Export limit exceeded: 343383 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9086 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39657 | 1 Sender | 1 Sender | 2024-09-18 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce: from n/a through 2.6.18. | ||||
| CVE-2024-43116 | 1 10up | 1 Simple Local Avatars | 2024-09-18 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10. | ||||
| CVE-2024-6017 | 1 Scriptonite | 1 Music Request Manager | 2024-09-13 | 6.1 Medium |
| The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-5203 | 2024-09-13 | 3.7 Low | ||
| After careful review of CVE-2024-5203, it has been determined that the issue is not exploitable in real-world scenarios. Moreover, the exploit assumes that the attacker has access to a session code parameter that matches a cookie on the Keycloak server. However the attacker does not have access to the cookie, and can therefore not craft a malicious request. | ||||
| CVE-2024-43325 | 1 Naiches | 1 Dark Mode For Wp Dashboard | 2024-09-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Naiche Dark Mode for WP Dashboard.This issue affects Dark Mode for WP Dashboard: from n/a through 1.2.3. | ||||
| CVE-2024-43316 | 1 Checkoutplugins | 1 Stripe Payments For Woocommerce | 2024-09-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1. | ||||
| CVE-2024-43295 | 1 Wpdataaccess | 1 Wp Data Access | 2024-09-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Passionate Programmers B.V. WP Data Access.This issue affects WP Data Access: from n/a through 5.5.7. | ||||
| CVE-2024-43287 | 1 Sendinblue | 1 Newsletter\, Smtp\, Email Marketing And Subscribe | 2024-09-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.82. | ||||
| CVE-2024-43269 | 1 Wpbackitup | 1 Backup And Restore Wordpress | 2024-09-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WPBackItUp Backup and Restore WordPress.This issue affects Backup and Restore WordPress: from n/a through 1.50. | ||||
| CVE-2024-43265 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2024-09-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.3.1. | ||||
| CVE-2024-6852 | 2 Ngothang, Thangnv27 | 2 Wp Multitasking, Wp Multitasking | 2024-09-11 | 6.5 Medium |
| The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-6853 | 2 Ngothang, Thangnv27 | 2 Wp Multitasking, Wp Multitasking | 2024-09-11 | 6.5 Medium |
| The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack | ||||
| CVE-2024-6855 | 2 Ngothang, Thangnv27 | 2 Wp Multitasking, Wp Multitasking | 2024-09-11 | 6.5 Medium |
| The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack | ||||
| CVE-2024-6856 | 2 Ngothang, Thangnv27 | 2 Wp Multitasking, Wp Multitasking | 2024-09-11 | 6.5 Medium |
| The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-6925 | 1 Themetechmount | 2 Truebooker, Truebooker-appointment-booking | 2024-09-11 | 4.3 Medium |
| The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | ||||
| CVE-2024-8414 | 2 Munyweki, Sourcecodester | 2 Insurance Management System, Insurance Management System | 2024-09-06 | 4.3 Medium |
| A vulnerability has been found in SourceCodester Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-42792 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-09-05 | 3.5 Low |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page. | ||||
| CVE-2024-42793 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-08-30 | 5.4 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page. | ||||
| CVE-2024-45264 | 2 Skyss, Skysystem | 2 Arfa-cms, Arfa Cms | 2024-08-30 | 8 High |
| A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges. | ||||
| CVE-2024-43337 | 1 Getbrave | 1 Brave | 2024-08-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.7.0. | ||||