Total
7945 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3940 | 1 Bozdoz | 1 Recaptcha Jetpack | 2025-05-05 | 8.8 High |
| The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-3941 | 1 Bozdoz | 1 Recaptcha Jetpack | 2025-05-05 | 4.7 Medium |
| The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2021-34645 | 1 Wpeasycart | 1 Shopping Cart \& Ecommerce Store | 2025-05-05 | 8.8 High |
| The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_currency_settings function found in the ~/admin/inc/wp_easycart_admin_initial_setup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0. | ||||
| CVE-2022-42751 | 1 Auieo | 1 Candidats | 2025-05-05 | 8.8 High |
| CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions. | ||||
| CVE-2022-30608 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-05 | 8.8 High |
| "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295. | ||||
| CVE-2024-21381 | 1 Microsoft | 1 Azure Active Directory | 2025-05-03 | 6.8 Medium |
| Microsoft Azure Active Directory B2C Spoofing Vulnerability | ||||
| CVE-2022-41413 | 1 Perfsonar | 1 Perfsonar | 2025-05-02 | 4.3 Medium |
| perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function. | ||||
| CVE-2022-38660 | 1 Hcltech | 1 Domino | 2025-05-02 | 8.3 High |
| HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. | ||||
| CVE-2024-5033 | 1 Toolstack | 1 Sully | 2025-05-02 | 5.9 Medium |
| The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-5034 | 1 Toolstack | 1 Sully | 2025-05-02 | 8.8 High |
| The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2006-5175 | 1 Buffalo-technology | 1 Terastation Hd-htgl Firmware | 2025-05-02 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors. | ||||
| CVE-2022-3451 | 1 Addify | 1 Product Stock Manager | 2025-05-01 | 4.3 Medium |
| The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options | ||||
| CVE-2022-3537 | 1 Addify | 1 Role Based Pricing For Woocommerce | 2025-05-01 | 8.8 High |
| The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP | ||||
| CVE-2022-3536 | 1 Addify | 1 Role Based Pricing For Woocommerce | 2025-05-01 | 8.8 High |
| The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog | ||||
| CVE-2022-3489 | 1 Weberge | 1 Wp Hide | 2025-05-01 | 5.3 Medium |
| The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request | ||||
| CVE-2022-43031 | 1 Dedecms | 1 Dedecms | 2025-05-01 | 8.8 High |
| DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. | ||||
| CVE-2023-7202 | 1 Verygoodplugins | 1 Fatal Error Notify | 2025-05-01 | 6.1 Medium |
| The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its test_error AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF | ||||
| CVE-2024-42586 | 1 Siamonhasan | 1 Warehouse Inventory System | 2025-05-01 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | ||||
| CVE-2024-42585 | 1 Siamonhasan | 1 Warehouse Inventory System | 2025-05-01 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component delete_media.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | ||||
| CVE-2024-42578 | 2 Oswapp, Siamonhasan | 2 Warehouse Inventory System, Warehouse Inventory System | 2025-05-01 | 8 High |
| A Cross-Site Request Forgery (CSRF) in the component edit_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | ||||