Cross-Site Request Forgery (CSRF)CWE-352
| CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
|---|---|---|---|---|---|
CVE-2024-37923Cross-Site Request Forgery (CSRF) vulnerability in Cliengo – Chatbot.This issue affects Cliengo – Chatbot: from n/a through 3.0.1. | CVSS 5.4 | Wordpress | - | - |  |
CVE-2024-3782Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which could allow an attacker to create a manipulated HTML form to perform privileged actions once it is executed by a privileged user. | CVSS 8.8 | - | - |  | |
CVE-2024-37306Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a project, task or job that the victim user has permission to export into a cloud storage that the victim user has access to. The name of the resulting file can be chosen by the attacker. This implies that the attacker can overwrite arbitrary files in any cloud storage that the victim can access and, if the attacker has read access to the cloud storage used in the attack, they can obtain media files, annotations, settings and other information from any projects, tasks or jobs that the victim has permission to export. Version 2.14.3 contains a fix for the issue. No known workarounds are available. | CVSS 7.1 | Cvat | - | - |  |
CVE-2024-37230Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through 1.2.3. | CVSS 8.8 | Wordpress, et al | - | - |  |
CVE-2024-37227Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7. | CVSS 8.8 | Tribulant | - | - |  |
CVE-2024-37213Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Team Ali2Woo Lite allows Cross-Site Scripting (XSS).This issue affects Ali2Woo Lite: from n/a through 3.3.9. | CVSS 7.1 | Ali2woo | - | - |  |
CVE-2024-37212Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through 3.3.5. | CVSS 8.8 | Wordpress, et al | - | - |  |
CVE-2024-37198Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through 1.1.5. | CVSS 8.8 | Wordpress, et al | - | - |  |
CVE-2024-37118Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through 5.3. | CVSS 8.8 | Uncannyowl | - | - |  |
CVE-2024-36670idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del | CVSS 8.8 | Idccms | - | - |  |
CVE-2024-36669idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=add. | CVSS 8.8 | Idccms project | Exploit | - |  |
CVE-2024-36668idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=del | CVSS 8.8 | Idccms project | Exploit | - |  |
CVE-2024-36667idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/idcProType_deal.php?mudi=add&nohrefStr=close | CVSS 8.8 | Idccms project | Exploit | - |  |
CVE-2024-36550idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close | CVSS 8.8 | Idccms project, et al | Exploit | - |  |
CVE-2024-36549idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close | CVSS 8.8 | Idccms project, et al | Exploit | - |  |
CVE-2024-36548idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del | CVSS 8.8 | Idccms project, et al | Exploit | - |  |
CVE-2024-36547idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add | CVSS 8.8 | Idccms project, et al | Exploit | - |  |
CVE-2024-36452Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a malicious page while logged in. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted. | CVSS 3.1 | Webmin | - | - |  |
CVE-2024-36255Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a deceptive post action that unexpectedly runs a slash command in some arbitrary channel. | CVSS 5.7 | Mattermost | - | - |  |
CVE-2024-36076Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session. | CVSS 8.8 | - | - |  | |
CVE-2024-3593The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the ubermenu_delete_all_item_settings and ubermenu_reset_settings functions. This makes it possible for unauthenticated attackers to delete and reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | CVSS 5.4 | Wordpress, et al | - | - |  |
CVE-2024-35773Cross-Site Request Forgery (CSRF) vulnerability in WPJohnny, zerOneIT Comment Reply Email allows Cross-Site Scripting (XSS).This issue affects Comment Reply Email: from n/a through 1.3. | CVSS 7.1 | Wordpress | - | - |  |
CVE-2024-35772Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects Hueman: from n/a through 3.7.24. | CVSS 8.8 | Presscustomizr | - | - |  |
CVE-2024-35771Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through 4.4.21. | CVSS 8.8 | Presscustomizr | - | - |  |
CVE-2024-35770Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.This issue affects Vimeography: Vimeo Video Gallery WordPress Plugin: from n/a through 2.4.1. | CVSS 8.8 | Davekiss, et al | - | - |  |
CVE-2024-35689Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.2.3. | CVSS 8.8 | Analytify | - | - |  |
CVE-2024-35684Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress.This issue affects ElasticPress: from n/a through 5.1.0. | CVSS 4.3 | 10up | - | - |  |
CVE-2024-35673Cross-Site Request Forgery (CSRF) vulnerability in Pure Chat by Ruby Pure Chat.This issue affects Pure Chat: from n/a through 2.22. | CVSS 4.3 | Purechat | - | - |  |
CVE-2024-35657Cross-Site Request Forgery (CSRF) vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.6. | CVSS 5.4 | Plechevandrey | - | - |  |
CVE-2024-35638Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through 0.2.43. | CVSS 4.3 | Jumpdemand | - | - |  |
