Total
6073 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9943 | 2024-10-25 | N/A | 6.3 MEDIUM | ||
| The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. This is due to missing or incorrect nonce validation on several functions in api/class-mvx-rest-controller.php. This makes it possible for unauthenticated attackers to update vendor account details, create vendor accounts, and delete arbitrary users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-9598 | 2024-10-25 | N/A | 8.8 HIGH | ||
| The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1. This is due to missing or incorrect nonce validation on the 'proxy' function. This makes it possible for unauthenticated attackers to send the logged in user's cookies to their own server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-47879 | 2024-10-25 | N/A | 7.6 HIGH | ||
| OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `preview-expression` command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can contain arbitrary Clojure or Python code. The attacker must know a valid project ID of a project that contains at least one row, and the attacker must convince the victim to open a malicious webpage. Version 3.8.3 fixes the issue. | |||||
| CVE-2024-20437 | 1 Cisco | 1 Ios Xe | 2024-10-24 | N/A | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user. | |||||
| CVE-2024-49621 | 1 Apa | 1 Apa Register Newsletter Form | 2024-10-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Apa APA Register Newsletter Form allows SQL Injection.This issue affects APA Register Newsletter Form: from n/a through 1.0.0. | |||||
| CVE-2024-49605 | 1 Avchat.net | 1 Avchat Video Chat | 2024-10-24 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Avchat.Net AVChat Video Chat allows Stored XSS.This issue affects AVChat Video Chat: from n/a through 2.2. | |||||
| CVE-2024-49335 | 1 Edush Maxim | 1 Googledrive Folder List | 2024-10-24 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Edush Maxim GoogleDrive folder list allows Stored XSS.This issue affects GoogleDrive folder list: from n/a through 2.2.2. | |||||
| CVE-2024-49622 | 1 Apa | 1 Apa Banner Slider | 2024-10-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Apa Apa Banner Slider allows SQL Injection.This issue affects Apa Banner Slider: from n/a through 1.0.0. | |||||
| CVE-2024-43945 | 1 Latepoint | 1 Latepoint | 2024-10-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Latepoint LatePoint allows Cross Site Request Forgery.This issue affects LatePoint: from n/a through 4.9.91. | |||||
| CVE-2024-49629 | 1 Androidbubbles | 1 Endless Posts Navigation | 2024-10-22 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Fahad Mahmood Endless Posts Navigation allows Stored XSS.This issue affects Endless Posts Navigation: from n/a through 2.2.7. | |||||
| CVE-2024-47634 | 1 Majas-lapu-izstrade | 1 Cartbounty | 2024-10-22 | N/A | 9.8 CRITICAL |
| Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty – Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a through 8.2. | |||||
| CVE-2024-49250 | 1 Dublue | 1 Table Of Contents Plus | 2024-10-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through 2408. | |||||
| CVE-2024-49272 | 1 Wpwebinfotech | 1 Social Auto Poster | 2024-10-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WPWeb Social Auto Poster allows Cross Site Request Forgery.This issue affects Social Auto Poster: from n/a through 5.3.15. | |||||
| CVE-2024-49274 | 1 Infomaniak | 1 Vod Infomaniak | 2024-10-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Infomaniak Staff VOD Infomaniak allows Cross Site Request Forgery.This issue affects VOD Infomaniak: from n/a through 1.5.7. | |||||
| CVE-2024-49275 | 1 Northernbeacheswebsites | 1 Ideapush | 2024-10-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson IdeaPush allows Cross Site Request Forgery.This issue affects IdeaPush: from n/a through 8.69. | |||||
| CVE-2024-49290 | 1 Boxystudio | 1 Cooked | 2024-10-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0. | |||||
| CVE-2024-49306 | 1 Wp-buy | 1 Wp Content Copy Protection \& No Right Click | 2024-10-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WP-buy WP Content Copy Protection & No Right Click allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through 3.5.9. | |||||
| CVE-2024-49627 | 1 Noorsplugin | 1 Wordpress Image Seo | 2024-10-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Noor Alam WordPress Image SEO allows Cross Site Request Forgery.This issue affects WordPress Image SEO: from n/a through 1.1.4. | |||||
| CVE-2024-49628 | 1 Whiletrue | 1 Most And Least Read Posts Widget | 2024-10-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WhileTrue Most And Least Read Posts Widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.18. | |||||
| CVE-2024-49617 | 1 Bhaskardhote | 1 Back Link Tracker | 2024-10-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Back Link Tracker allows Blind SQL Injection.This issue affects Back Link Tracker: from n/a through 1.0.0. | |||||