Total
7781 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20195 | 2025-05-08 | 4.3 Medium | ||
| A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to clear the syslog, parser, and licensing logs on the affected device if the targeted user has privileges to clear those logs. | ||||
| CVE-2022-2762 | 1 Adminpad Project | 1 Adminpad | 2025-05-08 | 6.5 Medium |
| The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack | ||||
| CVE-2023-49840 | 1 Palscode | 1 Multi Currency For Woocommerce | 2025-05-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Palscode Multi Currency For WooCommerce.This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5. | ||||
| CVE-2023-48755 | 1 Teachpress Project | 1 Teachpress | 2025-05-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4. | ||||
| CVE-2023-48769 | 1 Bluecoral | 1 Chat Bubble | 2025-05-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Blue Coral Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back.This issue affects Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back: from n/a through 2.3. | ||||
| CVE-2024-12774 | 1 Pulseextensions | 1 Altra Side Menu | 2025-05-07 | 6.5 Medium |
| The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack | ||||
| CVE-2024-13057 | 1 Phycticio | 1 Dyn Business Panel | 2025-05-07 | 7.1 High |
| The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2025-23044 | 1 Pwndoc Project | 1 Pwndoc | 2025-05-07 | 6.8 Medium |
| PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit 14acb704891245bf1703ce6296d62112e85aa995 patches the issue. | ||||
| CVE-2024-13115 | 1 Phptechie | 1 Wp Projects Portfolio With Client Testimonials | 2025-05-07 | 6.1 Medium |
| The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-3059 | 1 Enl Newsletter Plugin Project | 1 Enl-newsletter | 2025-05-07 | 5.7 Medium |
| The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack | ||||
| CVE-2024-3058 | 1 Enl Newsletter Plugin Project | 1 Enl-newsletter | 2025-05-07 | 5.4 Medium |
| The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-1756 | 1 Vanquish | 1 Woocommerce Customers Manager | 2025-05-07 | 6.5 Medium |
| The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name | ||||
| CVE-2024-11142 | 1 Proticaret | 1 Proticaret | 2025-05-07 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.This issue affects Proticaret E-Commerce: before v6.0 NOTE: According to the vendor, fixing process is still ongoing for v4.05. | ||||
| CVE-2024-24708 | 1 W3speedster | 1 W3speedster | 2025-05-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.19. | ||||
| CVE-2024-20281 | 1 Cisco | 4 Nexus Dashboard, Nexus Dashboard Fabric Controller, Nexus Dashboard Insights and 1 more | 2025-05-07 | 7.5 High |
| A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts. Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability. | ||||
| CVE-2025-0669 | 2025-05-07 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows Cross Site Request Forgery.This issue affects BOINC Server: before 1.4.3. | ||||
| CVE-2025-4327 | 2025-05-07 | 4.3 Medium | ||
| A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected. | ||||
| CVE-2025-4337 | 2025-05-07 | 4.3 Medium | ||
| The AHAthat Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the aha_plugin_page() function. This makes it possible for unauthenticated attackers to delete AHA pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2015-9307 | 1 Weplugins | 1 Wp Maps | 2025-05-07 | 8.8 High |
| The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature. | ||||
| CVE-2015-9308 | 1 Weplugins | 1 Wp Maps | 2025-05-07 | 8.8 High |
| The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature. | ||||