVE-2024-51484Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS 8.1 | Ampache | Exploit | - | |
CVE-2024-51382Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin accounts and compromise the integrity and security of the system. | CVSS 8.4 | - | - | ||
CVE-2024-51381Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and integrity of the platform, especially if an attacker gains administrative control. | CVSS 8.4 | - | - | ||
CVE-2024-5115707FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.html. | CVSS 4.7 | 07fly | - | - | |
CVE-2024-5115607FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'. | CVSS 4.7 | 07fly | - | - | |
CVE-2024-5097A vulnerability, which was classified as problematic, was found in SourceCodester Simple Inventory System 1.0. Affected is an unknown function of the file /tableedit.php#page=editprice. The manipulation of the argument itemnumber leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265080. | CVSS 4.3 | Simple inventory system project | - | - | |
CVE-2024-50966dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin. | CVSS 9.3 | Php | - | - | |
CVE-2024-50534Cross-Site Request Forgery (CSRF) vulnerability in Syed Umair Hussain Shah World Prayer Time allows Stored XSS.This issue affects World Prayer Time: from n/a through 2.0. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-50533Cross-Site Request Forgery (CSRF) vulnerability in David Garcia Domain Sharding allows Stored XSS.This issue affects Domain Sharding: from n/a through 1.2.1. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-50466Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite – Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite – Advanced Dark Mode Plugin for WordPress: from n/a through 1.2.8. | CVSS 8.8 | Wordpress | - | - | |
CVE-2024-5003The WP Stacker WordPress plugin through 1.8.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | CVSS 5.4 | Jankarres, et al | Exploit | - | |
CVE-2024-4969The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack | CVSS 4.3 | Devnath verma, et al | Exploit | - | |
CVE-2024-49685Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds (Tweets Widget): from n/a through 2.2.3. | CVSS 5.4 | Smashballoon | - | - | |
CVE-2024-49674Cross-Site Request Forgery (CSRF) vulnerability in Lukas Huser EKC Tournament Manager allows Upload a Web Shell to a Web Server.This issue affects EKC Tournament Manager: from n/a through 2.2.1. | CVSS 9.6 | Wordpress | - | - | |
CVE-2024-49672Cross-Site Request Forgery (CSRF) vulnerability in Gifford Cheung, Brian Watanabe, Chongsun Ahn Google Docs RSVP allows Stored XSS.This issue affects Google Docs RSVP: from n/a through 2.0.1. | CVSS 6.1 | Wordpress | - | - | |
CVE-2024-49629Cross-Site Request Forgery (CSRF) vulnerability in Fahad Mahmood Endless Posts Navigation allows Stored XSS.This issue affects Endless Posts Navigation: from n/a through 2.2.7. | CVSS 6.1 | Wordpress, et al | - | - | |
CVE-2024-49628Cross-Site Request Forgery (CSRF) vulnerability in WhileTrue Most And Least Read Posts Widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.18. | CVSS 8.8 | Whiletrue | - | - | |
CVE-2024-49627Cross-Site Request Forgery (CSRF) vulnerability in Noor Alam WordPress Image SEO allows Cross Site Request Forgery.This issue affects WordPress Image SEO: from n/a through 1.1.4. | CVSS 8.8 | Noorsplugin, et al | - | - | |
CVE-2024-49622Cross-Site Request Forgery (CSRF) vulnerability in Apa Apa Banner Slider allows SQL Injection.This issue affects Apa Banner Slider: from n/a through 1.0.0. | CVSS 8.8 | Wordpress | - | - | |
CVE-2024-49621Cross-Site Request Forgery (CSRF) vulnerability in Apa APA Register Newsletter Form allows SQL Injection.This issue affects APA Register Newsletter Form: from n/a through 1.0.0. | CVSS 8.8 | Wordpress | - | - | |
CVE-2024-49617Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Back Link Tracker allows Blind SQL Injection.This issue affects Back Link Tracker: from n/a through 1.0.0. | CVSS 8.8 | - | - | ||
CVE-2024-49615Cross-Site Request Forgery (CSRF) vulnerability in Henrique Rodrigues SafetyForms allows Blind SQL Injection.This issue affects SafetyForms: from n/a through 1.0.0. | CVSS 8.8 | Wordpress | - | - | |
CVE-2024-49605Cross-Site Request Forgery (CSRF) vulnerability in Avchat.Net AVChat Video Chat allows Stored XSS.This issue affects AVChat Video Chat: from n/a through 2.2. | CVSS 6.1 | Golang | - | - | |
CVE-2024-49340IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | CVSS 8.8 | Ibm | - | Patched | |
CVE-2024-49335Cross-Site Request Forgery (CSRF) vulnerability in Edush Maxim GoogleDrive folder list allows Stored XSS.This issue affects GoogleDrive folder list: from n/a through 2.2.2. | CVSS 6.1 | Wordpress | - | - | |
