CWE-352— Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising t…

Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin acc…

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacke…

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to…

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to…

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF…

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited …

The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

Cross-Site Request Forgery (CSRF) vulnerability in Lars Schenk Responsive Flickr Gallery responsive-flickr-gallery allows Stored XSS.This issue affects Responsive Flickr Gallery: from n/a through <= 1.3.1.

Cross-Site Request Forgery (CSRF) vulnerability in Md Eftakhairul Islam Sticky Social Bar sticky-social-bar allows Cross Site Request Forgery.This issue affects Sticky Social Bar: from n/a through <= 2.0.

Cross-Site Request Forgery (CSRF) vulnerability in Sam Hoe SH Slideshow sh-slideshow allows Stored XSS.This issue affects SH Slideshow: from n/a through <= 4.3.

Cross-Site Request Forgery (CSRF) vulnerability in ivycat Simple Page Specific Sidebars page-specific-sidebars allows Stored XSS.This issue affects Simple Page Specific Sidebars: from n/a through <= 2.14.1.

Cross-Site Request Forgery (CSRF) vulnerability in a.ankit Webriti Custom Login webriti-custom-login-page allows Reflected XSS.This issue affects Webriti Custom Login: from n/a through <= 0.3.

Cross-Site Request Forgery (CSRF) vulnerability in Garmur While Loading while-it-is-loading allows Stored XSS.This issue affects While Loading: from n/a through <= 3.0.

Cross-Site Request Forgery (CSRF) vulnerability in Z.com byGMO GMO Social Connection gmo-social-connection allows Cross-Site Scripting (XSS).This issue affects GMO Social Connection: from n/a through <= 1.2.

Cross-Site Request Forgery (CSRF) vulnerability in sroyalty Admin SMS Alert admin-sms-alert allows Stored XSS.This issue affects Admin SMS Alert: from n/a through <= 1.1.0.

Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Awesome Shortcodes For Genesis awesome-shortcodes-for-genesis allows Stored XSS.This issue affects Awesome Shortcodes For Genesis: from n/a through 1.1.8.

Cross-Site Request Forgery (CSRF) vulnerability in Hints Naver Blog naver-blog-api allows Stored XSS.This issue affects Naver Blog: from n/a through <= 1.0.

Cross-Site Request Forgery (CSRF) vulnerability in Matt Rude MDR Webmaster Tools mdr-webmaster-tools allows Stored XSS.This issue affects MDR Webmaster Tools: from n/a through <= 1.1.

Cross-Site Request Forgery (CSRF) vulnerability in Juan Camilo Advanced PDF Generator advanced-pdf-generator allows Stored XSS.This issue affects Advanced PDF Generator: from n/a through <= 0.4.0.

Cross-Site Request Forgery (CSRF) vulnerability in ivan9146 Seo Free seo-free allows Stored XSS.This issue affects Seo Free: from n/a through <= 1.4.

Cross-Site Request Forgery (CSRF) vulnerability in ragaskar Amazon Associate Filter amazon-associate-filter allows Stored XSS.This issue affects Amazon Associate Filter: from n/a through <= 0.4.

Cross-Site Request Forgery (CSRF) vulnerability in samwilson Addressbook addressbook allows Stored XSS.This issue affects Addressbook: from n/a through <= 1.1.3.

Cross-Site Request Forgery (CSRF) vulnerability in themefusecom ThemeFuse Maintenance Mode themefuse-maintenance-mode allows Stored XSS.This issue affects ThemeFuse Maintenance Mode: from n/a through <= 1.1.3.

Cross-Site Request Forgery (CSRF) vulnerability in Chaser324 Featured Posts Scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through 1.25.

Cross-Site Request Forgery (CSRF) vulnerability in hands01 e-shops e-shops-cart2 allows Reflected XSS.This issue affects e-shops: from n/a through <= 1.0.3.

Cross-Site Request Forgery (CSRF) vulnerability in Patrick Lumumba Mobilize mobilize allows Stored XSS.This issue affects Mobilize: from n/a through <= 3.0.7.

Cross-Site Request Forgery (CSRF) vulnerability in scottmydollarplancom Random Featured Post random-featured-post-plugin allows Stored XSS.This issue affects Random Featured Post: from n/a through <= 1.1.3.

Cross-Site Request Forgery (CSRF) vulnerability in marckocher Skip To skip-to allows Stored XSS.This issue affects Skip To: from n/a through <= 2.0.0.

Cross-Site Request Forgery (CSRF) vulnerability in akira1891 UPDATE NOTIFICATIONS update-notifications allows Stored XSS.This issue affects UPDATE NOTIFICATIONS: from n/a through <= 0.3.4.

Cross-Site Request Forgery (CSRF) vulnerability in Eric Allen APK Downloader apk-downloader allows Stored XSS.This issue affects APK Downloader: from n/a through <= 1.0.0.

Cross-Site Request Forgery (CSRF) vulnerability in microkid Custom Author URL author-slug allows Stored XSS.This issue affects Custom Author URL: from n/a through <= 2.0.1.

Cross-Site Request Forgery (CSRF) vulnerability in litefeel Flash Show And Hide Box flash-show-and-hide-box allows Stored XSS.This issue affects Flash Show And Hide Box: from n/a through <= 1.6.

Cross-Site Request Forgery (CSRF) vulnerability in Woopy Plugins SmartLink Dynamic URLs smartlink-dinamic-urls allows Stored XSS.This issue affects SmartLink Dynamic URLs: from n/a through <= 1.1.0.

Cross-Site Request Forgery (CSRF) vulnerability in Henrik Hoff WP Course Manager wp-course-manager allows Stored XSS.This issue affects WP Course Manager: from n/a through <= 1.3.

Cross-Site Request Forgery (CSRF) vulnerability in GeekRMX Twitter @Anywhere Plus twitter-anywhere-plus allows Stored XSS.This issue affects Twitter @Anywhere Plus: from n/a through <= 2.0.

Cross-Site Request Forgery (CSRF) vulnerability in Kalmang Dynamic Widgets dynamic-widgets.This issue affects Dynamic Widgets: from n/a through <= 1.6.4.

The CM Email Registration Blacklist and Whitelist WordPress plugin before 1.4.9 does not have CSRF check when adding or deleting an item from the blacklist or whitelist, which could allow attackers to make a logged in admin add or delete s…

Cross-Site Request Forgery (CSRF) vulnerability in gentlesource Appointmind appointmind allows Stored XSS.This issue affects Appointmind: from n/a through <= 4.0.0.

Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu W3P SEO wp-perfect-plugin allows Stored XSS.This issue affects W3P SEO: from n/a through < 1.8.6.

Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Manage User Columns manage-user-columns allows Cross Site Request Forgery.This issue affects Manage User Columns: from n/a through <= 1.0.5.

Cross-Site Request Forgery (CSRF) vulnerability in Platform.ly Platform.ly Official platformly allows Stored XSS.This issue affects Platform.ly Official: from n/a through <= 1.1.3.

Cross-Site Request Forgery (CSRF) vulnerability in fraudlabspro FraudLabs Pro SMS Verification fraudlabs-pro-sms-verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from n/a through <= 1.10.1.

The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivere…

Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in…

Cross-Site Request Forgery (CSRF) vulnerability in mikeage Hebrew Date hebrewdates allows Stored XSS.This issue affects Hebrew Date: from n/a through <= 2.1.0.

Cross-Site Request Forgery (CSRF) vulnerability in w3speedster W3SPEEDSTER w3speedster-wp.This issue affects W3SPEEDSTER: from n/a through <= 7.25.

Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog DownloadManager hacklog-downloadmanager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through <= 2.1.4.

Cross-Site Request Forgery (CSRF) vulnerability in gunghoinc Exclusive Content Password Protect exclusive-content-password-protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content Password Protect: from n/a th…

Cross-Site Request Forgery (CSRF) vulnerability in skipstorm SK WP Settings Backup sk-wp-settings-backup allows Object Injection.This issue affects SK WP Settings Backup: from n/a through <= 1.0.