Cross-Site Request Forgery (CSRF)
CWE-352

CVE IDCVSSVendorExploitPatchTrends
CVE-2024-32947Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Services LLC WP ADA Compliance Check Basic.This issue affects WP ADA Compliance Check Basic: from n/a through 3.1.3.
CVSS 4.3Wordpress

-

-

Trending graph for this CVE
CVE-2024-32863Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF)
CVSS 8.8Johnsoncontrols

-

Patched

Trending graph for this CVE
CVE-2024-32806Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule Headline Analyzer.This issue affects Headline Analyzer: from n/a through 1.3.3.
CVSS 4.3

-

-

Trending graph for this CVE
CVE-2024-32795Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io – Easy Meeting Scheduler.This issue affects WPCal.Io – Easy Meeting Scheduler: from n/a through 0.9.5.8.
CVSS 4.3Revmakx

-

-

Trending graph for this CVE
CVE-2024-32794Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10.
CVSS 4.3Paidmembershipspro

-

-

Trending graph for this CVE
CVE-2024-32793Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10.
CVSS 5.4Paidmembershipspro

-

-

Trending graph for this CVE
CVE-2024-32789Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).This issue affects Seers: from n/a through 8.1.0.
CVSS 7.1

-

-

Trending graph for this CVE
CVE-2024-32785Cross-Site Request Forgery (CSRF) vulnerability in Webangon The Pack Elementor addons allows Cross-Site Scripting (XSS).This issue affects The Pack Elementor addons: from n/a through 2.0.8.3.
CVSS 7.1

-

-

Trending graph for this CVE
CVE-2024-32773Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Royal Elementor Kit.This issue affects Royal Elementor Kit: from n/a through 1.0.116.
CVSS 4.3Wordpress, et al

-

-

Trending graph for this CVE
CVE-2024-32728Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.11.0.
CVSS 4.3Cozmoslabs

-

-

Trending graph for this CVE
CVE-2024-32699Cross-Site Request Forgery (CSRF) vulnerability in YITH YITH WooCommerce Compare.This issue affects YITH WooCommerce Compare: from n/a through 2.37.0.
CVSS 4.3

-

-

Trending graph for this CVE
CVE-2024-32693Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automatic.This issue affects Automatic: from n/a before 3.93.0.
CVSS 7.6Valvepress

-

-

Trending graph for this CVE
CVE-2024-32550Cross-Site Request Forgery (CSRF) vulnerability in BMI Adult & Kid Calculator allows Stored XSS.This issue affects BMI Adult & Kid Calculator: from n/a through 1.2.1.
CVSS 7.1

-

-

Trending graph for this CVE
CVE-2024-32549Cross-Site Request Forgery (CSRF) vulnerability in Microkid Related Posts for WordPress allows Cross-Site Scripting (XSS).This issue affects Related Posts for WordPress: from n/a through 4.0.3.
CVSS 7.1Wordpress

-

-

Trending graph for this CVE
CVE-2024-32538Cross-Site Request Forgery (CSRF) vulnerability in Joshua Eldridge Easy CountDowner allows Stored XSS.This issue affects Easy CountDowner: from n/a through 1.0.8.
CVSS 7.1

-

-

Trending graph for this CVE
CVE-2024-3246The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS 5.4Wordpress, et al

-

Patched

Trending graph for this CVE
CVE-2024-32452Cross-Site Request Forgery (CSRF) vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19.
CVSS 5.4Wpeasycart

-

-

Trending graph for this CVE
CVE-2024-32451Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.4.2.
CVSS 4.3Wpwax

-

-

Trending graph for this CVE
CVE-2024-32450Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team WpTravelly.This issue affects WpTravelly: from n/a through 1.6.0.
CVSS 4.3Mage-people

-

-

Trending graph for this CVE
CVE-2024-32449Cross-Site Request Forgery (CSRF) vulnerability in MagniGenie RestroPress.This issue affects RestroPress: from n/a through 3.1.2.
CVSS 5.4

-

-

Trending graph for this CVE
CVE-2024-32448Cross-Site Request Forgery (CSRF) vulnerability in VideoYield.Com Ads.Txt Admin.This issue affects Ads.Txt Admin: from n/a through 1.3.
CVSS 4.3