CVE-2024-35636Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery (beta) uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery (beta): from n/a through 3.0.11. | CVSS 4.3 | - | - |  | |
CVE-2024-35632Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through 1.1.5. | CVSS 4.3 | Crmperks | - | - |  |
CVE-2024-35561idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=add&nohrefStr=close. | CVSS 5.4 | Idccms | - | - |  |
CVE-2024-35560idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCN. | CVSS Low | Idccms | - | - |  |
CVE-2024-35559idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=rev&nohrefStr=close. | CVSS 8.8 | Idccms | - | - |  |
CVE-2024-35557idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close. | CVSS 5.5 | Idccms | - | - |  |
CVE-2024-35556idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet. | CVSS 8.8 | Idccms | - | - |  |
CVE-2024-35555idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=newsWeb&fieldName=state&fieldName2=state&tabName=infoWeb&dataID=40. | CVSS 6.3 | Idccms | - | - |  |
CVE-2024-35554idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN. | CVSS Low | Idccms | - | - |  |
CVE-2024-35553idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=add&nohrefStr=close. | CVSS 8.3 | Idccms | - | - |  |
CVE-2024-35552idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN. | CVSS 8.8 | Idccms | - | - |  |
CVE-2024-35551idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add. | CVSS Low | Idccms | - | - |  |
CVE-2024-35475A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands. | CVSS 6.4 | Openkm | Exploit | - |  |
CVE-2024-35207A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery(CSRF) attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. | CVSS 7.8 | Siemens | - | Patched |  |
CVE-2024-35109idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close. | CVSS 6.5 | Idccms | - | - |  |
CVE-2024-35108idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN. | CVSS 8.8 | Idccms | - | - |  |
CVE-2024-35039idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area. | CVSS Low | Idccms | - | - |  |
CVE-2024-35012idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close. | CVSS 6.3 | Idccms | - | - |  |
CVE-2024-35011idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close. | CVSS 5.4 | Idccms | - | - |  |
CVE-2024-35010idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6. | CVSS 8.8 | Idccms | - | - |  |
CVE-2024-35009idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6. | CVSS 8.8 | Idccms | - | - |  |
CVE-2024-34958idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add | CVSS 6.5 | Idccms | Exploit | - |  |
CVE-2024-34957idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet. | CVSS 5.4 | Idccms | - | - |  |
CVE-2024-34828Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.32.
| CVSS 4.3 | Church admin project | - | - |  |
CVE-2024-34827Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Razvan Mocanu, Madalin Ungureanu, Cristophor Hurduban TranslatePress.This issue affects TranslatePress: from n/a through 2.7.5.
| CVSS 4.3 | Cozmoslabs | - | - |  |
CVE-2024-34825Cross-Site Request Forgery (CSRF) vulnerability in Warfare Plugins Social Warfare.This issue affects Social Warfare: from n/a through 4.4.5.1.
| CVSS 4.3 | Warfareplugins | - | - |  |
CVE-2024-34823Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter.This issue affects Arigato Autoresponder and Newsletter: from n/a through 2.7.2.3.
| CVSS 4.3 | Kibokolabs | - | - |  |
CVE-2024-34818Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress.This issue affects WebinarPress: from n/a through 1.33.17.
| CVSS 7.1 | - | - |  | |
CVE-2024-34817Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.0.
| CVSS 4.3 | Crmperks, et al | - | - |  |
CVE-2024-34816Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io – Easy Meeting Scheduler.This issue affects WPCal.Io – Easy Meeting Scheduler: from n/a through 0.9.5.8.
| CVSS 5.4 | Revmakx | - | - |  |
CVE-2024-34814Cross-Site Request Forgery (CSRF) vulnerability in ThemeFuse Unyson.This issue affects Unyson: from n/a through 2.7.29.
| CVSS 5.4 | Brizy | - | - |  |
CVE-2024-34809Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes EmpowerWP.This issue affects EmpowerWP: from n/a through 1.0.21. | CVSS 4.3 | Extendthemes | - | - |  |
CVE-2024-34807Cross-Site Request Forgery (CSRF) vulnerability in CodeBard Fast Custom Social Share by CodeBard.This issue affects Fast Custom Social Share by CodeBard: from n/a through 1.1.2. | CVSS 4.3 | Codebard | - | - |  |
CVE-2024-34806Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Clearfy Cache.This issue affects Clearfy Cache: from n/a through 2.2.1. | CVSS 4.3 | - | - |  | |
CVE-2024-3477The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks | CVSS Low | Wordpress | - | - |  |
CVE-2024-34756Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 HubSpot.This issue affects Integration for Contact Form 7 HubSpot: from n/a through 1.3.1. | CVSS 4.3 | Crmperks | - | - |  |
CVE-2024-34755Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through 1.3.9. | CVSS 4.3 | Crmperks | - | - |  |
CVE-2024-3472The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack | CVSS 5.9 | Wordpress | - | - |  |
CVE-2024-34557Cross-Site Request Forgery (CSRF) vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.4.
