CWE-352— Cross-Site Request Forgery (CSRF)

CVE-2023-40671MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <= 1.10.0 versions.

CVE-2023-40868HIGHCVSS 8.8EG 8.8

Cross-Site Request Forgery (CSRF) vulnerability in 大侠wp DX-auto-save-images plugin <= 1.4.0 versions.

2023-09-14

Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions.

CVE-2023-40953HIGHCVSS 8.8EG 8.8

2023-09-08

icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).

CVE-2023-41086HIGHCVSS 8.8EG 8.8

2023-10-03

Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. If a user views a malicious page while logged in, unintended operations may be performed. Affected products and versions are as fol…

CVE-2023-41129MEDIUMCVSS 4.3EG 4.3

2023-11-18

Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6.

CVE-2023-41131MEDIUMCVSS 4.3EG 4.3

2023-10-12

Cross-Site Request Forgery (CSRF) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.10 versions.

CVE-2023-41244MEDIUMCVSS 4.3EG 4.3

2023-10-03

Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions.

CVE-2023-41452HIGHCVSS 8.8EG 8.8

2023-09-27

Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.

CVE-2023-4150MEDIUMCVSS 4.3EG 4.3

2023-08-30

The User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks

CVE-2023-4161MEDIUMCVSS 4.3EG 4.3

2023-08-31

The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. This makes it possible for unauthenticated…

CVE-2023-41650MEDIUMCVSS 4.3EG 4.3

CVE-2023-41654MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <= 2.1 versions.

CVE-2023-41659MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <= 2.5.8 versions.

CVE-2023-41660MEDIUMCVSS 6.5EG 6.5

Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <= 2.3.10 versions.

CVE-2023-41667MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchro plugin <= 1.9.1 versions.

CVE-2023-41668MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions.

CVE-2023-41669MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions.

CVE-2023-41670MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plugin <= 1.06 versions.

CVE-2023-41672MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel (in person: Edward Bock) Use Memcached plugin <= 1.0.4 versions.

CVE-2023-41684MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Rémi Leclercq Hide admin notices – Admin Notification Center plugin <= 2.3.2 versions.

CVE-2023-41686MEDIUMCVSS 6.5EG 6.5

Cross-Site Request Forgery (CSRF) vulnerability in Felix Welberg SIS Handball plugin <= 1.0.45 versions.

2024-12-13

Cross-Site Request Forgery (CSRF) vulnerability in ilGhera Woocommerce Support System allows Cross Site Request Forgery.This issue affects Woocommerce Support System: from n/a through 1.2.2.

CVE-2023-41693MEDIUMCVSS 5.4EG 5.4

2023-10-03

Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions.

CVE-2023-41694MEDIUMCVSS 4.3EG 4.3

CVE-2023-41697MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbig For WordPress plugin <= 1.0.3 versions.

CVE-2023-41730MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Nikunj Soni Easy WP Cleaner plugin <= 1.9 versions.

CVE-2023-41732MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions.

CVE-2023-41792MEDIUMCVSS 5.9EG 5.9

Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <= 1.0.20 versions.

2023-11-23

Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 77…

CVE-2023-41801MEDIUMCVSS 5.4EG 5.4

CVE-2023-41850MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <= 4.3 versions.

CVE-2023-41851MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Ruben Sargsyan Outbound Link Manager plugin <= 1.2 versions.

CVE-2023-41852MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template <= 1.0 versions.

CVE-2023-41853MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch – Grow your Email List plugin <= 3.1.2 versions.

CVE-2023-41854MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <= 1.0.3 versions.

CVE-2023-41858MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. WpCentral plugin <= 1.5.7 versions.

CVE-2023-41864MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions.

2024-04-18

Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Group PeproDev CF7 Database.This issue affects PeproDev CF7 Database: from n/a through 1.8.0.

CVE-2023-41876MEDIUMCVSS 4.3EG 4.3

CVE-2023-41938MEDIUMCVSS 6.5EG 6.5

Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions.

2023-09-06

A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules.

CVE-2023-41942MEDIUMCVSS 4.3EG 4.3

2023-09-06

A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.

CVE-2023-41946LOWCVSS 3.5EG 3.5

2023-09-06

A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, …

CVE-2023-41950MEDIUMCVSS 5.4EG 5.4