Total
8113 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39353 | 1 Easyregistrationforms | 1 Easy Registration Forms | 2025-02-14 | 8.8 High |
| The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1. | ||||
| CVE-2023-1330 | 1 Inisev | 1 Redirection | 2025-02-14 | 6.5 Medium |
| The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack. | ||||
| CVE-2023-0820 | 1 Bestwebsoft | 1 User Role | 2025-02-14 | 8.8 High |
| The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role. | ||||
| CVE-2021-43353 | 1 Crisp | 1 Crisp | 2025-02-14 | 8.8 High |
| The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisp_plugin_settings_page function found in the ~/crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31. | ||||
| CVE-2024-27948 | 1 Bytesforall | 1 Atahualpa | 2025-02-14 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahualpa.This issue affects Atahualpa: from n/a through 3.7.24. | ||||
| CVE-2021-42358 | 1 Contact Form With Captcha Project | 1 Contact Form With Captcha | 2025-02-13 | 8.8 High |
| The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2. | ||||
| CVE-2021-42364 | 1 Stetic | 1 Stetic | 2025-02-13 | 8.8 High |
| The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6. | ||||
| CVE-2022-0215 | 1 Xootix | 3 Login\/signup Popup, Side Cart Woocommerce, Waitlist Woocommerce | 2025-02-13 | 8.8 High |
| The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it possible for attackers to update arbitrary options on a site that can be used to create an administrative user account and grant full privileged access to a compromised site. This affects versions <= 2.2 in Login/Signup Popup, versions <= 2.5.1 in Waitlist Woocommerce ( Back in stock notifier ), and versions <= 2.0 in Side Cart Woocommerce (Ajax). | ||||
| CVE-2024-5676 | 2025-02-13 | 6.8 Medium | ||
| The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method `GET` to introduce changes in the system. | ||||
| CVE-2024-2215 | 2025-02-13 | 6.1 Medium | ||
| A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions. | ||||
| CVE-2023-50778 | 1 Jenkins | 1 Paaslane Estimate | 2025-02-13 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token. | ||||
| CVE-2023-50775 | 1 Jenkins | 1 Deployment Dashboard | 2025-02-13 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs. | ||||
| CVE-2023-50774 | 1 Jenkins | 1 Html Resource | 2025-02-13 | 8.1 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system. | ||||
| CVE-2023-50766 | 1 Jenkins | 1 Nexus Platform | 2025-02-13 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. | ||||
| CVE-2023-49920 | 1 Apache | 1 Airflow | 2025-02-13 | 6.5 Medium |
| Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent. Users are advised to upgrade to version 2.8.0 or later which is not affected | ||||
| CVE-2023-49655 | 1 Jenkins | 1 Matlab | 2025-02-13 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system. | ||||
| CVE-2023-0480 | 1 Vitalpbx | 1 Vitalpbx | 2025-02-13 | 8.8 High |
| VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF. | ||||
| CVE-2023-4047 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Enterprise Linux and 4 more | 2025-02-13 | 8.8 High |
| A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | ||||
| CVE-2023-32344 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2025-02-13 | 4.3 Medium |
| IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898. | ||||
| CVE-2021-26296 | 2 Apache, Netapp | 2 Myfaces, Oncommand Insight | 2025-02-13 | 7.5 High |
| In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application. | ||||