-

-

Trending graph for this CVE
CVE-2024-32447Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP Classifieds: from n/a through 4.3.1.
CVSS 4.3Strategy11

-

-

Trending graph for this CVE
CVE-2024-32446Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce.This issue affects Wallet System for WooCommerce: from n/a through 2.5.9.
CVSS 5.4Wordpress, et al

-

-

Trending graph for this CVE
CVE-2024-32445Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team WebinarIgnition.This issue affects WebinarIgnition: from n/a through 3.05.8.
CVSS 5.4Saleswonder

-

-

Trending graph for this CVE
CVE-2024-32443Cross-Site Request Forgery (CSRF) vulnerability in IP2Location Download IP2Location Country Blocker.This issue affects Download IP2Location Country Blocker: from n/a through 2.34.2.
CVSS 4.3Ip2location

-

-

Trending graph for this CVE
CVE-2024-32442Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.7.
CVSS 4.3Zoho

-

-

Trending graph for this CVE
CVE-2024-32441Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.7.
CVSS 4.3Zoho

-

-

Trending graph for this CVE
CVE-2024-32440Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.8.0.
CVSS 4.3Asgaros

-

-

Trending graph for this CVE
CVE-2024-32439Cross-Site Request Forgery (CSRF) vulnerability in SwitchWP WP Client Reports.This issue affects WP Client Reports: from n/a through 1.0.22.
CVSS 4.3Switchwp

-

-

Trending graph for this CVE
CVE-2024-32438Cross-Site Request Forgery (CSRF) vulnerability in cleverplugins.Com SEO Booster.This issue affects SEO Booster: from n/a through 3.8.9.
CVSS 4.3Cleverplugins

-

-

Trending graph for this CVE
CVE-2024-32437Cross-Site Request Forgery (CSRF) vulnerability in impleCode eCommerce Product Catalog.This issue affects eCommerce Product Catalog: from n/a through 3.3.28.
CVSS 4.3Implecode

-

-

Trending graph for this CVE
CVE-2024-32436Cross-Site Request Forgery (CSRF) vulnerability in Codemenschen Gift Vouchers.This issue affects Gift Vouchers: from n/a through 4.4.0.
CVSS 4.3Codemenschen

-

-

Trending graph for this CVE
CVE-2024-32435Cross-Site Request Forgery (CSRF) vulnerability in Affieasy Team AffiEasy.This issue affects AffiEasy: from n/a through 1.1.4.
CVSS 4.3

-

-

Trending graph for this CVE
CVE-2024-32434Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce.This issue affects Order Delivery Date for WooCommerce: from n/a through 3.20.2.
CVSS 4.3Tychesoftwares

-

-

Trending graph for this CVE
CVE-2024-32433Cross-Site Request Forgery (CSRF) vulnerability in Themefic BEAF.This issue affects BEAF: from n/a through 4.5.4.
CVSS 4.3Themefic

-

-

Trending graph for this CVE
CVE-2024-3238The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. This is due to missing or incorrect nonce validation on the ajax_handle_delete_icons() function. This makes it possible for unauthenticated attackers to delete arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please not the CSRF was patched in 5.0.28, however, adequate directory traversal protection wasn't introduced until 5.0.30.
CVSS 8.8Wordpress

-

-

Trending graph for this CVE
CVE-2024-32141Cross-Site Request Forgery (CSRF) vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.4.4.
CVSS 4.3Libsyn

-

-

Trending graph for this CVE
CVE-2024-32112Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.This issue affects Leadinfo: from n/a through 1.0.
CVSS 4.3

-

-

Trending graph for this CVE
CVE-2024-32109Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode.This issue affects WP Matterport Shortcode: from n/a through 2.1.8.
CVSS 4.3Mpembed

-

-

Trending graph for this CVE
CVE-2024-32108Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Convert Post Types.This issue affects Convert Post Types: from n/a through 1.4.
CVSS 4.3Stephanieleary

-

-

Trending graph for this CVE
CVE-2024-32107Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0.
CVSS 4.3Xlplugins

