Export limit exceeded: 343052 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9688 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3076 | 1 Mmilan81 | 1 Mm-email2image | 2025-06-10 | 3.8 Low |
| The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2023-47655 | 1 Wpgov | 1 Anac Xml Bandi Di Gara | 2025-06-10 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi ANAC XML Bandi di Gara.This issue affects ANAC XML Bandi di Gara: from n/a through 7.5. | ||||
| CVE-2023-32514 | 1 Himanshuparashar | 1 Google Site Verification Plugin Using Meta Tag | 2025-06-10 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2. | ||||
| CVE-2023-27633 | 1 Pixelgrade | 1 Customify | 2025-06-10 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin <= 2.10.4 versions. | ||||
| CVE-2023-27453 | 1 Lws | 1 Lws Tools | 2025-06-10 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.3.1 versions. | ||||
| CVE-2023-5383 | 1 Funnelforms | 1 Funnelforms | 2025-06-10 | 4.3 Medium |
| The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_copy_posts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-2416 | 1 Vcita | 1 Online Booking \& Scheduling Calendar | 2025-06-10 | 5.4 Medium |
| The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link. | ||||
| CVE-2024-5081 | 2 Tipsandtricks-hq, Wp Emember | 2 Wp Emember, Wp Emember | 2025-06-09 | 6.1 Medium |
| The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-6496 | 1 Dmytropopov | 1 Light Poll | 2025-06-09 | 6.5 Medium |
| The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks when deleting polls, which could allow attackers to make logged in users perform such action via a CSRF attack | ||||
| CVE-2024-22818 | 1 Flycms Project | 1 Flycms | 2025-06-09 | 8.8 High |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save | ||||
| CVE-2024-30526 | 1 Easysocialfeed | 1 Easy Social Feed | 2025-06-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Easy Social Feed.This issue affects Easy Social Feed: from n/a through 6.5.6. | ||||
| CVE-2024-12750 | 1 Raiserweb | 1 Competition Form | 2025-06-09 | 4.3 Medium |
| The Competition Form WordPress plugin through 2.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-11373 | 1 Floriansimunek | 1 Connexion Logs | 2025-06-09 | 4.3 Medium |
| The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-11719 | 1 Couleurcitron | 1 Tarteaucitron-wp | 2025-06-09 | 6.1 Medium |
| The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-12301 | 1 Joomlaserviceprovider | 1 Jsp Store Locator | 2025-06-09 | 6.5 Medium |
| The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. | ||||
| CVE-2024-12282 | 1 Smyx | 1 Wp-connect | 2025-06-09 | 6.1 Medium |
| The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2023-6520 | 1 Melapress | 1 Wp 2fa | 2025-06-09 | 4.3 Medium |
| The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the send_backup_codes_email function. This makes it possible for unauthenticated attackers to send emails with arbitrary content to registered users via a forged request granted they can trick a site administrator or other registered user into performing an action such as clicking on a link. While a nonce check is present, it is only executed if a nonce is set. By omitting a nonce from the request, the check can be bypassed. | ||||
| CVE-2024-10634 | 1 Nokautpl | 1 Nokaut Offers Box | 2025-06-09 | 4.3 Medium |
| The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack | ||||
| CVE-2023-52122 | 1 Presstigers | 1 Simple Job Board | 2025-06-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6. | ||||
| CVE-2021-22876 | 9 Broadcom, Debian, Fedoraproject and 6 more | 15 Fabric Operating System, Debian Linux, Fedora and 12 more | 2025-06-09 | 5.3 Medium |
| curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. | ||||