Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-0432

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-28 Feb, 2024 | 08:33
Updated At-01 Aug, 2024 | 18:04
Rejected At-
Credits

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_delete_card' function. This makes it possible for unauthenticated attackers to delete the default card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:28 Feb, 2024 | 08:33
Updated At:01 Aug, 2024 | 18:04
Rejected At:
▼CVE Numbering Authority (CNA)

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_delete_card' function. This makes it possible for unauthenticated attackers to delete the default card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affected Products
Vendor
easynolo
Product
Gestpay for WooCommerce
Default Status
unaffected
Versions
Affected
  • From * through 20221130 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-352 Cross-Site Request Forgery (CSRF)
Type: N/A
CWE ID: N/A
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Francesco Carlucci
Timeline
EventDate
Disclosed2024-02-27 00:00:00
Event: Disclosed
Date: 2024-02-27 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/7561a71a-c3f0-45f1-8230-2c17cbeff916?source=cve
N/A
https://wordpress.org/plugins/wppdf/
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/7561a71a-c3f0-45f1-8230-2c17cbeff916?source=cve
Resource: N/A
Hyperlink: https://wordpress.org/plugins/wppdf/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/7561a71a-c3f0-45f1-8230-2c17cbeff916?source=cve
x_transferred
https://wordpress.org/plugins/wppdf/
x_transferred
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/7561a71a-c3f0-45f1-8230-2c17cbeff916?source=cve
Resource:
x_transferred
Hyperlink: https://wordpress.org/plugins/wppdf/
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:28 Feb, 2024 | 09:15
Updated At:10 Feb, 2025 | 14:47

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_delete_card' function. This makes it possible for unauthenticated attackers to delete the default card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
fabrick
fabrick
>>gestpay_for_woocommerce>>Versions before 20240307(exclusive)
cpe:2.3:a:fabrick:gestpay_for_woocommerce:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://wordpress.org/plugins/wppdf/security@wordfence.com
Not Applicable
https://www.wordfence.com/threat-intel/vulnerabilities/id/7561a71a-c3f0-45f1-8230-2c17cbeff916?source=cvesecurity@wordfence.com
Third Party Advisory
https://wordpress.org/plugins/wppdf/af854a3a-2127-422b-91ae-364da2661108
Not Applicable
https://www.wordfence.com/threat-intel/vulnerabilities/id/7561a71a-c3f0-45f1-8230-2c17cbeff916?source=cveaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://wordpress.org/plugins/wppdf/
Source: security@wordfence.com
Resource:
Not Applicable
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/7561a71a-c3f0-45f1-8230-2c17cbeff916?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory
Hyperlink: https://wordpress.org/plugins/wppdf/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/7561a71a-c3f0-45f1-8230-2c17cbeff916?source=cve
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1814Records found
CVE-2021-4092
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.96%
||
7 Day CHG~0.00%
Published-11 Dec, 2021 | 13:35
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm

yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-yetiforceyetiforcecompany
Product-yetiforce_customer_relationship_managementyetiforcecompany/yetiforcecrm
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31388
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.50%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 10:11
Updated-02 Aug, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tablesome plugin <= 1.0.25 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Pauple Table & Contact Form 7 Database – Tablesome.This issue affects Table & Contact Form 7 Database – Tablesome: from n/a through 1.0.25.

Action-Not Available
Vendor-Pauple
Product-Table & Contact Form 7 Database – Tablesome
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30546
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 10:26
Updated-08 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Login With Ajax plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Login With Ajax.This issue affects Login With Ajax: from n/a through 4.1.

Action-Not Available
Vendor-Pixelite
Product-Login With Ajax
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-4015
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.14%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 10:20
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-firefly-iiifirefly-iii
Product-firefly_iiifirefly-iii/firefly-iii
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3147
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.65%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 01:31
Updated-15 Jan, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS makehtml_map.php cross-site request forgery

A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/makehtml_map.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258922 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30468
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 16:20
Updated-02 Aug, 2024 | 01:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress All-In-One Security (AIOS) – Security and Firewall plugin <= 5.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.This issue affects All In One WP Security & Firewall: from n/a through 5.2.6.

Action-Not Available
Vendor-All In One WP Security & Firewall Team
Product-All In One WP Security & Firewall
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30526
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.83%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 18:33
Updated-09 Jun, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin <= 6.5.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Easy Social Feed.This issue affects Easy Social Feed: from n/a through 6.5.6.

Action-Not Available
Vendor-easysocialfeedEasy Social Feed
Product-easy_social_feedEasy Social Feed
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-4251
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.62%
||
7 Day CHG~0.00%
Published-31 Oct, 2023 | 13:54
Updated-22 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EventPrime < 3.2.0 - Booking Creation via CSRF

The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.