-

-

Trending graph for this CVE
CVE-2024-32106Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Compress – Image Optimizer [All-In-One].This issue affects WP Compress – Image Optimizer [All-In-One]: from n/a through 6.10.35.
CVSS 4.3Wordpress

-

-

Trending graph for this CVE
CVE-2024-32105Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2.
CVSS 4.3

-

-

Trending graph for this CVE
CVE-2024-32104Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.18.1.
CVSS 4.3Xlplugins

Exploit

-

Trending graph for this CVE
CVE-2024-32103Cross-Site Request Forgery (CSRF) vulnerability in Siteimprove.This issue affects Siteimprove: from n/a through 2.0.6.
CVSS 5.4

-

-

Trending graph for this CVE
CVE-2024-32102Cross-Site Request Forgery (CSRF) vulnerability in Scott Kingsley Clark Crony Cronjob Manager.This issue affects Crony Cronjob Manager: from n/a through 0.5.0.
CVSS 4.3Crony cronjob manager project

-

-

Trending graph for this CVE
CVE-2024-32101Cross-Site Request Forgery (CSRF) vulnerability in Omnisend Email Marketing for WooCommerce by Omnisend.This issue affects Email Marketing for WooCommerce by Omnisend: from n/a through 1.14.3.
CVSS 4.3Omnisend

-

-

Trending graph for this CVE
CVE-2024-32099Cross-Site Request Forgery (CSRF) vulnerability in James Ward WP Mail Catcher.This issue affects WP Mail Catcher: from n/a through 2.1.6.
CVSS 4.3Wordpress

-

-

Trending graph for this CVE
CVE-2024-32097Cross-Site Request Forgery (CSRF) vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through 4.1.
CVSS 5.4Wordpress

-

-

Trending graph for this CVE
CVE-2024-32096Cross-Site Request Forgery (CSRF) vulnerability in DAEV.Tech WP Migration Plugin DB & Files – WP Synchro.This issue affects WP Migration Plugin DB & Files – WP Synchro: from n/a through 1.11.2.
CVSS 5.4Wordpress

-

-

Trending graph for this CVE
CVE-2024-32095Cross-Site Request Forgery (CSRF) vulnerability in MultiParcels MultiParcels Shipping For WooCommerce.This issue affects MultiParcels Shipping For WooCommerce: from n/a before 1.16.9.
CVSS 4.3Multiparcels

-

-

Trending graph for this CVE
CVE-2024-32094Cross-Site Request Forgery (CSRF) vulnerability in ChurchThemes Church Content – Sermons, Events and More.This issue affects Church Content – Sermons, Events and More: from n/a through 2.6.
CVSS 4.3

-

-

Trending graph for this CVE
CVE-2024-32093Cross-Site Request Forgery (CSRF) vulnerability in Nose Graze Novelist.This issue affects Novelist: from n/a through 1.2.2.
CVSS 5.4Nosegraze

-

-

Trending graph for this CVE
CVE-2024-32092Cross-Site Request Forgery (CSRF) vulnerability in Michael Bester Kimili Flash Embed.This issue affects Kimili Flash Embed: from n/a through 2.5.3.
CVSS 5.4Kimili

-

-

Trending graph for this CVE
CVE-2024-32091Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo Sangar Slider.This issue affects Sangar Slider: from n/a through 1.3.2.
CVSS 6.5

-

-

Trending graph for this CVE
CVE-2024-32090Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.
CVSS 4.3Church admin project

-

-

Trending graph for this CVE
CVE-2024-32089Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7.
CVSS 4.3Supsystic

-

-

Trending graph for this CVE
CVE-2024-32088Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.15.20.
CVSS 4.3Seedprod

-

-

Trending graph for this CVE
CVE-2024-32085Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1.
CVSS 5.4Wordpress

-

-

Trending graph for this CVE
CVE-2024-32084Cross-Site Request Forgery (CSRF) vulnerability in Gold Plugins Before And After.This issue affects Before And After: from n/a through 3.9.
CVSS 4.3Goldplugins

-

-

Trending graph for this CVE
CVE-2024-32082Cross-Site Request Forgery (CSRF) vulnerability in kp4coder Sync Post With Other Site allows Cross-Site Scripting (XSS).This issue affects Sync Post With Other Site: from n/a through 1.5.1.
CVSS 7.1

