Total
8545 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49294 | 2025-01-07 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Cross Site Request Forgery.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through 5.4.3. | ||||
| CVE-2024-1912 | 1 Frenify | 1 Categorify | 2025-01-07 | 4.3 Medium |
| The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update the folder position of categories as well as update the metadata of other taxonomies via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-31200 | 1 Ptc | 1 Vuforia Studio | 2025-01-06 | 5.7 Medium |
| PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. | ||||
| CVE-2023-38130 | 1 Cubecart | 1 Cubecart | 2025-01-06 | 8.1 High |
| Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. | ||||
| CVE-2024-9665 | 1 Zimbra | 1 Zimbra | 2025-01-03 | 6.5 Medium |
| Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerability in that the target must open a malicious email message. The specific flaw exists within the implementation of the graphql endpoint. The issue results from the lack of proper protections against cross-site request forgery (CSRF) attacks. An attacker can leverage this vulnerability to disclose information in the context of the target email account. Was ZDI-CAN-23939. | ||||
| CVE-2024-37458 | 2025-01-03 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ExtendThemes Highlight allows Cross Site Request Forgery.This issue affects Highlight: from n/a through 1.0.29. | ||||
| CVE-2024-38766 | 2025-01-03 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Matomo Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from n/a through 5.1.1. | ||||
| CVE-2024-38789 | 2025-01-03 | 5.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Telegram Bot & Channel allows Cross Site Request Forgery.This issue affects Telegram Bot & Channel: from n/a through 3.8.2. | ||||
| CVE-2023-35141 | 1 Jenkins | 1 Jenkins | 2025-01-02 | 8 High |
| In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu. | ||||
| CVE-2024-43927 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Till Krüss Email Address Encoder allows Cross Site Request Forgery.This issue affects Email Address Encoder: from n/a through 1.0.23. | ||||
| CVE-2024-37426 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Elegant Pink allows Cross Site Request Forgery.This issue affects Elegant Pink: from n/a through 1.3.0. | ||||
| CVE-2024-37435 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Perfect Portfolio allows Cross Site Request Forgery.This issue affects Perfect Portfolio: from n/a through 1.2.0. | ||||
| CVE-2024-37543 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Nitesh Singh Ultimate Auction allows Cross Site Request Forgery.This issue affects Ultimate Auction : from n/a through 4.2.5. | ||||
| CVE-2024-38691 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Metorik Metorik – Reports & Email Automation for WooCommerce allows Cross Site Request Forgery.This issue affects Metorik – Reports & Email Automation for WooCommerce: from n/a through 1.7.1. | ||||
| CVE-2024-38729 | 2025-01-02 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in MBE Worldwide S.p.A. MBE eShip allows Cross Site Request Forgery.This issue affects MBE eShip: from n/a through 2.1.2. | ||||
| CVE-2024-38751 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Google Adsense & Banner Ads by AdsforWP allows Cross Site Request Forgery.This issue affects Google Adsense & Banner Ads by AdsforWP: from n/a through 1.9.28. | ||||
| CVE-2024-38754 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Taggbox allows Cross Site Request Forgery.This issue affects Taggbox: from n/a through 3.3. | ||||
| CVE-2024-38762 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar Event Tickets allows Cross Site Request Forgery.This issue affects Event Tickets: from n/a through 5.11.0.4. | ||||
| CVE-2024-38763 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Verse allows Cross Site Request Forgery.This issue affects Popularis Verse: from n/a through 1.1.1. | ||||
| CVE-2024-37238 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Greg Winiarski WPAdverts – Classifieds Plugin allows Cross Site Request Forgery.This issue affects WPAdverts – Classifieds Plugin: from n/a through 2.1.2. | ||||