Cross-Site Request Forgery (CSRF)
CWE-352

CVE IDCVSSVendorExploitPatchTrends
CVE-2024-48037Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.4.2.
CVSS 5.4Awplife

-

-

Trending graph for this CVE
CVE-2024-48031Cross-Site Request Forgery (CSRF) vulnerability in Sumit Surai Featured Posts with Multiple Custom Groups (FPMCG) allows Cross Site Request Forgery.This issue affects Featured Posts with Multiple Custom Groups (FPMCG): from n/a through 4.0.
CVSS 6.5Bestwebsoft

-

-

Trending graph for this CVE
CVE-2024-47914VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF)
CVSS 4.5

-

-

Trending graph for this CVE
CVE-2024-47879OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `preview-expression` command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can contain arbitrary Clojure or Python code. The attacker must know a valid project ID of a project that contains at least one row, and the attacker must convince the victim to open a malicious webpage. Version 3.8.3 fixes the issue.
CVSS 7.6Openrefine

-

Patched

Trending graph for this CVE
CVE-2024-47846Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
CVSS 8.8Mediawiki

Exploit

Patched

Trending graph for this CVE
CVE-2024-47828ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. This vulnerability can be exploited by creating a malicious script with an arbitrary playlist ID belonging to another user. When the user submits the request, their playlist will be deleted. Any User with active sessions who are tricked into submitting a malicious request are impacted, as their playlists or other objects could be deleted without their consent.
CVSS 6.5Ampache

Exploit

Patched

Trending graph for this CVE
CVE-2024-47644Cross-Site Request Forgery (CSRF) vulnerability in Copyscape / Indigo Stream Technologies Copyscape Premium allows Stored XSS.This issue affects Copyscape Premium: from n/a through 1.3.6.
CVSS 7.1Wordpress

-

-

Trending graph for this CVE
CVE-2024-47635Cross-Site Request Forgery (CSRF) vulnerability in TinyPNG.This issue affects TinyPNG: from n/a through 3.4.3.
CVSS 5.4Wordpress

-

-

Trending graph for this CVE
CVE-2024-47634Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty – Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a through 8.2.
CVSS 9.8Majas-lapu-izstrade, et al

-

-

Trending graph for this CVE
CVE-2024-4751The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVSS 4.3Goprayer, et al

Exploit

-

Trending graph for this CVE
CVE-2024-47315Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1.
CVSS 8.8Givewp

-

-

Trending graph for this CVE
CVE-2024-47305Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08.
CVSS 8.8Dineshkarki, et al

-

-

Trending graph for this CVE
CVE-2024-47082Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to cross-site request forgery (CSRF) attacks if users did not explicitly enable CSRF preventing security mechanism for their servers. Additionally, the Django HTTP view integration, in particular, had an exemption for Django's built-in CSRF protection (i.e., the `CsrfViewMiddleware` middleware) by default. In affect, all Strawberry integrations were vulnerable to CSRF attacks by default. Version `v0.243.0` is the first `strawberry-graphql` including a patch.
CVSS 8Graphql

-

Patched

Trending graph for this CVE
CVE-2024-46911Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges attack. This issue affects Apache Roller before 6.1.4. Roller users who run multi-blog/user Roller websites are recommended to upgrade to version 6.1.4, which fixes the issue. Roller 6.1.4 release announcement:  https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw
CVSS 4.7Apache

-

-

Trending graph for this CVE
CVE-2024-4689Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.3.
CVSS 4.3Shortpixel

-

-

Trending graph for this CVE
CVE-2024-46872Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks
CVSS 4.6Mattermost

-

Patched

Trending graph for this CVE
CVE-2024-46600dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31
CVSS 4.7Php

-

-

Trending graph for this CVE
CVE-2024-46485dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate
CVSS 6.3Php

-

-

Trending graph for this CVE
CVE-2024-46394FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add
CVSS 8.8Frogcms project

Exploit

-

Trending graph for this CVE
CVE-2024-46362FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory
CVSS 8.8Frogcms project

-

-

Trending graph for this CVE
CVE-2024-46086FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/delete/123
CVSS 8.8Frogcms project

Exploit

-

Trending graph for this CVE
CVE-2024-46085FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename
CVSS 8.8Frogcms project

-

-

Trending graph for this CVE
CVE-2024-4600Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of proper sanitisation of the ‘set_param.cgi’ file.
CVSS 7.1Socomec

-

-

Trending graph for this CVE
CVE-2024-45987Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent or knowledge. The attack leverages the user's active session to perform the unauthorized action, compromising the integrity of the voting process.
CVSS 6.5Projectworlds, et al

Exploit

-

Trending graph for this CVE
CVE-2024-45983A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a request to delete a doctor record. By enticing an authenticated admin user to visit the specially crafted web page, the attacker can leverage the victim's browser to make unauthorized requests to the vulnerable endpoint, effectively allowing the attacker to perform actions on behalf of the admin without their consent.
CVSS 6.3Apache

-

-

Trending graph for this CVE
CVE-2024-4597An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF.
CVSS 5.7Gitlab

-

-

Trending graph for this CVE
CVE-2024-4594A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Affected is an unknown function of the file /src/dede/sys_safe.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3Dedecms

-

-

Trending graph for this CVE
CVE-2024-4593A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. This issue affects some unknown processing of the file /src/dede/sys_multiserv.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3Dedecms

-

-

Trending graph for this CVE
CVE-2024-4592A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/sys_group_edit.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3Dedecms

-

-

Trending graph for this CVE
CVE-2024-4591A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/sys_group_add.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3Dedecms

-

-

Trending graph for this CVE
CVE-2024-4590A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/sys_info.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263312. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3Dedecms

-

-

Trending graph for this CVE
CVE-2024-4589A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/mytag_edit.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263311. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3Dedecms

-

-

Trending graph for this CVE
CVE-2024-4588A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/mytag_add.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263310 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3Dedecms

-

-

Trending graph for this CVE
CVE-2024-4587A vulnerability was found in DedeCMS 5.7 and classified as problematic. This issue affects some unknown processing of the file /src/dede/tpl.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263309 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3Dedecms

-

-

Trending graph for this CVE
CVE-2024-4586A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/shops_delivery.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263308. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3Dedecms

-

-

Trending graph for this CVE
CVE-2024-4585A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/member_type.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263307. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3Dedecms

-

-

Trending graph for this CVE
CVE-2024-45737In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).
CVSS 3.5Splunk

-

Patched

Trending graph for this CVE
CVE-2024-45693Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account takeover, disruption, exposure of sensitive data and compromise integrity of the resources owned by the user account that are managed by the platform. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1 Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.
CVSS 8.8Apache

-

Patched

Trending graph for this CVE
CVE-2024-45527REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logout=1, and can also be used to insert a link to an external phishing website.
CVSS 6.1

-

-

Trending graph for this CVE
CVE-2024-45504Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.
CVSS 6.5

-

-

Trending graph for this CVE
CVE-2024-4543The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS 4.3Yeken, et al

-

Patched

Trending graph for this CVE
CVE-2024-45372MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc.
CVSS 6.5Planex

-

-

Trending graph for this CVE
CVE-2024-4532The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF attacks
CVSS 6.4Wordpress

-

-

Trending graph for this CVE
CVE-2024-45270WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.
CVSS 4.3Wordpress

-

-

Trending graph for this CVE
CVE-2024-45269WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.
CVSS 4.3Wordpress

-

-

Trending graph for this CVE
CVE-2024-45264A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges.
CVSS 8.8

Exploit

-

Trending graph for this CVE
CVE-2024-45172An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery (CSRF) attacks. The C-MOR web interface offers no protection against cross-site request forgery (CSRF) attacks.
CVSS 6.8

-

-

Trending graph for this CVE
CVE-2024-4499A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS API requests. This issue can lead to the reading and writing of audio files and, when combined with other vulnerabilities, could allow for the reading of arbitrary files on the system and writing files outside the permitted audio file location.
CVSS 6.3Lollms

Exploit

-

Trending graph for this CVE
CVE-2024-4475The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack
CVSS 4.3Wordpress, et al

