Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-8976

Summary
Assigner-INCIBE
Assigner Org ID-0cbda920-cd7f-484a-8e76-bf7f4b7f4516
Published At-17 Oct, 2022 | 21:18
Updated At-23 Apr, 2025 | 16:45
Rejected At-
Credits

ZGR TPS200 Cross-Site Request Forgery (CSRF)

The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:INCIBE
Assigner Org ID:0cbda920-cd7f-484a-8e76-bf7f4b7f4516
Published At:17 Oct, 2022 | 21:18
Updated At:23 Apr, 2025 | 16:45
Rejected At:
▼CVE Numbering Authority (CNA)
ZGR TPS200 Cross-Site Request Forgery (CSRF)

The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request.

Affected Products
Vendor
ZGR
Product
ZGR TPS200 NG
Default Status
unaffected
Versions
Affected
  • 2.00 firmware version 2.00
  • 1.01 hardware version 1.01
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352: Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352: Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.19.6CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

The ZGR team is working on a new design of the TPS, which will include the necessary cybersecurity measures to address the identified vulnerabilities. Affected equipment must be connected to properly isolated and secured networks to avoid potential risks.

Configurations
Workarounds
Exploits
Credits
finder
Discovered by the Industrial Cybersecurity team of S21sec, special mention to Aar�n Flecha Men�ndez.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng
N/A
Hyperlink: https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng
x_transferred
Hyperlink: https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve-coordination@incibe.es
Published At:17 Oct, 2022 | 22:15
Updated At:20 Nov, 2023 | 12:15

The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.19.6CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CPE Matches
zigor
zigor
>>zgr_tps200_ng_firmware>>2.00
cpe:2.3:o:zigor:zgr_tps200_ng_firmware:2.00:*:*:*:*:*:*:*
zigor
zigor
>>zgr_tps200_ng>>1.01
cpe:2.3:h:zigor:zgr_tps200_ng:1.01:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE-352Secondarycve-coordination@incibe.es
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-352
Type: Secondary
Source: cve-coordination@incibe.es
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ngcve-coordination@incibe.es
Third Party Advisory
VDB Entry
Hyperlink: https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng
Source: cve-coordination@incibe.es
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

2275Records found
CVE-2023-45011
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.99%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 12:12
Updated-17 Sep, 2024 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Power Stats Plugin <= 2.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Power Stats plugin <= 2.2.3 versions.

Action-Not Available
Vendor-websivuIgor Buyanov
Product-wp_power_statsWP Power Stats
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-34167
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.23% / 45.76%
||
7 Day CHG~0.00%
Published-24 Feb, 2023 | 00:00
Updated-12 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.

Action-Not Available
Vendor-taogogon/a
Product-taocmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-38276
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.65%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 19:49
Updated-26 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
moodle: CSRF risks due to misuse of confirm_sesskey

Incorrect CSRF token checks resulted in multiple CSRF risks.

Action-Not Available
Vendor-Fedora ProjectMoodle Pty Ltd
Product-moodlefedoraMoodle
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-10010
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-09 Apr, 2023 | 05:31
Updated-06 Aug, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BestWebSoft Contact Form contact_form.php cntctfrm_settings_page cross-site request forgery

A vulnerability was found in BestWebSoft Contact Form 3.21. It has been classified as problematic. This affects the function cntctfrm_settings_page of the file contact_form.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.22 is able to address this issue. The identifier of the patch is 8398d96ff0fe45ec9267d7259961c2ef89ed8005. It is recommended to upgrade the affected component. The identifier VDB-225321 was assigned to this vulnerability.

Action-Not Available
Vendor-BestWebSoft
Product-contact_formContact Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-10017
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.85%
||
7 Day CHG~0.00%
Published-26 Dec, 2023 | 10:00
Updated-21 Nov, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BestWebSoft Portfolio Plugin cross-site request forgery

A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to address this issue. The patch is named 68af950330c3202a706f0ae9bbb52ceaa17dda9d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248955.

Action-Not Available
Vendor-BestWebSoft
Product-portfolioPortfolio Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45901
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 23.27%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 00:00
Updated-04 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin\/category\/add.

