Total
9103 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6075 | 1 Tipsandtricks-hq | 1 Wp Estore | 2024-11-21 | 8.8 High |
| The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2024-6023 | 1 Adamsolymosi | 1 Contentlock | 2024-11-21 | 8.8 High |
| The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when adding emails, which could allow attackers to make a logged in admin perform such action via a CSRF attack | ||||
| CVE-2024-6022 | 1 Adamsolymosi | 1 Contentlock | 2024-11-21 | 8.8 High |
| The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-5815 | 1 Github | 1 Enterprise Server | 2024-11-21 | 6.5 Medium |
| A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit a tag in the attacker's fork of their own repository. vulnerability affected all versions of GitHub Enterprise Server prior 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2024-5767 | 1 Sitetweet Project | 1 Sitetweet | 2024-11-21 | 8.8 High |
| The sitetweet WordPress plugin through 0.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-4969 | 1 Devnath Verma | 1 Widget Bundle | 2024-11-21 | 4.3 Medium |
| The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack | ||||
| CVE-2024-4499 | 1 Lollms | 1 Lollms | 2024-11-21 | 6.3 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS API requests. This issue can lead to the reading and writing of audio files and, when combined with other vulnerabilities, could allow for the reading of arbitrary files on the system and writing files outside the permitted audio file location. | ||||
| CVE-2024-4475 | 1 Onetarek | 1 Wp Logs Book | 2024-11-21 | 4.3 Medium |
| The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack | ||||
| CVE-2024-4474 | 1 Onetarek | 1 Wp Logs Book | 2024-11-21 | 4.3 Medium |
| The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-4328 | 1 Parisneo | 1 Lollms Web Ui | 2024-11-21 | 8.1 High |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users into performing actions without their consent, such as deleting important files on the system. The issue is present in the application's handling of requests, making it susceptible to CSRF attacks that could lead to unauthorized actions being performed on behalf of the user. | ||||
| CVE-2024-45693 | 1 Apache | 1 Cloudstack | 2024-11-21 | 8 High |
| Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account takeover, disruption, exposure of sensitive data and compromise integrity of the resources owned by the user account that are managed by the platform. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1 Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. | ||||
| CVE-2024-41305 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 7.1 High |
| A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter. | ||||
| CVE-2024-40601 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.3 Medium |
| An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules. | ||||
| CVE-2024-40334 | 2 Idccms, Idccms Project | 2 Idccms, Idccms | 2024-11-21 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3 | ||||
| CVE-2024-40332 | 2 Idccms, Idccms Project | 2 Idccms, Idccms | 2024-11-21 | 6.8 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord | ||||
| CVE-2024-40037 | 1 Idccms Project | 1 Idccms | 2024-11-21 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del | ||||
| CVE-2024-40034 | 1 Idccms Project | 1 Idccms | 2024-11-21 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del | ||||
| CVE-2024-3972 | 1 Davidjmiller | 1 Similarity | 2024-11-21 | 4.3 Medium |
| The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-38457 | 1 Xenforo | 1 Xenforo | 2024-11-21 | 8.8 High |
| Xenforo before 2.2.16 allows CSRF. | ||||
| CVE-2024-37230 | 1 Rarathemes | 1 Book Landing Page | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through 1.2.3. | ||||