Exploit

-

Trending graph for this CVE
CVE-2024-4474The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVSS 4.3Wordpress, et al

Exploit

-

Trending graph for this CVE
CVE-2024-44677eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.
CVSS 9.8Eladmin

Exploit

-

Trending graph for this CVE
CVE-2024-44542SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-4429Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information disclosure.
CVSS 5.4Opentext

-

-

Trending graph for this CVE
CVE-2024-44064Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button Rating allows Cross-Site Scripting (XSS).This issue affects Like Button Rating: from n/a through 2.6.54.
CVSS 6.1Likebtn

-

-

Trending graph for this CVE
CVE-2024-4403A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function.
CVSS LowTesla

-

-

Trending graph for this CVE
CVE-2024-44028Cross-Site Request Forgery (CSRF) vulnerability in Nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a before 3.6.5.
CVSS 7.1Wordpress

-

-

Trending graph for this CVE
CVE-2024-43984Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.
CVSS 9.6Podlove

-

-

Trending graph for this CVE
CVE-2024-43947Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.
CVSS 4.3Dineshkarki, et al

-

-

Trending graph for this CVE
CVE-2024-43945Cross-Site Request Forgery (CSRF) vulnerability in Latepoint LatePoint allows Cross Site Request Forgery.This issue affects LatePoint: from n/a through 4.9.91.
CVSS 8.8Latepoint

-

-

Trending graph for this CVE
CVE-2024-43933Cross-Site Request Forgery (CSRF) vulnerability in WPMobile.App allows Stored XSS.This issue affects WPMobile.App: from n/a through 11.48.
CVSS 4.3Wpmobile.app project

-

-

Trending graph for this CVE
CVE-2024-43930Cross-Site Request Forgery (CSRF) vulnerability in eyecix JobSearch allows Cross Site Request Forgery.This issue affects JobSearch: from n/a through 2.5.3.
CVSS 4.3Eyecix

-

-

Trending graph for this CVE
CVE-2024-4382The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks
CVSS 6.5Wielebenwir, et al

Exploit

-

Trending graph for this CVE
CVE-2024-43787Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. As a result, attacker can bypass csrf middleware using upper-case form-like MIME type. This vulnerability is fixed in 4.5.8.
CVSS 5Hono

-

Patched

Trending graph for this CVE
CVE-2024-43684Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.
CVSS 8.8Microchip

-

Patched

Trending graph for this CVE
CVE-2024-43434The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability.
CVSS 8.1Moodle

-

Patched

Trending graph for this CVE
CVE-2024-43356Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide.This issue affects oik: from n/a through 4.12.0.
CVSS 4.3Wordpress

-

-

Trending graph for this CVE
CVE-2024-43340Cross-Site Request Forgery (CSRF) vulnerability in Nasirahmed Advanced Form Integration.This issue affects Advanced Form Integration: from n/a through 1.89.4.
CVSS 4.3Advancedformintegration

-

-

Trending graph for this CVE
CVE-2024-43339Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress allows Cross-Site Scripting (XSS).This issue affects WebinarPress: from n/a through 1.33.20.
CVSS 6.1Wordpress

-

-

Trending graph for this CVE
CVE-2024-43338Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Cross Site Request Forgery.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.1.2.
CVSS 4.3Automattic

-

-

Trending graph for this CVE
CVE-2024-43337Cross-Site Request Forgery (CSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.7.0.
CVSS 4.3Getbrave, et al

-

-

Trending graph for this CVE
CVE-2024-43336Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager.This issue affects WP User Manager: from n/a through 2.9.10.
CVSS 4.3Wpusermanager

-

-

Trending graph for this CVE
CVE-2024-43325Cross-Site Request Forgery (CSRF) vulnerability in Naiche Dark Mode for WP Dashboard.This issue affects Dark Mode for WP Dashboard: from n/a through 1.2.3.
CVSS 8.8Naiches, et al

-

-

Trending graph for this CVE
CVE-2024-43316Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1.
CVSS 4.3Checkoutplugins

-

-

Trending graph for this CVE
CVE-2024-43301Cross-Site Request Forgery (CSRF) vulnerability in Fonts Plugin Fonts allows Stored XSS.This issue affects Fonts: from n/a through 3.7.7.
CVSS 5.4Wordpress, et al

