Total
8611 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31963 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2026-01-08 | 2.9 Low |
| Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests. | ||||
| CVE-2024-37937 | 2 Rarathemes, Wordpress | 2 Rara Business, Wordpress | 2026-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Rara Business allows Cross Site Request Forgery.This issue affects Rara Business: from n/a through 1.2.5. | ||||
| CVE-2024-37508 | 1 Rarathemes | 1 Construction Landing Page | 2026-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Construction Landing Page allows Cross Site Request Forgery.This issue affects Construction Landing Page: from n/a through 1.3.5. | ||||
| CVE-2024-37503 | 2 Rarathemes, Wordpress | 2 Lawyer Landing Page, Wordpress | 2026-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Lawyer Landing Page allows Cross Site Request Forgery.This issue affects Lawyer Landing Page: from n/a through 1.2.4. | ||||
| CVE-2024-37451 | 2 Rarathemes, Wordpress | 2 Travel Agency, Wordpress | 2026-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Travel Agency allows Cross Site Request Forgery.This issue affects Travel Agency: from n/a through 1.4.9. | ||||
| CVE-2024-37450 | 2 Rarathemes, Wordpress | 2 Benevolent, Wordpress | 2026-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Benevolent allows Cross Site Request Forgery.This issue affects Benevolent: from n/a through 1.3.4. | ||||
| CVE-2024-37435 | 1 Rarathemes | 1 Perfect Portfolio | 2026-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Perfect Portfolio allows Cross Site Request Forgery.This issue affects Perfect Portfolio: from n/a through 1.2.0. | ||||
| CVE-2024-31205 | 1 Saleor | 1 Saleor | 2026-01-07 | 4.2 Medium |
| Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty string. When a user provides an empty string in `refreshToken` mutation, while the token persists in `JWT_REFRESH_TOKEN_COOKIE_NAME` cookie, application omits validation against CSRF token and returns valid access token. Versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19 contain a patch for the issue. As a workaround, one may replace `saleor.graphql.account.mutations.authentication.refresh_token.py.get_refresh_token`. This will fix the issue, but be aware, that it returns `JWT_MISSING_TOKEN` instead of `JWT_INVALID_TOKEN`. | ||||
| CVE-2024-31371 | 2 Wordpress, Xylusthemes | 2 Wordpress, Wp Event Aggregator | 2026-01-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6. | ||||
| CVE-2024-33688 | 2 Extendthemes, Wordpress | 2 Teluro, Teluro Theme | 2026-01-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31. | ||||
| CVE-2022-47443 | 1 Danielpowney | 1 Multi Rating | 2026-01-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions. | ||||
| CVE-2024-31429 | 2 Blossomthemes, Wordpress | 2 Sarada, Wordpress | 2026-01-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Sarada Lite.This issue affects Sarada Lite: from n/a through 1.1.2. | ||||
| CVE-2024-37243 | 2 Blossomthemes, Wordpress | 2 Vandana, Wordpress | 2026-01-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Vandana Lite allows Cross Site Request Forgery.This issue affects Vandana Lite: from n/a through 1.1.9. | ||||
| CVE-2023-50931 | 1 Savignano | 1 S-notify | 2026-01-06 | 8.3 High |
| An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Bitbucket, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be. | ||||
| CVE-2023-50932 | 1 Savignano | 1 S-notify | 2026-01-06 | 8.3 High |
| An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Confluence, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be. | ||||
| CVE-2025-15405 | 1 Phpems | 1 Phpems | 2026-01-05 | 4.3 Medium |
| A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. | ||||
| CVE-2025-14163 | 2 Leap13, Wordpress | 2 Premium Addons For Elementor, Wordpress | 2026-01-05 | 4.3 Medium |
| The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insert_inner_template' function. This makes it possible for unauthenticated attackers to create arbitrary Elementor templates via a forged request granted they can trick a site administrator or other user with the edit_posts capability into performing an action such as clicking on a link. | ||||
| CVE-2024-6719 | 2 Webgarh, Wordpress | 2 Offload Videos, Wordpress | 2026-01-05 | 8.1 High |
| The Offload Videos WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow low privilege users to update them via a CSRF attack | ||||
| CVE-2025-62134 | 2 Awplife, Wordpress | 2 Contact Form Widget, Wordpress | 2026-01-05 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.5.1. | ||||
| CVE-2025-62120 | 2 Rickbeckman, Wordpress | 2 Openhook, Wordpress | 2026-01-05 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rick Beckman OpenHook allows Cross Site Request Forgery.This issue affects OpenHook: from n/a through 4.3.1. | ||||