Action-Not Available
Vendor-iteachyoun/a
Product-dreamer_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45317
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.09% / 25.79%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 16:17
Updated-16 Jan, 2025 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sielco Radio Link and Analog FM Transmitters Cross-Site Request Forgery

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Action-Not Available
Vendor-sielcoSielco
Product-analog_fm_transmitter_exc2000gxanalog_fm_transmitter_exc5000gtradio_link_exc19_firmwareanalog_fm_transmitter_exc1000gt_firmwareanalog_fm_transmitter_exc300gx_firmwareanalog_fm_transmitter_exc1600gx_firmwareanalog_fm_transmitter_exc100gtanalog_fm_transmitter_exc1000gx_firmwareanalog_fm_transmitter_exc300gt_firmwareanalog_fm_transmitter_exc5000gt_firmwareanalog_fm_transmitter_exc120gtanalog_fm_transmitter_exc120gx_firmwareanalog_fm_transmitter_exc5000gx_firmwareanalog_fm_transmitter_exc1600gxanalog_fm_transmitter_exc5000gxanalog_fm_transmitter_exc120gt_firmwareanalog_fm_transmitter_exc2000gx_firmwareradio_link_rtx19analog_fm_transmitter_exc3000gx_firmwareanalog_fm_transmitter_exc1000gxanalog_fm_transmitter_exc120gxanalog_fm_transmitter_exc300gtradio_link_exc19analog_fm_transmitter_exc100gt_firmwareanalog_fm_transmitter_exc3000gxradio_link_rtx19_firmwareanalog_fm_transmitter_exc300gxanalog_fm_transmitter_exc30gtanalog_fm_transmitter_exc30gt_firmwareanalog_fm_transmitter_exc1000gtRadio LinkAnalog FM transmitter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-34631
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.94%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:36
Updated-17 Sep, 2024 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NewsPlugin <= 1.0.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handle_save_style function found in the ~/news-plugin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.18.

Action-Not Available
Vendor-ipdgroupNewsPlugin
Product-newspluginNewsPlugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-10540
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.46%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 05:25
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules.

Action-Not Available
Vendor-untisn/a
Product-webuntisn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-34632
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.92%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 20:39
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SEO Backlinks <= 4.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1.

Action-Not Available
Vendor-seo_backlinks_projectSEO Backlinks
Product-seo_backlinksSEO Backlinks
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45274
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.44%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:21
Updated-16 Sep, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SendPulse Free Web Push Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <= 1.3.1 versions.

Action-Not Available
Vendor-sendpulseSendPulse
Product-free_web_pushSendPulse Free Web Push
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-34633
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.94%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 20:14
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Youtube Feeder <= 2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Request Forgery via the printAdminPage function found in the ~/youtube-feeder.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.1.

Action-Not Available
Vendor-youtube_feeder_projectYoutube Feeder
Product-youtube_feederYoutube Feeder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-34637
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.94%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 20:39
Updated-17 Sep, 2024 | 03:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Post Index <= 0.7.5 Cross-Site Request Forgery to Stored Cross-Site Scripting

The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the ~/php/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.5.

Action-Not Available
Vendor-post_index_projectiTux
Product-post_indexPost Index
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-38293
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-2.17% / 83.66%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 00:00
Updated-18 Jun, 2025 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php.

Action-Not Available
Vendor-alcasarn/aalcasar
Product-alcasarn/aalcasar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-34634
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.92%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 20:13
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nifty Newsletters <= 4.0.23 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the sola_nl_wp_head function found in the ~/sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23.

Action-Not Available
Vendor-sola-newsletters_projectSolaPlugins
Product-sola-newslettersNifty Newsletters
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-10015
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.71%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 23:31
Updated-06 Aug, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BestWebSoft Twitter Plugin Settings Page twitter.php twttr_settings_page cross-site request forgery

A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on WordPress. It has been classified as problematic. Affected is the function twttr_settings_page of the file twitter.php of the component Settings Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 2.15 is able to address this issue. The patch is identified as a6d4659cbb2cbf18ccb0fb43549d5113d74e0146. It is recommended to upgrade the affected component. VDB-230154 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-BestWebSoft
Product-twitterTwitter Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45763
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 25.11%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 10:15
Updated-13 Sep, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Taggbox Plugin <= 2.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Taggbox plugin <= 2.9 versions.