-

-

Trending graph for this CVE
CVE-2024-31998Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 8.8Combodo

-

Patched

Trending graph for this CVE
CVE-2024-31988When the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user to either visit a crafted URL or to view an image with this URL that could be in a comment, the attacker can get the admin to execute arbitrary XWiki syntax including scripting macros with Groovy or Python code. This compromises the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an XWiki installation, as an admin, click on <xwiki-host>/xwiki/bin/get/RTFrontend/ConvertHTML?wiki=xwiki&space=Main&page=WebHome&text=%7B%7Bvelocity%7D%7D%24logtool.error%28%22Hello%20from%20Velocity%20%21%22%29%7B%7B%2Fvelocity%7D%7D. If the error "Hello from Velocity!" gets logged then the installation is vulnerable.
CVSS 9.6Xwiki

-

Patched

Trending graph for this CVE
CVE-2024-31986By creating a document with a special crafted documented reference and an XWiki.SchedulerJobClass XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. To reproduce on an XWiki installation, click on this link to create a new document : <xwiki-host>/xwiki/bin/view/%22%3E%5D%5D%7B%7B%2Fhtml%7D%7D%7B%7Basync%20context%3D%22request/parameters%22%7D%7D%7B%7Bvelocity%7D%7D%23evaluate%28%24request/eval%29/. Then, add to this document an object of type XWiki.SchedulerJobClass. Finally, as an admin, go to <xwiki-host>/xwiki/bin/view/Scheduler/?eval=$services.logging.getLogger(%22attacker%22).error(%22Hello%20from%20URL%20Parameter!%20I%20got%20programming:%20$services.security.authorization.hasAccess(%27programming%27)%22). If the logs contain ERROR attacker - Hello from URL Parameter! I got programming: true, the installation is vulnerable.
CVSS 9Xwiki

-

Patched

Trending graph for this CVE
CVE-2024-31985It is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in any content as an image. To reproduce in an XWiki installation, open <xwiki-host>:/xwiki/bin/view/Scheduler/?do=trigger&which=Scheduler.NotificationEmailDailySender as a user with admin rights. If there is no error message that indicates the CSRF token is invalid, the installation is vulnerable.
CVSS 5.4Xwiki

-

Patched

Trending graph for this CVE
CVE-2024-31944Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping – Live Rates and Access Points.This issue affects WooCommerce UPS Shipping – Live Rates and Access Points: from n/a through 2.2.4.
CVSS 4.3Woocommerce

-

-

Trending graph for this CVE
CVE-2024-31943Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2.
CVSS 4.3Usps

-

-

Trending graph for this CVE
CVE-2024-31942Cross-Site Request Forgery (CSRF) vulnerability in Typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.2.
CVSS 4.3Typps

-

-

Trending graph for this CVE
CVE-2024-31941Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Media Player.This issue affects CP Media Player: from n/a through 1.1.3.
CVSS 5.4Codepeople

-

-

Trending graph for this CVE
CVE-2024-31940Cross-Site Request Forgery (CSRF) vulnerability in RedNao Extra Product Options Builder for WooCommerce.This issue affects Extra Product Options Builder for WooCommerce: from n/a through 1.2.104.
CVSS 4.3Rednao

-

-

Trending graph for this CVE
CVE-2024-31939Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3.
CVSS 4.3Wordpress, et al

-

-

Trending graph for this CVE
CVE-2024-31938Cross-Site Request Forgery (CSRF) vulnerability in Themeinwp NewsXpress.This issue affects NewsXpress: from n/a through 1.0.7.
CVSS 4.3

-

-

Trending graph for this CVE
CVE-2024-31936Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6.
CVSS 5.4Ayecode

-

-

Trending graph for this CVE
CVE-2024-31935Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6.
CVSS 4.3Nickmomrik, et al

-

-

Trending graph for this CVE
CVE-2024-31934Cross-Site Request Forgery (CSRF) vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.9.
CVSS 4.3

-

-

Trending graph for this CVE
CVE-2024-31933Cross-Site Request Forgery (CSRF) vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.35.
CVSS 5.4Livecomposer

