Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-46151

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-24 Oct, 2023 | 10:09
Updated At-11 Sep, 2024 | 15:07
Rejected At-
Credits

WordPress Product Category Tree Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:24 Oct, 2023 | 10:09
Updated At:11 Sep, 2024 | 15:07
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Product Category Tree Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions.

Affected Products
Vendor
AWESOME TOGIAWESOME TOGI
Product
Product Category Tree
Collection URL
https://wordpress.org/plugins
Package Name
product-category-tree
Default Status
unaffected
Versions
Affected
  • From n/a through 2.5 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62CAPEC-62 Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: CAPEC-62 Cross Site Request Forgery
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Nguyen Xuan Chien (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/product-category-tree/wordpress-product-category-tree-plugin-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/product-category-tree/wordpress-product-category-tree-plugin-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/product-category-tree/wordpress-product-category-tree-plugin-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/product-category-tree/wordpress-product-category-tree-plugin-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:25 Oct, 2023 | 18:17
Updated At:01 Nov, 2023 | 17:49

Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
AWESOME TOGI
awesometogi
>>product_category_tree>>Versions up to 2.5(inclusive)
cpe:2.3:a:awesometogi:product_category_tree:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primaryaudit@patchstack.com
CWE ID: CWE-352
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/product-category-tree/wordpress-product-category-tree-plugin-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cveaudit@patchstack.com
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/product-category-tree/wordpress-product-category-tree-plugin-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

3518Records found
CVE-2020-16256
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.69%
||
7 Day CHG~0.00%
Published-28 Oct, 2020 | 17:07
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The API on Winston 1.5.4 devices is vulnerable to CSRF.

Action-Not Available
Vendor-winstonprivacyn/a
Product-winston_firmwarewinstonn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32502
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 22:12
Updated-04 Sep, 2024 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pro Mime Types Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro Mime Types – Manage file media types plugin <= 1.0.7 versions.

Action-Not Available
Vendor-cyberwireSybre Waaijer
Product-pro_mime_typesPro Mime Types – Manage file media types
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-3254
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.66%
||
7 Day CHG~0.00%
Published-18 Oct, 2023 | 04:32
Updated-05 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setup_no_reg_header.php. This makes it possible for unauthenticated attackers to reset plugin settings and remove reviews via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-trustedindextrustindex
Product-widgets_for_google_reviewsWidgets for Google Reviews
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-45693
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8||HIGH
EPSS-0.06% / 18.51%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 07:52
Updated-17 Oct, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache CloudStack: Request origin validation bypass makes account takeover possible

Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account takeover, disruption, exposure of sensitive data and compromise integrity of the resources owned by the user account that are managed by the platform. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1 Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-cloudstackApache CloudStackcloudstack
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32995
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.12%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.

Action-Not Available
Vendor-Jenkins
Product-saml_single_sign_onJenkins SAML Single Sign On(SSO) Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32501
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 22:18
Updated-04 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.6.1 versions.

Action-Not Available
Vendor-vikwpE4J s.r.l.vikwp
Product-vikbooking_hotel_booking_engine_\&_pmsVikBooking Hotel Booking Engine & PMSvikbooking_hotel_booking_engine_\&_pms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-16252
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.75%
||
7 Day CHG~0.00%
Published-05 Aug, 2020 | 13:40
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF.

Action-Not Available
Vendor-field_test_projectn/a
Product-field_testn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32991
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.71%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML.

Action-Not Available
Vendor-Jenkins
Product-saml_single_sign_onJenkins SAML Single Sign On(SSO) Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32587
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 21:14
Updated-03 Sep, 2024 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Reactions Lite Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WP Reactions, LLC WP Reactions Lite plugin <= 1.3.8 versions.

Action-Not Available
Vendor-wpreactionsWP Reactions, LLC
Product-wp_reactions_liteWP Reactions Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32989
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.12%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.

Action-Not Available
Vendor-Jenkins
Product-azure_vm_agentsJenkins Azure VM Agents Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32091
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.37%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 13:04
Updated-20 Sep, 2024 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress POEditor Plugin <= 0.9.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions.

Action-Not Available
Vendor-poeditorPOEditor
Product-poeditorPOEditor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-35242
Matching Score-4
Assigner-SolarWinds
ShareView Details
Matching Score-4
Assigner-SolarWinds
CVSS Score-8.3||HIGH
EPSS-0.14% / 34.30%
||
7 Day CHG~0.00%
Published-06 Dec, 2021 | 16:53
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A valid CSRF token is present in response to an invalid request

Serv-U server responds with valid CSRFToken when the request contains only Session.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.
Product-serv-uServ-U Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32739
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 20:56
Updated-19 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Custom Cursors Plugin < 3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin < 3.2 versions.