Action-Not Available
Vendor-taggboxTaggbox
Product-taggboxTaggbox
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45606
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:29
Updated-16 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple URLs Plugin <= 120 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs plugin <= 120 versions.

Action-Not Available
Vendor-getlassoLasso
Product-simple_urlsSimple URLs
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-34086
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.84%
||
7 Day CHG~0.00%
Published-10 Jan, 2022 | 01:12
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They do not verify incoming requests.

Action-Not Available
Vendor-ultimakern/a
Product-ultimaker_s5_firmwareultimaker_s3ultimaker_s5ultimaker_3_firmwareultimaker_s3_firmwareultimaker_3n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45655
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:49
Updated-16 Sep, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PixFields Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions.

Action-Not Available
Vendor-pixelgradePixelGrade
Product-pixfieldsPixFields
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-10012
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.25%
||
7 Day CHG~0.00%
Published-09 Apr, 2023 | 23:31
Updated-06 Aug, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BestWebSoft Facebook Like Button facebook-button-plugin.php fcbk_bttn_plgn_settings_page cross-site request forgery

A vulnerability has been found in BestWebSoft Facebook Like Button up to 2.13 and classified as problematic. Affected by this vulnerability is the function fcbk_bttn_plgn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The patch is named 33144ae5a45ed07efe7fceca901d91365fdbf7cb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225355.

Action-Not Available
Vendor-BestWebSoft
Product-facebook_buttonFacebook Like Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-36549
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.91%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 14:47
Updated-13 Feb, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close

Action-Not Available
Vendor-idccmsn/aidccms
Product-idccmsn/aidccms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-36670
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.09%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 18:57
Updated-15 Apr, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del

Action-Not Available
Vendor-idccmsn/aidccms_project
Product-idccmsn/aidccms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37118
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 27.15%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 13:47
Updated-26 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uncanny Automator Pro plugin <= 5.3 - Cross Site Request Forgery (CSRF) Leading to License Settings Reset vulnerability

Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through 5.3.

Action-Not Available
Vendor-Uncanny Owl Inc.
Product-uncanny_automatorUncanny Automator Pro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45267
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.99%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 14:37
Updated-16 Sep, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress IRivYou Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou plugin <= 2.2.1 versions.

Action-Not Available
Vendor-sharkdropshipZizou1988
Product-irivyouIRivYou
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45316
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-7.3||HIGH
EPSS-0.20% / 42.29%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 08:23
Updated-24 May, 2025 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected client side path traversal leading to CSRF in Playbooks

Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack.

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermost_serverMattermost
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-45638
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:59
Updated-16 Sep, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Eupago Gateway For Woocommerce Plugin <= 3.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in euPago Eupago Gateway For Woocommerce plugin <= 3.1.9 versions.

Action-Not Available
Vendor-eupagoeuPago
Product-eupago_gateway_woocommerceEupago Gateway For Woocommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-36550
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 32.96%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 14:48
Updated-13 Feb, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close

Action-Not Available
Vendor-idccmsn/aidccms_project
Product-idccmsn/aidccms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-36667
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.37%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 19:01
Updated-13 Feb, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/idcProType_deal.php?mudi=add&nohrefStr=close

Action-Not Available
Vendor-idccms_projectn/aidccms_project
Product-idccmsn/aidccms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46095
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-22 Oct, 2023 | 21:18
Updated-11 Sep, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Smooth Scroll Links Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth Scroll Links [SSL] plugin <= 1.1.0 versions.

Action-Not Available
Vendor-chetangoleChetan Gole
Product-smooth_scroll_linksSmooth Scroll Links [SSL]
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45753
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 10:12
Updated-16 Sep, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress which template file Plugin <= 4.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Gilles Dumas which template file plugin <= 4.6.0 versions.

Action-Not Available
Vendor-gillesdumasGilles Dumas
Product-which_template_filewhich template file
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45654
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:46
Updated-16 Sep, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions.

Action-Not Available
Vendor-pixelgradePixelgrade
Product-comments_ratingComments Ratings
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46190
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.82%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 10:23
Updated-11 Sep, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Novo-Map : your WP posts on custom google maps Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin <= 1.1.2 versions.

Action-Not Available
Vendor-novo-mediaNovo-media
Product-novo-map\Novo-Map : your WP posts on custom google maps
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45270
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.99%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 15:13
Updated-16 Sep, 2024 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pinpoint Booking System Plugin <= 2.9.9.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions.

