Total
7071 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49275 | 1 Northernbeacheswebsites | 1 Ideapush | 2024-10-22 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson IdeaPush allows Cross Site Request Forgery.This issue affects IdeaPush: from n/a through 8.69. | ||||
| CVE-2024-49290 | 1 Boxystudio | 1 Cooked | 2024-10-22 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0. | ||||
| CVE-2024-49306 | 1 Wp-buy | 1 Wp Content Copy Protection \& No Right Click | 2024-10-22 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WP-buy WP Content Copy Protection & No Right Click allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through 3.5.9. | ||||
| CVE-2024-49627 | 1 Noorsplugin | 1 Wordpress Image Seo | 2024-10-22 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Noor Alam WordPress Image SEO allows Cross Site Request Forgery.This issue affects WordPress Image SEO: from n/a through 1.1.4. | ||||
| CVE-2024-49628 | 1 Whiletrue | 1 Most And Least Read Posts Widget | 2024-10-22 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WhileTrue Most And Least Read Posts Widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.18. | ||||
| CVE-2024-49615 | 1 Henriquerodrigues | 1 Safetyforms | 2024-10-22 | 8.2 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Henrique Rodrigues SafetyForms allows Blind SQL Injection.This issue affects SafetyForms: from n/a through 1.0.0. | ||||
| CVE-2024-48758 | 1 Dingfanzu | 1 Cms | 2024-10-18 | 6.1 Medium |
| dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code | ||||
| CVE-2024-49313 | 2024-10-18 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in RudeStan VKontakte Wall Post allows Stored XSS.This issue affects VKontakte Wall Post: from n/a through 2.0. | ||||
| CVE-2024-48047 | 2024-10-18 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Razon Komar Pal Linked Variation for WooCommerce allows Cross Site Request Forgery.This issue affects Linked Variation for WooCommerce: from n/a through 1.0.5. | ||||
| CVE-2024-48031 | 2024-10-18 | 6.5 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Sumit Surai Featured Posts with Multiple Custom Groups (FPMCG) allows Cross Site Request Forgery.This issue affects Featured Posts with Multiple Custom Groups (FPMCG): from n/a through 4.0. | ||||
| CVE-2024-48048 | 2024-10-18 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WSIFY – Sales can fly Wsify Widget allows Stored XSS.This issue affects Wsify Widget: from n/a through 1.0. | ||||
| CVE-2024-48038 | 2024-10-18 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Hans Matzen wp-Monalisa allows Cross Site Request Forgery.This issue affects wp-Monalisa: from n/a through 6.4. | ||||
| CVE-2024-48037 | 2024-10-18 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.4.2. | ||||
| CVE-2024-49304 | 2024-10-18 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.1. | ||||
| CVE-2024-8507 | 1 Filemanagerpro | 1 File Manager | 2024-10-17 | 8.8 High |
| The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mk_file_folder_manager' ajax action. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-47828 | 1 Ampache | 1 Ampache | 2024-10-17 | 5.3 Medium |
| ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. This vulnerability can be exploited by creating a malicious script with an arbitrary playlist ID belonging to another user. When the user submits the request, their playlist will be deleted. Any User with active sessions who are tricked into submitting a malicious request are impacted, as their playlists or other objects could be deleted without their consent. | ||||
| CVE-2020-36836 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2024-10-16 | 8.8 High |
| The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server. | ||||
| CVE-2024-47846 | 2 Mediawiki, Wikimedia | 2 Cargo, Mediawiki-cargo | 2024-10-16 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | ||||
| CVE-2024-48278 | 1 Phpgurukul | 1 User Registration And Login And User Management System | 2024-10-16 | 5.5 Medium |
| Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php. | ||||
| CVE-2024-41344 | 1 Codeigniter | 1 Codeigniter | 2024-10-16 | 7.5 High |
| A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges. | ||||