Action-Not Available
Vendor-UnknownMetagauss Inc.
Product-eventprimeEventPrime
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30541
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.73%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 18:30
Updated-08 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LWS Optimize plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Optimize.This issue affects LWS Optimize: from n/a through 1.9.1.

Action-Not Available
Vendor-LWS
Product-LWS Optimize
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31385
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 10:12
Updated-02 Aug, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ReDi Restaurant Reservation plugin <= 24.0128 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.

Action-Not Available
Vendor-Reservation Diary
Product-ReDi Restaurant Reservation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31096
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.73%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 18:29
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Nictitate theme <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in kopatheme Nictitate.This issue affects Nictitate: from n/a through 1.1.4.

Action-Not Available
Vendor-kopatheme
Product-Nictitate
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30454
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.79%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 16:30
Updated-19 Mar, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP SMS plugin <= 6.6.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.6.2.

Action-Not Available
Vendor-veronalabsVeronaLabs
Product-wp_smsWP SMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-4592
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 27.18%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 14:00
Updated-15 Jan, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS sys_group_edit.php cross-site request forgery

A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/sys_group_edit.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-4005
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.49%
||
7 Day CHG~0.00%
Published-04 Dec, 2021 | 12:00
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-firefly-iiifirefly-iii
Product-firefly_iiifirefly-iii/firefly-iii
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3144
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.65%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 01:00
Updated-15 Jan, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS makehtml_spec.php cross-site request forgery

A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/makehtml_spec.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3145
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.65%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 01:00
Updated-15 Jan, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS makehtml_js_action.php cross-site request forgery

A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/makehtml_js_action.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258920. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3142
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.16%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 00:00
Updated-28 Aug, 2024 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clavister E10/E80 Setting cross-site request forgery

A vulnerability was found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-258917 was assigned to this vulnerability.

Action-Not Available
Vendor-Clavisterclavister
Product-E10E80e10e80
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-4082
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 0.20%
||
7 Day CHG~0.00%
Published-10 Dec, 2021 | 10:20
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in pimcore/pimcore

pimcore is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-Pimcore
Product-pimcorepimcore/pimcore
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-29093
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.93%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 16:40
Updated-02 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.3.

Action-Not Available
Vendor-Tobias Conrad
Product-Builder for WooCommerce reviews shortcodes – ReviewShort
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2911
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.11% / 30.21%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 21:31
Updated-21 Aug, 2025 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tianjin PubliCMS cross-site request forgery

A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-publiccmsTianjintianjin
Product-publiccmsPubliCMSpublicms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2960
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.38%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 16:52
Updated-20 Feb, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the deletePricingTable() function. This makes it possible for unauthenticated attackers to delete pricing tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-svs-websoftsvs-websoftWordPress.org
Product-svs_pricing_tablesSVS Pricing Tablessvs_pricing_tables
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-3932
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 30.25%
||
7 Day CHG~0.00%
Published-13 Nov, 2021 | 08:45
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in area17/twill

twill is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-area17area17
Product-twillarea17/twill
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-3931
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.96%
||
7 Day CHG~0.00%
Published-13 Nov, 2021 | 08:50
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in snipe/snipe-it

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-snipeitappsnipe
Product-snipe-itsnipe/snipe-it
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-4231
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.63%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 16:25
Updated-17 Sep, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-39124
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.62%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 04:20
Updated-10 Oct, 2024 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request.

Action-Not Available
Vendor-Atlassian
Product-data_centerjiraJira ServerJira Data Center
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-4318
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.72%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 19:46
Updated-23 Apr, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Herd Effects < 5.2.4 - Effect Deletion via CSRF

The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack

Action-Not Available
Vendor-wow-companyUnknown
Product-herd_effectsHerd Effects
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0638
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.96%
||
7 Day CHG~0.00%
Published-17 Feb, 2022 | 16:30
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in microweber/microweber

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

Action-Not Available
Vendor-Microweber (‘Microweber Academy’ Foundation)
Product-microwebermicroweber/microweber
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-4726
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.05%
||
7 Day CHG~0.00%
Published-26 Feb, 2020 | 15:55
Updated-16 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172363.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-27967
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 36.78%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 15:29
Updated-27 May, 2025 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DSGVO All in one for WP plugin <= 4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3.

Action-Not Available
Vendor-dsgvo-for-wpMichael Leithold
Product-dsgvo_all_in_one_for_wpDSGVO All in one for WP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-3921
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.16%
||
7 Day CHG~0.00%
Published-13 Nov, 2021 | 08:55
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-firefly-iiifirefly-iii
Product-firefly_iiifirefly-iii/firefly-iii
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-47305
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.67%
||
7 Day CHG~0.00%
Published-25 Sep, 2024 | 17:34
Updated-02 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Use Any Font plugin <= 6.3.08 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08.

