Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22328 | 2025-01-07 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Elevio Elevio allows Stored XSS.This issue affects Elevio: from n/a through 4.4.1. | ||||
| CVE-2025-22325 | 2025-01-07 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Nik Chankov Autocompleter allows Stored XSS.This issue affects Autocompleter: from n/a through 1.3.5.2. | ||||
| CVE-2024-1906 | 1 Frenify | 1 Categorify | 2025-01-07 | 4.3 Medium |
| The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-1907 | 1 Frenify | 1 Categorify | 2025-01-07 | 4.3 Medium |
| The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-1909 | 1 Frenify | 1 Categorify | 2025-01-07 | 4.3 Medium |
| The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-1910 | 1 Frenify | 1 Categorify | 2025-01-07 | 4.3 Medium |
| The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-49294 | 2025-01-07 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Cross Site Request Forgery.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through 5.4.3. | ||||
| CVE-2024-1912 | 1 Frenify | 1 Categorify | 2025-01-07 | 4.3 Medium |
| The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update the folder position of categories as well as update the metadata of other taxonomies via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-22297 | 2025-01-07 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in AIpost AI WP Writer allows Cross Site Request Forgery.This issue affects AI WP Writer: from n/a through 3.8.4.4. | ||||
| CVE-2024-55076 | 2025-01-06 | 8.1 High | ||
| Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password. | ||||
| CVE-2023-31200 | 1 Ptc | 1 Vuforia Studio | 2025-01-06 | 5.7 Medium |
| PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. | ||||
| CVE-2023-38130 | 1 Cubecart | 1 Cubecart | 2025-01-06 | 8.1 High |
| Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. | ||||
| CVE-2024-12279 | 2025-01-06 | 6.1 Medium | ||
| The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-12545 | 2025-01-06 | 5.4 Medium | ||
| The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.1. This is due to missing nonce validation on the reset_installation() function. This makes it possible for unauthenticated attackers to reset the plugin’s installation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-9665 | 1 Zimbra | 1 Zimbra | 2025-01-03 | 6.5 Medium |
| Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerability in that the target must open a malicious email message. The specific flaw exists within the implementation of the graphql endpoint. The issue results from the lack of proper protections against cross-site request forgery (CSRF) attacks. An attacker can leverage this vulnerability to disclose information in the context of the target email account. Was ZDI-CAN-23939. | ||||
| CVE-2024-37450 | 2025-01-03 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Benevolent allows Cross Site Request Forgery.This issue affects Benevolent: from n/a through 1.3.4. | ||||
| CVE-2024-37451 | 2025-01-03 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Travel Agency allows Cross Site Request Forgery.This issue affects Travel Agency: from n/a through 1.4.9. | ||||
| CVE-2024-37458 | 2025-01-03 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ExtendThemes Highlight allows Cross Site Request Forgery.This issue affects Highlight: from n/a through 1.0.29. | ||||
| CVE-2024-37467 | 2025-01-03 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeIsle Hestia allows Cross Site Request Forgery.This issue affects Hestia: from n/a through 3.1.2. | ||||
| CVE-2024-38765 | 2025-01-03 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Freelancelot Oceanic allows Cross Site Request Forgery.This issue affects Oceanic: from n/a through 1.0.48. | ||||