Total
8298 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-51630 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Lars Schenk Responsive Flickr Gallery allows Stored XSS.This issue affects Responsive Flickr Gallery: from n/a through 1.3.1. | |||||
| CVE-2024-51647 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Chaser324 Featured Posts Scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through 1.25. | |||||
| CVE-2024-49340 | 1 Ibm | 1 Watson Studio Local | 2024-11-08 | N/A | 4.3 MEDIUM |
| IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2024-46872 | 1 Mattermost | 1 Mattermost Server | 2024-11-08 | N/A | 4.6 MEDIUM |
| Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks | |||||
| CVE-2024-10711 | 1 Ithemelandco | 1 Woocommerce Report | 2024-11-07 | N/A | 8.8 HIGH |
| The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-50466 | 1 Darkmysite | 1 Darkmysite | 2024-11-06 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite – Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite – Advanced Dark Mode Plugin for WordPress: from n/a through 1.2.8. | |||||
| CVE-2024-9990 | 1 Odude | 1 Crypto Tool | 2024-11-06 | N/A | 8.8 HIGH |
| The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'crypto_connect_ajax_process::check' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-49223 | 1 Shibulijack | 1 Cj Change Howdy | 2024-11-06 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Shibu Lijack a.K.A CyberJack CJ Change Howdy allows Stored XSS.This issue affects CJ Change Howdy: from n/a through 3.3.1. | |||||
| CVE-2024-49221 | 1 Julianweinert | 1 Cslider | 2024-11-06 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m cSlider allows Stored XSS.This issue affects cSlider: from n/a through 2.4.2. | |||||
| CVE-2024-49220 | 1 Cookie-scanner | 1 Cookie Scanner | 2024-11-06 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Cookie Scanner – Nikel Schubert Cookie Scanner allows Stored XSS.This issue affects Cookie Scanner: from n/a through 1.1. | |||||
| CVE-2024-49229 | 1 Arifnezami | 1 Better Author Bio | 2024-11-06 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Arif Nezami Better Author Bio allows Cross-Site Scripting (XSS).This issue affects Better Author Bio: from n/a through 2.7.10.11. | |||||
| CVE-2024-49237 | 1 Ahmetimamoglu | 1 Ahmeti Wp Timeline | 2024-11-06 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Ahmet Imamoglu Ahmeti Wp Timeline allows Stored XSS.This issue affects Ahmeti Wp Timeline: from n/a through 5.1. | |||||
| CVE-2024-31998 | 1 Combodo | 1 Itop | 2024-11-06 | N/A | 8.8 HIGH |
| Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-45504 | 2024-11-04 | N/A | 6.5 MEDIUM | ||
| Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in. | |||||
| CVE-2024-6959 | 1 Lollms | 1 Lollms Web Ui | 2024-11-03 | N/A | 7.1 HIGH |
| A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui inaccessible. This issue is exacerbated by the lack of Cross-Site Request Forgery (CSRF) protection, enabling remote exploitation. The vulnerability leads to service disruption, resource exhaustion, and extended downtime. | |||||
| CVE-2024-6673 | 1 Lollms | 1 Lollms Web Ui | 2024-11-01 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into installing ComfyUI. If the victim's device does not have sufficient capacity, this can result in a crash. | |||||
| CVE-2024-10040 | 1 Infinite-scroll | 1 Infinite-scroll | 2024-11-01 | N/A | 5.3 MEDIUM |
| The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_ajax_edit and process_ajax_delete function. This makes it possible for unauthenticated attackers to make changes to plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-6243 | 1 Myeventon | 1 Eventon-lite | 2024-11-01 | N/A | 4.3 MEDIUM |
| The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admin_test_email function. This makes it possible for unauthenticated attackers to send test emails to arbitrary email addresses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-9434 | 2024-11-01 | N/A | 6.1 MEDIUM | ||
| The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the on__translate_options_page() function. This makes it possible for unauthenticated attackers to inject malicious web scripts and update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-43933 | 2024-11-01 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WPMobile.App allows Stored XSS.This issue affects WPMobile.App: from n/a through 11.48. | |||||