Total
8113 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0433 | 1 Fabrick | 1 Gestpay For Woocommerce | 2025-02-10 | 4.3 Medium |
| The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_unset_default_card' function. This makes it possible for unauthenticated attackers to remove the default status of a card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-5097 | 1 Argie | 1 Simple Inventory System | 2025-02-10 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in SourceCodester Simple Inventory System 1.0. Affected is an unknown function of the file /tableedit.php#page=editprice. The manipulation of the argument itemnumber leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265080. | ||||
| CVE-2024-54355 | 1 Wpmailster | 1 Wp Mailster | 2025-02-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0. | ||||
| CVE-2021-4096 | 1 Radykal | 1 Fancy Product Designer | 2025-02-07 | 8.8 High |
| The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5. | ||||
| CVE-2022-0707 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | 4.3 Medium |
| The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack | ||||
| CVE-2024-24872 | 1 Themify | 1 Builder | 2025-02-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5. | ||||
| CVE-2023-30529 | 1 Jenkins | 1 Lucene-search | 2025-02-07 | 4.3 Medium |
| Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database. | ||||
| CVE-2024-1446 | 1 Nextscripts | 1 Social Networks Auto Poster | 2025-02-07 | 5.4 Medium |
| The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to delete arbitrary posts or pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-30525 | 1 Jenkins | 1 Report Portal | 2025-02-07 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication. | ||||
| CVE-2025-25074 | 2025-02-07 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP Social Stream allows Stored XSS. This issue affects WP Social Stream: from n/a through 1.1. | ||||
| CVE-2025-25071 | 2025-02-07 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in topplugins Vignette Ads allows Stored XSS. This issue affects Vignette Ads: from n/a through 0.2. | ||||
| CVE-2025-25075 | 2025-02-07 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Show notice or message on admin area allows Stored XSS. This issue affects Show notice or message on admin area: from n/a through 2.0. | ||||
| CVE-2025-25111 | 2025-02-07 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP Spell Check allows Cross Site Request Forgery. This issue affects WP Spell Check: from n/a through 9.21. | ||||
| CVE-2025-25103 | 2025-02-07 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Indeed API allows Cross Site Request Forgery. This issue affects Indeed API: from n/a through 0.5. | ||||
| CVE-2024-31113 | 1 Sandhillsdev | 1 Easy Digital Downloads | 2025-02-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. | ||||
| CVE-2024-31362 | 1 Metagauss | 1 Profilegrid | 2025-02-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | ||||
| CVE-2024-31301 | 1 Themeisle | 1 Multiple Page Generator | 2025-02-07 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. | ||||
| CVE-2024-31293 | 1 Sandhillsdev | 1 Easy Digital Downloads | 2025-02-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6. | ||||
| CVE-2023-3075 | 1 Corebos | 1 Corebos | 2025-02-06 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8. | ||||
| CVE-2018-17451 | 1 Gitlab | 1 Gitlab | 2025-02-06 | 8.8 High |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands. | ||||