| CVSS 4.3 | Ukrsolution | - | - |  |
CVE-2024-34502An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit token. | CVSS 9.8 | Mediawiki | - | Patched |  |
CVE-2024-34439Cross-Site Request Forgery (CSRF) vulnerability in divSpot DS Site Message.This issue affects DS Site Message: from n/a through 1.14.4.
| CVSS 4.3 | - | - |  | |
CVE-2024-34427Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Favorite Posts.This issue affects WP Favorite Posts: from n/a through 1.6.8.
| CVSS 4.3 | Wp favorite posts project | - | - |  |
CVE-2024-34379Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Restaurant and Cafe.This issue affects Restaurant and Cafe: from n/a through 1.2.1.
| CVSS 4.3 | - | - |  | |
CVE-2024-34367Cross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popup box allows Cross-Site Scripting (XSS).This issue affects Popup box: from n/a through 4.1.2.
| CVSS 7.1 | - | - |  | |
CVE-2024-3407The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | CVSS 5.3 | Wordpress | - | - |  |
CVE-2024-34069The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. | CVSS 7.5 | Palletsprojects | - | Patched |  |
CVE-2024-34008Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk. | CVSS 8.8 | Moodle | - | Patched |  |
CVE-2024-34007The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF. | CVSS Low | - | - |  | |
CVE-2024-34001Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk. | CVSS 8.4 | - | - |  | |
CVE-2024-33913Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload in Xserver Migrator.This issue affects Xserver Migrator: from n/a through 1.6.1.
| CVSS 9.6 | - | - |  | |
CVE-2024-33830idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache. | CVSS 8.1 | Idccms | - | - |  |
CVE-2024-33829idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache. | CVSS 5.4 | Idccms | - | - |  |
CVE-2024-33691Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup Builder Team OptinMonster.This issue affects OptinMonster: from n/a through 2.15.3.
| CVSS 4.3 | Optinmonster | - | - |  |
CVE-2024-33690Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio.This issue affects Financio: from n/a through 1.1.3.
| CVSS 4.3 | Jegstudio | - | - |  |
CVE-2024-33689Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli, Tony Hayes Radio Station.This issue affects Radio Station: from n/a through 2.5.7.
| CVSS 4.3 | - | - |  | |
CVE-2024-33688Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31.
| CVSS 4.3 | Extendthemes | - | - |  |
CVE-2024-33683Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Dashboard Notifications.This issue affects Hide Dashboard Notifications: from n/a through 1.2.3.
| CVSS 4.3 | Wprepublic | - | - |  |
CVE-2024-33682Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through 2.0.23.
| CVSS 5.4 | Wordpress | - | - |  |
CVE-2024-33681Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Regenerate post permalink allows Cross-Site Scripting (XSS).This issue affects Regenerate post permalink: from n/a through 1.0.3.
| CVSS 7.1 | - | - |  | |
CVE-2024-33680Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1.
| CVSS 5.4 | - | - |  | |
CVE-2024-33679Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer.This issue affects FameTheme Demo Importer: from n/a through 1.1.5.
| CVSS 4.3 | - | - |  | |
CVE-2024-33678Cross-Site Request Forgery (CSRF) vulnerability in ClickCease ClickCease Click Fraud Protection.This issue affects ClickCease Click Fraud Protection: from n/a through 3.2.4.
| CVSS 4.3 | - | - |  | |
CVE-2024-33677Cross-Site Request Forgery (CSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70.
| CVSS 4.3 | Renzojohnson | - | - |  |
CVE-2024-33651Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through 1.2.1.
| CVSS 5.4 | - | - |  | |
CVE-2024-33650Cross-Site Request Forgery (CSRF) vulnerability in Cryout Creations Serious Slider.This issue affects Serious Slider: from n/a through 1.2.4.
| CVSS 4.3 | Cryoutcreations | - | - |  |
CVE-2024-33646Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Sticky Anything allows Cross-Site Scripting (XSS).This issue affects Sticky Anything: from n/a through 2.1.5.
| CVSS 7.1 | - | - |  | |
CVE-2024-33638Cross-Site Request Forgery (CSRF) vulnerability in Brijesh Kothari Smart Maintenance Mode.This issue affects Smart Maintenance Mode: from n/a through 1.4.4.
| CVSS 5.4 | - | - |  | |
CVE-2024-33632Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.
| CVSS 5.4 | Piotnet | - | - |  |
CVE-2024-33449An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information and execute arbitrary code via a POST request in the url parameter | CVSS 9.8 | - | - |  | |
CVE-2024-32958Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannidis Slash Admin allows Cross-Site Scripting (XSS).This issue affects Slash Admin: from n/a through 3.8.1.
| CVSS 7.1 | - | - |  |