Action-Not Available
Vendor-dineshkarkiDnesscarkey
Product-use_any_fontUse Any Font
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-4585
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.92%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 12:00
Updated-15 Jan, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS member_type.php cross-site request forgery

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/member_type.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263307. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2821
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 13.32%
||
7 Day CHG-0.01%
Published-22 Mar, 2024 | 16:00
Updated-27 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS friendlink_edit.php cross-site request forgery

A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-4736
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.05%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 16:25
Updated-16 Sep, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager 3.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172706.

Action-Not Available
Vendor-IBM Corporation
Product-financial_transaction_manager_for_multiplatformFinancial Transaction Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0515
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.15%
||
7 Day CHG~0.00%
Published-21 Mar, 2022 | 18:50
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in crater-invoice/crater

Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.

Action-Not Available
Vendor-craterappcrater-invoice
Product-cratercrater-invoice/crater
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2748
Matching Score-4
Assigner-GitHub, Inc. (Products Only)
ShareView Details
Matching Score-4
Assigner-GitHub, Inc. (Products Only)
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.24%
||
7 Day CHG-0.08%
Published-20 Mar, 2024 | 23:09
Updated-02 Aug, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSRF vulnerability was identified in GitHub Enterprise Server that allowed performing actions on behalf of a user

A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. 

Action-Not Available
Vendor-GitHub
Product-Enterprise Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0313
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-21 Feb, 2022 | 10:46
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Float Menu < 4.3.1 - Arbitrary Menu Deletion via CSRF

The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack

Action-Not Available
Vendor-wow-estoreUnknown
Product-float_menuFloat menu – awesome floating side menu
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2559
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.51%
||
7 Day CHG~0.00%
Published-17 Mar, 2024 | 09:31
Updated-27 Jan, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC18 SysToolReboot fromSysToolReboot cross-site request forgery

A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac18ac18_firmwareAC18
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2560
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.96%
||
7 Day CHG~0.00%
Published-17 Mar, 2024 | 10:31
Updated-22 Jan, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC18 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery

A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac18ac18_firmwareAC18ac18_firmware
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-20989
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 35.12%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 21:07
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs.

Action-Not Available
Vendor-domainmodn/a
Product-domainmodn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-46028
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.94%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 23:07
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted.

Action-Not Available
Vendor-mblog_projectn/a
Product-mblogn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-36850
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.76%
||
7 Day CHG~0.00%
Published-04 Oct, 2021 | 16:57
Updated-28 Mar, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Media File Renamer – Auto & Manual Rename plugin <= 5.1.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters "post_title", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state.

Action-Not Available
Vendor-meowappsMeow Apps
Product-media_file_renamer_-_auto_\&_manual_renameMedia File Renamer – Auto & Manual Rename (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-36890
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.80%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 19:30
Updated-20 Feb, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Share Buttons by Supsystic plugin <= 2.2.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress.

Action-Not Available
Vendor-supsysticsupsystic.com
Product-social_share_buttonsSocial Share Buttons by Supsystic (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-36915
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.2||MEDIUM
EPSS-0.13% / 32.72%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 19:33
Updated-20 Feb, 2025 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Profile Builder plugin <= 3.6.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on.

Action-Not Available
Vendor-cozmoslabsCozmoslabs
Product-profile_builderProfile Builder – User Profile & User Registration Forms (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-36852
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.01%
||
7 Day CHG-0.00%
Published-22 Aug, 2022 | 14:45
Updated-20 Feb, 2025 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Hotel Booking plugin <= 1.10.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress.

Action-Not Available
Vendor-ThimPress (PhysCode)
Product-wp_hotel_bookingWP Hotel Booking
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-36542
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.62%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 18:09
Updated-04 Aug, 2024 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocument.php in SeedDMS v5.1.x<5.1.23 and v6.0.x <6.0.16 allows a remote attacker to lock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page.

Action-Not Available
Vendor-seeddmsn/a
Product-seeddmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-36861
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.77%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:08
Updated-20 Feb, 2025 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rich Reviews by Starfish plugin <= 1.9.14 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rich Reviews by Starfish plugin <= 1.9.14 at WordPress allows an attacker to delete reviews.

Action-Not Available
Vendor-starfishStarfish Reviews
Product-rich_reviewRich Reviews by Starfish (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-36891
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.80%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 19:16
Updated-20 Feb, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change

Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings.

Action-Not Available
Vendor-supsysticSupsystic
Product-photo_galleryPhoto Gallery by Supsystic (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-36877
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.76%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 15:32
Updated-28 Mar, 2025 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress uListing plugin <= 2.0.5 - Modify User Roles via Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles.

Action-Not Available
Vendor-stylemixthemesStylemixThemes
Product-ulistinguListing (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-36878
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.76%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 14:12
Updated-28 Mar, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress uListing plugin <= 2.0.5 - Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings.

Action-Not Available
Vendor-stylemixthemesStylemixThemes
Product-ulistinguListing (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 36
  • 37
  • Next
Details not found