Action-Not Available
Vendor-pinpointPINPOINT.WORLD
Product-pinpoint_booking_systemPinpoint Booking System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37469
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 10.45%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-31 Jan, 2025 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blocksy theme <= 1.9.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy allows Cross Site Request Forgery.This issue affects Blocksy: from n/a through 2.0.22.

Action-Not Available
Vendor-creativethemesCreativeThemes
Product-blocksyBlocksy
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46085
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.75%
||
7 Day CHG~0.00%
Published-22 Oct, 2023 | 21:11
Updated-11 Sep, 2024 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wp Ultimate Review Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions.

Action-Not Available
Vendor-wpmetWpmet
Product-wp_ultimate_reviewWp Ultimate Review
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45651
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:41
Updated-02 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Attachments Plugin <= 5.0.11 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11.

Action-Not Available
Vendor-marcomilesiMarco Milesi
Product-wp_attachmentsWP Attachments
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45992
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.55% / 66.98%
||
7 Day CHG~0.00%
Published-19 Oct, 2023 | 00:00
Updated-02 Aug, 2024 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.

Action-Not Available
Vendor-commscopen/a
Product-ruckus_cloudpath_enrollment_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-32929
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 25.22%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 15:00
Updated-16 Apr, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uffizio GPS Tracker Cross-site Request Forgery

All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user.

Action-Not Available
Vendor-uffizioUffizio
Product-gps_trackerGPS Tracker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45653
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:43
Updated-16 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video Playlist For YouTube Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Video Playlist For YouTube plugin <= 6.0 versions.

Action-Not Available
Vendor-galaxyweblinksGalaxy Weblinks
Product-video_playlist_for_youtubeVideo Playlist For YouTube
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46067
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.79%
||
7 Day CHG~0.00%
Published-21 Oct, 2023 | 20:28
Updated-11 Sep, 2024 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rocket Font Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions.

Action-Not Available
Vendor-qwerty23Qwerty23
Product-rocket_fontRocket Font
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-36668
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.97%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 19:00
Updated-13 Feb, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=del

Action-Not Available
Vendor-idccms_projectn/aidccms_project
Product-idccmsn/aidccms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37227
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.23%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 13:40
Updated-25 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Newsletters plugin <= 4.9.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7.

Action-Not Available
Vendor-tribulantTribulant
Product-newslettersNewsletters
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46198
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 32.23%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 10:47
Updated-10 Sep, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Appointment Calendar Plugin <= 2.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Solution Appointment Calendar plugin <= 2.9.6 versions.

Action-Not Available
Vendor-apointzillaScientech It Solution
Product-appointment_calendarAppointment Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37198
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.23%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 13:46
Updated-02 Aug, 2024 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Digital Newspaper theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through 1.1.5.

Action-Not Available
Vendor-blazethemesblazethemes
Product-digital_newspaperDigital Newspaper
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-36547
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.08%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 14:44
Updated-13 Feb, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add

Action-Not Available
Vendor-idccmsn/aidccms_project
Product-idccmsn/aidccms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37212
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.3||HIGH
EPSS-0.18% / 39.65%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 13:45
Updated-02 Aug, 2024 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - CSRF to PHP Object Injection vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through 3.3.5.

Action-Not Available
Vendor-ali2wooAli2Wooali2woo
Product-ali2wooAli2Woo Liteali2woo
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37230
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.23%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 13:38
Updated-02 Aug, 2024 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Book Landing Page theme <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through 1.2.3.

Action-Not Available
Vendor-rarathemesRara Theme
Product-book_landing_pageBook Landing Page
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-36669
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.37%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 18:56
Updated-13 Feb, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=add.

Action-Not Available
Vendor-idccms_projectn/aidccms_project
Product-idccmsn/aidccms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3643
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.34%
||
7 Day CHG+0.03%
Published-16 May, 2024 | 06:00
Updated-19 May, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Newsletter Popup <= 1.2 - List Deletion via CSRF

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack

Action-Not Available
Vendor-mndpsingh287Unknownnewsletter_popup_project
Product-newsletter_popupNewsletter Popupnewsletter_popup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 45
  • 46
  • Next
Details not found