| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery. This issue affects Spare: from n/a through 1.7. |
| A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery (CSRF) due to overly permissive CORS headers. This issue affects the latest commit on the main branch (21161fe). The vulnerability permits an attacker to access all backend endpoints, including the `api/file` endpoint, enabling the reading of arbitrary files on the target's local file system through CSRF. |
| The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation on the amin_chat_button_settings_page() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.This issue affects Accessibility: from n/a through 1.0.6.
|
| Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9.
|
| Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Automator.This issue affects Thrive Automator: from n/a through 1.17.
|
| Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6.
|
| Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.4.2.
|
| Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery (CSRF) as the form available under "/edytor/index.php?id=7,7,0" lacks protection mechanisms.
A user could be tricked into visiting a malicious website, which would send POST request to this endpoint. If the victim is a logged in administrator, this could lead to creation of new accounts and granting of administrative permissions. |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0.
|
| The Skt NURCaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing or incorrect nonce validation in the skt-nurc-admin.php file. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| Cross-Site Request Forgery (CSRF) vulnerability in MagniGenie RestroPress.This issue affects RestroPress: from n/a through 3.1.2.
|
| Cross-Site Request Forgery (CSRF) vulnerability in Tickera.com Tickera allows Cross Site Request Forgery.This issue affects Tickera: from n/a through 3.5.1.0. |
| The Estatebud – Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Sticky Anything allows Cross-Site Scripting (XSS).This issue affects Sticky Anything: from n/a through 2.1.5.
|
| Cross-Site Request Forgery (CSRF) vulnerability in Marsian i-amaze allows Cross Site Request Forgery.This issue affects i-amaze: from n/a through 1.3.7. |
| Cross-Site Request Forgery (CSRF) vulnerability in Scott Kingsley Clark Crony Cronjob Manager.This issue affects Crony Cronjob Manager: from n/a through 0.5.0.
|
| Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automatic.This issue affects Automatic: from n/a before 3.93.0.
|
| Cross-Site Request Forgery (CSRF) vulnerability in Adam Bowen Tax Rate Upload allows Reflected XSS.This issue affects Tax Rate Upload: from n/a through 2.4.5.
|
| Cross-Site Request Forgery (CSRF) vulnerability in BMI Adult & Kid Calculator allows Stored XSS.This issue affects BMI Adult & Kid Calculator: from n/a through 1.2.1.
|