CVE-2024-49313Cross-Site Request Forgery (CSRF) vulnerability in RudeStan VKontakte Wall Post allows Stored XSS.This issue affects VKontakte Wall Post: from n/a through 2.0. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-49306Cross-Site Request Forgery (CSRF) vulnerability in WP-buy WP Content Copy Protection & No Right Click allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through 3.5.9. | CVSS 8.8 | Wp-buy | - | - | |
CVE-2024-49304Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.1. | CVSS 5.4 | Pinpoint | - | - | |
CVE-2024-49290Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0. | CVSS 8.8 | Wordpress, et al | - | - | |
CVE-2024-4929A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264465 was assigned to this vulnerability. | CVSS 4.3 | Oretnom23 | - | - | |
CVE-2024-49275Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson IdeaPush allows Cross Site Request Forgery.This issue affects IdeaPush: from n/a through 8.69. | CVSS 8.8 | Northernbeacheswebsites | - | - | |
CVE-2024-49274Cross-Site Request Forgery (CSRF) vulnerability in Infomaniak Staff VOD Infomaniak allows Cross Site Request Forgery.This issue affects VOD Infomaniak: from n/a through 1.5.7. | CVSS 8.8 | Wordpress, et al | - | - | |
CVE-2024-49272Cross-Site Request Forgery (CSRF) vulnerability in WPWeb Social Auto Poster allows Cross Site Request Forgery.This issue affects Social Auto Poster: from n/a through 5.3.15. | CVSS 8.8 | Wordpress, et al | - | - | |
CVE-2024-49250Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through 2408. | CVSS 8.8 | Wordpress, et al | - | - | |
CVE-2024-49237Cross-Site Request Forgery (CSRF) vulnerability in Ahmet Imamoglu Ahmeti Wp Timeline allows Stored XSS.This issue affects Ahmeti Wp Timeline: from n/a through 5.1. | CVSS 6.1 | Wordpress | - | - | |
CVE-2024-49229Cross-Site Request Forgery (CSRF) vulnerability in Arif Nezami Better Author Bio allows Cross-Site Scripting (XSS).This issue affects Better Author Bio: from n/a through 2.7.10.11. | CVSS 6.1 | Wordpress | - | - | |
CVE-2024-49223Cross-Site Request Forgery (CSRF) vulnerability in Shibu Lijack a.K.A CyberJack CJ Change Howdy allows Stored XSS.This issue affects CJ Change Howdy: from n/a through 3.3.1. | CVSS 6.1 | Wordpress | - | - | |
CVE-2024-49221Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m cSlider allows Stored XSS.This issue affects cSlider: from n/a through 2.4.2. | CVSS 6.1 | Wordpress | - | - | |
CVE-2024-49220Cross-Site Request Forgery (CSRF) vulnerability in Cookie Scanner – Nikel Schubert Cookie Scanner allows Stored XSS.This issue affects Cookie Scanner: from n/a through 1.1. | CVSS 6.1 | Wordpress | - | - | |
CVE-2024-48962Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.17.
Users are recommended to upgrade to version 18.12.17, which fixes the issue. | CVSS 7.5 | Apache | - | - | |
CVE-2024-48913Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. This can allow an attacker to bypass CSRF protection implemented with Hono CSRF middleware. Version 4.6.5 fixes this issue. | CVSS 5.9 | Hono | - | Patched | |
CVE-2024-48758dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code | CVSS 6.1 | - | - | ||
CVE-2024-4839A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service (under construction), XTTS service, Petals service, vLLM service, and Motion Ctrl service, which lack CSRF protection. This vulnerability allows attackers to deceive users into unwittingly installing the XTTS service among other packages by submitting a malicious installation request. Successful exploitation results in attackers tricking users into performing actions without their consent. | CVSS HIGH | - | - | ||
CVE-2024-48311Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit album function. | CVSS 8.8 | Piwigo | - | - | |
CVE-2024-48291dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17 | CVSS 6.3 | - | - | ||
CVE-2024-48278Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php. | CVSS 5.5 | Phpgurukul | - | - | |
CVE-2024-48191dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17 | CVSS 6.3 | - | - | ||
CVE-2024-48057localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage. | CVSS 6.1 | Mudler | - | Patched | |
CVE-2024-48048Cross-Site Request Forgery (CSRF) vulnerability in WSIFY – Sales can fly Wsify Widget allows Stored XSS.This issue affects Wsify Widget: from n/a through 1.0. | CVSS 7.1 | Wordpress | - | - | |
CVE-2024-48047Cross-Site Request Forgery (CSRF) vulnerability in Razon Komar Pal Linked Variation for WooCommerce allows Cross Site Request Forgery.This issue affects Linked Variation for WooCommerce: from n/a through 1.0.5. | CVSS 4.3 | Woocommerce | - | - | |
CVE-2024-48038Cross-Site Request Forgery (CSRF) vulnerability in Hans Matzen wp-Monalisa allows Cross Site Request Forgery.This issue affects wp-Monalisa: from n/a through 6.4. | CVSS 4.3 | Wordpress | - | - |