CWE-352— Cross-Site Request Forgery (CSRF)

CVE-2024-32794MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10.

CVE-2024-32795MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10.

CVE-2024-32806MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io – Easy Meeting Scheduler.This issue affects WPCal.Io – Easy Meeting Scheduler: from n/a through 0.9.5.8.

CVE-2024-32863MEDIUMCVSS 6.8EG 6.8

Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule Headline Analyzer.This issue affects Headline Analyzer: from n/a through 1.3.3.

2024-08-01

Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF)

CVE-2024-32947MEDIUMCVSS 4.3EG 4.3

CVE-2024-32958HIGHCVSS 7.1EG 7.1

Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Services LLC WP ADA Compliance Check Basic.This issue affects WP ADA Compliance Check Basic: from n/a through 3.1.3.

CVE-2024-33449CRITICALCVSS 9.8EG 9.8

Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannidis Slash Admin allows Cross-Site Scripting (XSS).This issue affects Slash Admin: from n/a through 3.8.1.

CVE-2024-33632MEDIUMCVSS 5.4EG 5.4

An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information and execute arbitrary code via a POST request in the url parameter

CVE-2024-33638MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.

CVE-2024-33646HIGHCVSS 7.1EG 7.1

Cross-Site Request Forgery (CSRF) vulnerability in Brijesh Kothari Smart Maintenance Mode.This issue affects Smart Maintenance Mode: from n/a through 1.4.4.

CVE-2024-33650MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Sticky Anything allows Cross-Site Scripting (XSS).This issue affects Sticky Anything: from n/a through 2.1.5.

CVE-2024-33651MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Cryout Creations Serious Slider.This issue affects Serious Slider: from n/a through 1.2.4.

CVE-2024-33677MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through 1.2.1.

CVE-2024-33678MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70.

CVE-2024-33679MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in eranfl ClickCease Click Fraud Protection clickcease-click-fraud-protection.This issue affects ClickCease Click Fraud Protection: from n/a through <= 3.2.7.

CVE-2024-33680MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer.This issue affects FameTheme Demo Importer: from n/a through 1.1.5.

CVE-2024-33681HIGHCVSS 7.1EG 7.1

Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1.

CVE-2024-33682MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Regenerate post permalink allows Cross-Site Scripting (XSS).This issue affects Regenerate post permalink: from n/a through 1.0.3.

CVE-2024-33683MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through 2.0.23.

CVE-2024-33688MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Dashboard Notifications.This issue affects Hide Dashboard Notifications: from n/a through 1.2.3.

CVE-2024-33689MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31.

CVE-2024-33690MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli Radio Station radio-station.This issue affects Radio Station: from n/a through <= 2.5.7.

CVE-2024-33691MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio.This issue affects Financio: from n/a through 1.1.3.

CVE-2024-33829MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup Builder Team OptinMonster.This issue affects OptinMonster: from n/a through 2.15.3.

CVE-2024-33830HIGHCVSS 8.1EG 8.1

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.

CVE-2024-33913CRITICALCVSS 9.6EG 9.6

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache.

CVE-2024-34001HIGHCVSS 8.4EG 8.4

Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload in Xserver Migrator.This issue affects Xserver Migrator: from n/a through 1.6.1.

2024-05-31

Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk.

CVE-2024-34007HIGHCVSS 8.8EG 8.8

2024-05-31

The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF.

CVE-2024-34008HIGHCVSS 8.8EG 8.8

2024-05-31

Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk.

CVE-2024-3405HIGHCVSS 7.6EG 7.6

2024-05-15

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVE-2024-3406HIGHCVSS 8.8EG 8.8

2024-05-15

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVE-2024-34069HIGHCVSS 7.5EG 7.5

CVE-2024-3407MEDIUMCVSS 5.3EG 5.3

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the develope…

2024-05-15

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

CVE-2024-34367HIGHCVSS 7.1EG 7.1

CVE-2024-34379MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popup box allows Cross-Site Scripting (XSS).This issue affects Popup box: from n/a through 4.1.2.

CVE-2024-34427MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Restaurant and Cafe.This issue affects Restaurant and Cafe: from n/a through 1.2.1.

2024-05-14

Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Favorite Posts.This issue affects WP Favorite Posts: from n/a through 1.6.8.

CVE-2024-34439MEDIUMCVSS 4.3EG 4.3

2024-05-14

Cross-Site Request Forgery (CSRF) vulnerability in divSpot DS Site Message.This issue affects DS Site Message: from n/a through 1.14.4.

CVE-2024-34502CRITICALCVSS 9.8EG 9.8

2024-05-05

An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was…

CVE-2024-34557MEDIUMCVSS 4.3EG 4.3

2024-05-14

Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with In…

CVE-2024-3471LOWCVSS 3.4EG 3.4

CVE-2024-3472MEDIUMCVSS 5.9EG 5.9

The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack

CVE-2024-3474HIGHCVSS 8.8EG 8.8

The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack

CVE-2024-3475HIGHCVSS 7.5EG 7.5

The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks

CVE-2024-34755MEDIUMCVSS 4.3EG 4.3

The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks

2024-05-17

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through 1.3.9.

CVE-2024-34756MEDIUMCVSS 4.3EG 4.3

2024-05-17

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 HubSpot.This issue affects Integration for Contact Form 7 HubSpot: from n/a through 1.3.1.

CVE-2024-3476HIGHCVSS 8.8EG 8.8

CVE-2024-3477MEDIUMCVSS 4.3EG 4.3

The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks

CVE-2024-3478MEDIUMCVSS 6.1EG 6.1

The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks