CWE-352— Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Stored XSS.This issue affects WP2LEADS: from n/a through <= 3.5.0.

A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser sess…

Wimi Teamwork versions prior to 7.38.17 contains a cross-site request forgery (CSRF) vulnerability in its API. The API accepts any authenticated request that contains a JSON field named 'csrf_token' without validating the field’s value; …

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the Change Username functionality available from the settings panel (/settings/panel). The endpoint does not implement CSRF protections such as …

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An …

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer …

Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that admini…

A vulnerability, which was classified as problematic, has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may…

A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The explo…

IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery…

A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd.. If a user views a crafted page while logged in to the affected product, unintended operations may be performed.

Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request fo…

Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11.

A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Affected by this issue is some unknown functionality of the component Sticky Notes Handler. The manipulation leads to cross-site request forgery. …

A vulnerability has been found in zhenfeng13 My-BBS 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has bee…

A vulnerability was found in panhainan DS-Java 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has…

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9.

Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Cross Site Request Forgery.This issue affects Grand Restaurant: from n/a through <= 7.0.

Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Author Box Plugin With Different Description author-box-with-different-description allows Cross Site Request Forgery.This issue affects Author Box Plugin With Different De…

Cross-Site Request Forgery (CSRF) vulnerability in aseem1234 Best Posts Summary best-posts-summary allows Stored XSS.This issue affects Best Posts Summary: from n/a through <= 1.0.

Cross-Site Request Forgery (CSRF) vulnerability in Ashok G Easy Child Theme Creator easy-child-theme-creator allows Cross Site Request Forgery.This issue affects Easy Child Theme Creator: from n/a through <= 1.3.1.

Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This issue affects KiotViet Sync: from n/a through 1.8.4.

Cross-Site Request Forgery (CSRF) vulnerability in Mike spam-stopper spam-stopper allows Stored XSS.This issue affects spam-stopper: from n/a through <= 3.1.3.

Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links social-media-links allows Stored XSS.This issue affects Social Media Links: from n/a through <= 1.0.3.

Cross-Site Request Forgery (CSRF) vulnerability in Ichi translit it! translit-it allows Stored XSS.This issue affects translit it!: from n/a through <= 1.6.

Cross-Site Request Forgery (CSRF) vulnerability in Eslam Mahmoud Redirect wordpress to welcome or landing page redirect-to-welcome-or-landing-page allows Stored XSS.This issue affects Redirect wordpress to welcome or landing page: from n/a…

Cross-Site Request Forgery (CSRF) vulnerability in ajayver RSS Manager rss-manager allows Stored XSS.This issue affects RSS Manager: from n/a through <= 0.06.

Cross-Site Request Forgery (CSRF) vulnerability in David Miller Revision Diet revision-diet allows Stored XSS.This issue affects Revision Diet: from n/a through <= 1.0.1.

Cross-Site Request Forgery (CSRF) vulnerability in Mustafa KUCUK WP Sticky Side Buttons wp-sticky-side-buttons allows Stored XSS.This issue affects WP Sticky Side Buttons: from n/a through <= 2.1.

Cross-Site Request Forgery (CSRF) vulnerability in PResponsive WP Social Bookmarking wp-social-bookmarking allows Stored XSS.This issue affects WP Social Bookmarking: from n/a through <= 3.6.

Cross-Site Request Forgery (CSRF) vulnerability in Jenst Add to Header add-to-header allows Stored XSS.This issue affects Add to Header: from n/a through <= 1.0.

Cross-Site Request Forgery (CSRF) vulnerability in simplemaps Simple Maps interactive-maps allows Stored XSS.This issue affects Simple Maps: from n/a through <= 0.98.

Cross-Site Request Forgery (CSRF) vulnerability in pixelgrade Style Manager style-manager allows Cross Site Request Forgery.This issue affects Style Manager: from n/a through <= 2.2.7.

Cross-Site Request Forgery (CSRF) vulnerability in illow illow – Cookies Consent lgpd-compliant-cookie-banner allows Cross Site Request Forgery.This issue affects illow – Cookies Consent: from n/a through <= 0.2.0.

Cross-Site Request Forgery (CSRF) vulnerability in Alexander Rauscha mLanguage mlanguage allows Stored XSS.This issue affects mLanguage: from n/a through <= 1.6.1.

Cross-Site Request Forgery (CSRF) vulnerability in Aaron Forgue Amazon Showcase WordPress Plugin amazon-showcase-wordpress-widget allows Stored XSS.This issue affects Amazon Showcase WordPress Plugin: from n/a through <= 2.2.

Cross-Site Request Forgery (CSRF) vulnerability in beke_ro Bknewsticker bknewsticker allows Stored XSS.This issue affects Bknewsticker: from n/a through <= 1.0.5.

Cross-Site Request Forgery (CSRF) vulnerability in davidfcarr My Marginalia my-marginalia allows Stored XSS.This issue affects My Marginalia: from n/a through <= 1.0.6.

Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize anthologize allows Cross Site Request Forgery.This issue affects Anthologize: from n/a through <= 0.8.3.

Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer theme-changer allows Cross Site Request Forgery.This issue affects Theme Changer: from n/a through <= 1.4.

Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover broken-links-remover allows Stored XSS.This issue affects Broken Links Remover: from n/a through <= 1.2.2.

Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Dashboard Notepads dashboard-notepads allows Stored XSS.This issue affects Dashboard Notepads: from n/a through <= 1.2.1.

Cross-Site Request Forgery (CSRF) vulnerability in MessageMetric Review Wave – Google Places Reviews review-wave-google-places-reviews allows Stored XSS.This issue affects Review Wave – Google Places Reviews: from n/a through <= 1.4.7.

Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D verge3d allows Cross Site Request Forgery.This issue affects Verge3D: from n/a through <= 4.9.0.

Cross-Site Request Forgery (CSRF) vulnerability in algol.plus Advanced Dynamic Pricing for WooCommerce advanced-dynamic-pricing-for-woocommerce allows Cross Site Request Forgery.This issue affects Advanced Dynamic Pricing for WooCommerce: …

Cross-Site Request Forgery (CSRF) vulnerability in IP2Location IP2Location Variables ip2location-variables allows Reflected XSS.This issue affects IP2Location Variables: from n/a through <= 2.9.5.