Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server->Users component. This issue was resolved in Wowza Streaming Engine 4.8.5.
Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore: from n/a through 3.5.3.
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700.
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions.
Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager allows Cross Site Request Forgery.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager: from n/a through 10.0.1.2.
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.
A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <= 1.3.39 versions.
Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.7 versions.
Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plugin <= 3.1.2 versions.
Cross-Site Request Forgery (CSRF) vulnerability in David Pokorny Replace Word plugin <= 2.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Albert Peschar WebwinkelKeur plugin <= 3.24 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Deepak Anand WP Dummy Content Generator plugin <= 2.3.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Andrea Tarantini Menubar plugin <= 5.8.2 versions.
Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin <= 3.4.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF Generator plugin <= 1.2.2 versions.
Cross-Site Request Forgery (CSRF) vulnerability in AREOI All Bootstrap Blocks plugin <= 1.3.6 versions.
Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.4.1 versions.
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack
Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through 6.4.7.
Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter Feed plugin <= 1.5.12 versions.
Cross-Site Request Forgery (CSRF) vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin <= 1.6.4.4 versions.
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1 versions.
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Cross-Site Request Forgery (CSRF) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat.This issue affects Wise Chat: from n/a through 3.1.3.
Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a through 5.4.8.
The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the "deleteexport" action. This makes it possible for unauthenticated attackers to delete property feed exports via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests.
The WP Media Category Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.0 to 2.3.3. This is due to missing or incorrect nonce validation on the wp_mcm_handle_action_settings() function. This makes it possible for unauthenticated attackers to alter plugin settings, such as the taxonomy used for media, the base slug for media categories, and the default media category via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2.
Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Login.This issue affects Easy Hide Login: from n/a through 1.0.8.
A vulnerability classified as problematic was found in zj1983 zz up to 2024-08. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurator Content Curation plugin <= 3.74 versions.
A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.
Cross-Site Request Forgery (CSRF) vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions.
Form block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any website without a user noticing. Users are advised to upgrade to version 1.0.2. There are no known workarounds for this vulnerability.
IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.
Cross-Site Request Forgery (CSRF) vulnerability in Stranger Studios Force First and Last Name as Display Name plugin <= 1.2 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin <= 3.5.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions.
Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin <= 2.9.20 versions.