Total
6071 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46362 | 2024-09-20 | N/A | 8.8 HIGH | ||
| FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory | |||||
| CVE-2024-46085 | 2024-09-20 | N/A | 8.8 HIGH | ||
| FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename | |||||
| CVE-2024-6862 | 1 Lunary | 1 Lunary | 2024-09-19 | N/A | 8.1 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in lunary-ai/lunary version 1.2.34 due to overly permissive CORS settings. This vulnerability allows an attacker to sign up for and create projects or use the instance as if they were a user with local access. The main attack vector is for instances hosted locally on personal machines, which are not publicly accessible. The CORS settings in the backend permit all origins, exposing unauthenticated endpoints to CSRF attacks. | |||||
| CVE-2024-39641 | 1 Thimpress | 1 Learnpress | 2024-09-18 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2. | |||||
| CVE-2024-39645 | 1 Themeum | 1 Tutor Lms | 2024-09-18 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2. | |||||
| CVE-2024-39657 | 1 Sender | 1 Sender | 2024-09-18 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce: from n/a through 2.6.18. | |||||
| CVE-2024-43116 | 1 10up | 1 Simple Local Avatars | 2024-09-18 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10. | |||||
| CVE-2024-43117 | 1 Wpmudev | 1 Hummingbird | 2024-09-18 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1. | |||||
| CVE-2024-8120 | 1 Imagerecycle | 1 Imagerecycle Pdf \& Image Compression | 2024-09-17 | N/A | 4.3 MEDIUM |
| The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14. This is due to missing or incorrect nonce validation on several functions in the class/class-image-otimizer.php file. This makes it possible for unauthenticated attackers to update plugin settings along with performing other actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-43255 | 1 Stormhillmedia | 1 Mybook Table Bookstore | 2024-09-17 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore allows Cross-Site Scripting (XSS).This issue affects MyBookTable Bookstore: from n/a through 3.3.9. | |||||
| CVE-2024-6017 | 1 Scriptonite | 1 Music Request Manager | 2024-09-13 | N/A | 6.1 MEDIUM |
| The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | |||||
| CVE-2024-7420 | 1 Xyzscripts | 1 Insert Php Code Snippet | 2024-09-13 | N/A | 6.5 MEDIUM |
| The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation in the /admin/snippets.php file. This makes it possible for unauthenticated attackers to activate/deactivate and delete code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-3408 | 1 Bricksbuilder | 1 Bricks | 2024-09-13 | N/A | 4.3 MEDIUM |
| The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'save_settings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including enabling a setting which allows lower-privileged users such as contributors to perform code execution, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-3409 | 1 Bricksbuilder | 1 Bricks | 2024-09-13 | N/A | 4.3 MEDIUM |
| The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-43325 | 1 Naiches | 1 Dark Mode For Wp Dashboard | 2024-09-12 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Naiche Dark Mode for WP Dashboard.This issue affects Dark Mode for WP Dashboard: from n/a through 1.2.3. | |||||
| CVE-2024-43316 | 1 Checkoutplugins | 1 Stripe Payments For Woocommerce | 2024-09-12 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1. | |||||
| CVE-2024-43301 | 1 Fontsplugin | 1 Fonts Plugin | 2024-09-12 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Fonts Plugin Fonts allows Stored XSS.This issue affects Fonts: from n/a through 3.7.7. | |||||
| CVE-2024-43299 | 1 Softaculous | 1 Speedycache | 2024-09-12 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Team SpeedyCache.This issue affects SpeedyCache: from n/a through 1.1.8. | |||||
| CVE-2024-43295 | 1 Wpdataaccess | 1 Wp Data Access | 2024-09-12 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Passionate Programmers B.V. WP Data Access.This issue affects WP Data Access: from n/a through 5.5.7. | |||||
| CVE-2024-43287 | 1 Sendinblue | 1 Newsletter\, Smtp\, Email Marketing And Subscribe | 2024-09-12 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.82. | |||||