Total
6072 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36836 | 2024-10-16 | N/A | 8.8 HIGH | ||
| The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server. | |||||
| CVE-2024-39408 | 1 Adobe | 2 Commerce, Magento | 2024-10-16 | N/A | 4.3 MEDIUM |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction. | |||||
| CVE-2024-39409 | 1 Adobe | 2 Commerce, Magento | 2024-10-16 | N/A | 4.3 MEDIUM |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction. | |||||
| CVE-2024-39410 | 1 Adobe | 2 Commerce, Magento | 2024-10-16 | N/A | 4.3 MEDIUM |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-8477 | 1 Brevo | 1 Newsletter\, Smtp\, Email Marketing And Subscribe | 2024-10-15 | N/A | 4.3 MEDIUM |
| The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. This is due to missing or incorrect nonce validation on the Init() function. This makes it possible for unauthenticated attackers to log out of a Brevo connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-9778 | 2024-10-15 | N/A | 4.3 MEDIUM | ||
| The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepress_admin_page' function. This makes it possible for unauthenticated attackers to update plugin settings, including redirection URLs, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-9592 | 2024-10-15 | N/A | 6.1 MEDIUM | ||
| The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the 'wpppgc_plugin_options' function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-8520 | 1 Ultimatemember | 1 Ultimate Member | 2024-10-08 | N/A | 4.3 MEDIUM |
| The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the admin_init or user_action_hook function. This makes it possible for unauthenticated attackers to modify a users membership status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-47644 | 2024-10-07 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Copyscape / Indigo Stream Technologies Copyscape Premium allows Stored XSS.This issue affects Copyscape Premium: from n/a through 1.3.6. | |||||
| CVE-2024-47635 | 2024-10-07 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in TinyPNG.This issue affects TinyPNG: from n/a through 3.4.3. | |||||
| CVE-2024-44028 | 2024-10-07 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a before 3.6.5. | |||||
| CVE-2024-7689 | 1 Snapshot Backup Project | 1 Snapshot Backup | 2024-10-07 | N/A | 4.3 MEDIUM |
| The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||
| CVE-2024-7687 | 1 Azindex Project | 1 Azindex | 2024-10-07 | N/A | 4.3 MEDIUM |
| The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||
| CVE-2024-7688 | 1 Azindex Project | 1 Azindex | 2024-10-07 | N/A | 6.5 MEDIUM |
| The AZIndex WordPress plugin through 0.8.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin delete arbitrary indexes via a CSRF attack | |||||
| CVE-2024-7892 | 1 Vladyslavbondarenko | 1 Adstxt | 2024-10-07 | N/A | 4.3 MEDIUM |
| The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2024-7690 | 1 Digireturn | 1 Dn Popup | 2024-10-07 | N/A | 4.3 MEDIUM |
| The DN Popup WordPress plugin through 1.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2024-45987 | 1 Online Voting System Project | 1 Online Voting System | 2024-10-05 | N/A | 6.5 MEDIUM |
| Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent or knowledge. The attack leverages the user's active session to perform the unauthorized action, compromising the integrity of the voting process. | |||||
| CVE-2024-28948 | 1 Advantech | 2 Adam-5630, Adam-5630 Firmware | 2024-10-04 | N/A | 8.8 HIGH |
| Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other. | |||||
| CVE-2024-9282 | 1 Bg5sbk | 1 Minicms | 2024-10-04 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in bg5sbk MiniCMS 1.11. It has been classified as problematic. Affected is an unknown function of the file page-edit.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-9281 | 1 Bg5sbk | 1 Minicms | 2024-10-04 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. This issue affects some unknown processing of the file post-edit.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way. | |||||