-

-

Trending graph for this CVE
CVE-2024-43299Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Team SpeedyCache.This issue affects SpeedyCache: from n/a through 1.1.8.
CVSS 5.4Softaculous

-

-

Trending graph for this CVE
CVE-2024-43295Cross-Site Request Forgery (CSRF) vulnerability in Passionate Programmers B.V. WP Data Access.This issue affects WP Data Access: from n/a through 5.5.7.
CVSS 4.3Wpdataaccess

-

-

Trending graph for this CVE
CVE-2024-43287Cross-Site Request Forgery (CSRF) vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.82.
CVSS 8.8Sendinblue

-

-

Trending graph for this CVE
CVE-2024-4328A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users into performing actions without their consent, such as deleting important files on the system. The issue is present in the application's handling of requests, making it susceptible to CSRF attacks that could lead to unauthorized actions being performed on behalf of the user.
CVSS 8.1

Exploit

-

Trending graph for this CVE
CVE-2024-43275Cross-Site Request Forgery (CSRF) vulnerability in Xyzscripts Insert PHP Code Snippet.This issue affects Insert PHP Code Snippet: from n/a through 1.3.6.
CVSS 8.8Xyzscripts

-

Patched

Trending graph for this CVE
CVE-2024-43269Cross-Site Request Forgery (CSRF) vulnerability in WPBackItUp Backup and Restore WordPress.This issue affects Backup and Restore WordPress: from n/a through 1.50.
CVSS 4.3Wordpress

-

-

Trending graph for this CVE
CVE-2024-43265Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.3.1.
CVSS 3.5Analytify

-

-

Trending graph for this CVE
CVE-2024-43255Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore allows Cross-Site Scripting (XSS).This issue affects MyBookTable Bookstore: from n/a through 3.3.9.
CVSS 6.1Stormhillmedia

-

-

Trending graph for this CVE
CVE-2024-43117Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1.
CVSS 8.8Wpmudev

-

-

Trending graph for this CVE
CVE-2024-43116Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10.
CVSS 8.810up

-

-

Trending graph for this CVE
CVE-2024-42793A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.
CVSS 8Lopalopa, et al

Exploit

-

Trending graph for this CVE
CVE-2024-42792A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page.
CVSS 3.5Lopalopa, et al

Exploit

-

Trending graph for this CVE
CVE-2024-42768A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php.
CVSS 6.8Kashipara

-

-

Trending graph for this CVE
CVE-2024-42764Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php.
CVSS 9.4Kashipara

-

-

Trending graph for this CVE
CVE-2024-42632FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add.
CVSS 8.8Frogcms project

Exploit

-

Trending graph for this CVE
CVE-2024-42631FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/edit/1.
CVSS 8.8Frogcms project

Exploit

-

Trending graph for this CVE
CVE-2024-42630FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file.
CVSS 8.8Frogcms project

Exploit

-

Trending graph for this CVE
CVE-2024-42629FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/edit/10.
CVSS 8.8Frogcms project

Exploit

-

Trending graph for this CVE
CVE-2024-42628FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/edit/3.
CVSS 8.8Frogcms project

Exploit

-

Trending graph for this CVE
CVE-2024-42627FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/delete/3.
CVSS 8.8Frogcms project

Exploit

-

Trending graph for this CVE
CVE-2024-42626FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add.
CVSS 8.8Frogcms project

Exploit

-

Trending graph for this CVE
CVE-2024-42625FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/add
CVSS 8.8Frogcms project

Exploit

-

Trending graph for this CVE
CVE-2024-42624FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/delete/10.
CVSS 8.8Frogcms project

Exploit

-

Trending graph for this CVE
CVE-2024-42623FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/delete/1
CVSS 8.8Frogcms project

Exploit

-

Trending graph for this CVE
CVE-2024-42621Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php
CVSS 8.8Pligg

Exploit

-

Trending graph for this CVE
CVE-2024-42619Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?id=0&list=whitelist&remove=pligg.com
CVSS 8.8Pligg

-

-

Trending graph for this CVE