Action-Not Available
Vendor-hamidrezasepehrWeb_Trendy
Product-custom_cursorsWP Custom Cursors | WordPress Cursor Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32125
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 22:28
Updated-04 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi Rating Plugin <= 5.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.

Action-Not Available
Vendor-danielpowneyDaniel Powney
Product-multi_ratingMulti Rating
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32589
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.03%
||
7 Day CHG~0.00%
Published-20 May, 2023 | 22:48
Updated-09 Jan, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dyslexiefont Free Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <= 1.0.0 versions.

Action-Not Available
Vendor-pingonlinePingOnline
Product-dyslexiefont_freeDyslexiefont Free
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-4535
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.26% / 48.88%
||
7 Day CHG~0.00%
Published-27 May, 2024 | 06:00
Updated-19 May, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
KKProgressbar2 Free <= 1.1.4.2 - Progress Bar Deletion via CSRF

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Action-Not Available
Vendor-krzysztof-furtakUnknown
Product-kkprogressbar2KKProgressbar2 Free
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32744
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 20:53
Updated-03 Sep, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Product Recommendations Plugin < 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin <= 2.3.0 versions.

Action-Not Available
Vendor-WooCommerce
Product-product_recommendationsProduct Recommendations
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32092
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 22:36
Updated-03 Sep, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Community by PeepSo Plugin <= 6.0.9.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.9.0 versions.

Action-Not Available
Vendor-peepsoPeepSo
Product-peepsoCommunity by PeepSo – Social Network, Membership, Registration, User Profiles
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-33003
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.10%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics.

Action-Not Available
Vendor-Jenkins
Product-tag_profilerJenkins Tag Profiler Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32104
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.85%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 12:49
Updated-20 Nov, 2024 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MyCurator Content Curation Plugin <= 3.74 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurator Content Curation plugin <= 3.74 versions.

Action-Not Available
Vendor-target-infoMark Tilly
Product-mycurator_content_curationMyCurator Content Curation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-34634
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.94%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 20:13
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nifty Newsletters <= 4.0.23 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the sola_nl_wp_head function found in the ~/sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23.

Action-Not Available
Vendor-sola-newsletters_projectSolaPlugins
Product-sola-newslettersNifty Newsletters
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32980
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 40.25%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job.

Action-Not Available
Vendor-Jenkins
Product-email_extensionJenkins Email Extension Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32093
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 22:32
Updated-04 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TPG Redirect Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Criss Swaim TPG Redirect plugin <= 1.0.7 versions.

Action-Not Available
Vendor-tpgincCriss Swaim
Product-tpg_redirectTPG Redirect
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-34633
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.96%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 20:14
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Youtube Feeder <= 2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Request Forgery via the printAdminPage function found in the ~/youtube-feeder.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.1.

Action-Not Available
Vendor-youtube_feeder_projectYoutube Feeder
Product-youtube_feederYoutube Feeder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32978
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.10%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 15:59
Updated-23 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-lightweight_directory_access_protocolJenkins LDAP Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32998
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.64%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-appspiderJenkins AppSpider Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32592
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 21:08
Updated-03 Sep, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sunny Search Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2 versions.

Action-Not Available
Vendor-fast-search-powered-by-solr_projectPalasthotel by Edward Bock, Katharina Rompf
Product-fast-search-powered-by-solrSunny Search
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32745
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 20:38
Updated-03 Sep, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.1 versions.

Action-Not Available
Vendor-WooCommerce
Product-automatewooAutomateWoo
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32124
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.03%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 14:22
Updated-17 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Publish Confirm Message Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publish Confirm Message plugin <= 1.3.1 versions.

Action-Not Available
Vendor-arulprasadjArul Prasad J
Product-publish_confirm_messagePublish Confirm Message
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32245
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 30.52%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 22:32
Updated-01 Oct, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Server Side Request Forgery (SSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a through 5.4.8.

Action-Not Available
Vendor-WPDeveloper
Product-essential_addons_for_elementorEssential Addons for Elementor Pro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32602
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 20:59
Updated-03 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CALL ME NOW Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in LOKALYZE CALL ME NOW plugin <= 3.0 versions.

Action-Not Available
Vendor-lokalyzeLOKALYZE
Product-call_me_nowCALL ME NOW
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32504
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 32.24%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 22:28
Updated-02 Aug, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wise Chat Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat.This issue affects Wise Chat: from n/a through 3.1.3.

Action-Not Available
Vendor-kaineKainex
Product-wise_chatWise Chat
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-45269
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.60%
||
7 Day CHG~0.00%
Published-01 Sep, 2024 | 23:55
Updated-13 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.

Action-Not Available
Vendor-majeedrazaSayful Islam
Product-carousel_sliderCarousel Slider
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-16208
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.26% / 48.83%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 20:42
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions).

Action-Not Available
Vendor-redlionn/a
Product-n-tron_702-w_firmwaren-tron_702m12-w_firmwaren-tron_702m12-wn-tron_702-wN-Tron 702-W / 702M12-W
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32512
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 21:21
Updated-04 Sep, 2024 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShortPixel Adaptive Images Plugin <= 3.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin <= 3.7.1 versions.

Action-Not Available
Vendor-shortpixelShortPixel
Product-shortpixel_adaptive_imagesShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32794
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 20:35
Updated-03 Sep, 2024 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Add-Ons plugin <= 6.1.3 versions.

Action-Not Available
Vendor-WooCommerce
Product-product_addonsProduct Add-Ons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-15660
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.54% / 66.64%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 11:24
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-geckodrivern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32964
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.03%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 14:34
Updated-01 Nov, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Better Notifications for WP Plugin <= 1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <= 1.9.2 versions.

Action-Not Available
Vendor-madewithfuelMade with Fuel
Product-better_notifications_for_wpBetter Notifications for WP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-36882
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.40% / 59.78%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 14:20
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.

Action-Not Available
Vendor-Jenkins
Product-gitJenkins Git Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-16610
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.30%
||
7 Day CHG~0.00%
Published-28 Aug, 2020 | 16:06
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.

Action-Not Available
Vendor-hooskn/a
Product-hooskn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32344
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.62%
||
7 Day CHG~0.00%
Published-24 Feb, 2024 | 15:29
Updated-13 Feb, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Analytics cross-site request forgery

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898.

Action-Not Available
Vendor-NetApp, Inc.IBM Corporation
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-10978
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.94%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 14:08
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF.

Action-Not Available
Vendor-fossuran/a
Product-tag_minern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32579
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 21:18
Updated-04 Sep, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Forget About Shortcode Buttons Plugin <= 2.1.2 is vulnerable to Broken Access Control

Cross-Site Request Forgery (CSRF) vulnerability in Designs & Code Forget About Shortcode Buttons plugin <= 2.1.2 versions.

Action-Not Available
Vendor-designsandcodeDesigns & Code
Product-forget_about_shortcode_buttonsForget About Shortcode Buttons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-15400
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.70%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 11:42
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.

Action-Not Available
Vendor-cakefoundationn/a
Product-cakephpn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-29451
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.14%
||
7 Day CHG~0.00%
Published-29 Apr, 2022 | 16:58
Updated-20 Feb, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rara One Click Demo Import plugin <= 1.2.9 - Cross-Site Request Forgery (CSRF) leads to Arbitrary File Upload vulnerability

Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory.

Action-Not Available
Vendor-rarathemesRaratheme
Product-rara_one_click_demo_importRara One Click Demo Import (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-43340
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.07%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 20:33
Updated-27 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AFI – The Easiest Integration Plugin plugin <= 1.89.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Nasirahmed Advanced Form Integration.This issue affects Advanced Form Integration: from n/a through 1.89.4.

Action-Not Available
Vendor-advancedformintegrationNasirahmed
Product-advanced_form_integrationAdvanced Form Integration
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32588
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.91%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 01:14
Updated-28 Aug, 2024 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post State Tags Plugin <= 2.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in BRANDbrilliance Post State Tags plugin <= 2.0.6 versions.

Action-Not Available
Vendor-brandbrillianceBRANDbrilliance
Product-post_state_tagsPost State Tags
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-34631
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.96%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:36
Updated-17 Sep, 2024 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NewsPlugin <= 1.0.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handle_save_style function found in the ~/news-plugin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.18.

Action-Not Available
Vendor-ipdgroupNewsPlugin
Product-newspluginNewsPlugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32583
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 21.41%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 01:18
Updated-28 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP All Backup Plugin <= 2.4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Prashant Walke WP All Backup plugin <= 2.4.3 versions.

Action-Not Available
Vendor-walkeprashantPrashant Walke
Product-wp_all_backupWP All Backup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32500
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 22:22
Updated-04 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WoodMart Theme <= 7.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme <= 7.1.1 versions.

Action-Not Available
Vendor-XTemos Studio
Product-woodmartWoodMart - Multipurpose WooCommerce Themewoodmart
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 70
  • 71
  • Next
Details not found