-

-

Trending graph for this CVE
CVE-2024-31932Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28.
CVSS 5.4Creativethemes

-

-

Trending graph for this CVE
CVE-2024-31924Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Image Optimizer.This issue affects EWWW Image Optimizer: from n/a through 7.2.3.
CVSS 4.3Ewww

-

-

Trending graph for this CVE
CVE-2024-31923Cross-Site Request Forgery (CSRF) vulnerability in PluginOps Feather Login Page.This issue affects Feather Login Page: from n/a through 1.1.5.
CVSS 4.3Pluginops, et al

-

-

Trending graph for this CVE
CVE-2024-31922Cross-Site Request Forgery (CSRF) vulnerability in Anton Aleksandrov WordPress Hosting Benchmark tool.This issue affects WordPress Hosting Benchmark tool: from n/a through 1.3.6.
CVSS 4.3Wordpress

-

-

Trending graph for this CVE
CVE-2024-31921Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Ultimate Product Catalogue.This issue affects Ultimate Product Catalogue: from n/a through 5.2.15.
CVSS 4.3Etoilewebdesign

-

-

Trending graph for this CVE
CVE-2024-31920Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Currency per Product for WooCommerce.This issue affects Currency per Product for WooCommerce: from n/a through 1.6.0.
CVSS 4.3Tychesoftwares

-

-

Trending graph for this CVE
CVE-2024-31902IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234.
CVSS 8.8Ibm

-

Patched

Trending graph for this CVE
CVE-2024-3163The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack
CVSS 4.3Realestateconnected, et al

Exploit

-

Trending graph for this CVE
CVE-2024-31613BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code."
CVSS 5.4Bosscms

-

-

Trending graph for this CVE
CVE-2024-31612Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator information.
CVSS 6.5Emlog

Exploit

-

Trending graph for this CVE
CVE-2024-3151A vulnerability, which was classified as problematic, was found in Bdtask Multi-Store Inventory Management System up to 20240325. Affected is an unknown function of the file /stockmovment/stockmovment/delete/ of the component Stock Movement Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258924. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3Bdtask

-

-

Trending graph for this CVE
CVE-2024-31503Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.
CVSS 7.5Dolibarr

-

Patched

Trending graph for this CVE
CVE-2024-3147A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/makehtml_map.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258922 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3Dedecms

-

-

Trending graph for this CVE
CVE-2024-3146A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/makehtml_rss_action.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258921 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3Dedecms

-

-

Trending graph for this CVE
CVE-2024-3145A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/makehtml_js_action.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258920. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3Dedecms

-

-

Trending graph for this CVE
CVE-2024-3144A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/makehtml_spec.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3Dedecms

-

-

Trending graph for this CVE
CVE-2024-31434Cross-Site Request Forgery (CSRF) vulnerability in Stefano Lissa & The Newsletter Team Newsletter.This issue affects Newsletter: from n/a through 8.0.6.
CVSS 5.4

-

-

Trending graph for this CVE
CVE-2024-31433Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar.This issue affects The Events Calendar: from n/a through 6.3.0.
CVSS 4.3Theeventscalendar

-

-

Trending graph for this CVE
CVE-2024-31431Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Product Input Fields for WooCommerce.This issue affects Product Input Fields for WooCommerce: from n/a through 1.7.0.
CVSS 4.3Tychesoftwares

-

-

Trending graph for this CVE
CVE-2024-31430Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.1; BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.1.
CVSS 4.3Joybike, et al

-

-

Trending graph for this CVE
CVE-2024-3143A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/member_rank.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258918 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3Dedecms

-

-

Trending graph for this CVE
CVE-2024-31429Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Sarada Lite.This issue affects Sarada Lite: from n/a through 1.1.2.
CVSS 4.3

-

-

Trending graph for this CVE
CVE-2024-31428Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme The Conference.This issue affects The Conference: from n/a through 1.2.0.
CVSS 4.3

-

-

Trending graph for this CVE
CVE-2024-31427Cross-Site Request Forgery (CSRF) vulnerability in Marker.Io Marker.Io.This issue affects Marker.Io : from n/a through 1.1.8.
CVSS 4.3

-

-

Trending graph for this CVE