Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-12115

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-07 Dec, 2024 | 01:45
Updated At-09 Dec, 2024 | 18:02
Rejected At-
Credits

Poll Maker <= 5.5.4 - Cross-Site Request Forgery to Poll Duplication

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function. This makes it possible for unauthenticated attackers to duplicate polls via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:07 Dec, 2024 | 01:45
Updated At:09 Dec, 2024 | 18:02
Rejected At:
▼CVE Numbering Authority (CNA)
Poll Maker <= 5.5.4 - Cross-Site Request Forgery to Poll Duplication

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function. This makes it possible for unauthenticated attackers to duplicate polls via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affected Products
Vendor
AYS Pro Extensionsays-pro
Product
Poll Maker – Versus Polls, Anonymous Polls, Image Polls
Default Status
unaffected
Versions
Affected
  • From * through 5.5.4 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Noah Stead
Timeline
EventDate
Disclosed2024-12-06 00:00:00
Event: Disclosed
Date: 2024-12-06 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/e76447ec-2815-4758-ae2c-67a938a739d9?source=cve
N/A
https://plugins.trac.wordpress.org/changeset/3202972/poll-maker/tags/5.5.5/includes/lists/class-poll-maker-polls-list-table.php?old=3202972&old_path=poll-maker%2Ftags%2F5.5.4%2Fincludes%2Flists%2Fclass-poll-maker-polls-list-table.php
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/e76447ec-2815-4758-ae2c-67a938a739d9?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset/3202972/poll-maker/tags/5.5.5/includes/lists/class-poll-maker-polls-list-table.php?old=3202972&old_path=poll-maker%2Ftags%2F5.5.4%2Fincludes%2Flists%2Fclass-poll-maker-polls-list-table.php
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:07 Dec, 2024 | 02:15
Updated At:28 May, 2025 | 18:42

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function. This makes it possible for unauthenticated attackers to duplicate polls via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
AYS Pro Extensions
ays-pro
>>poll_maker>>Versions before 5.5.5(exclusive)
cpe:2.3:a:ays-pro:poll_maker:*:*:*:*:free:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarysecurity@wordfence.com
CWE ID: CWE-352
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/changeset/3202972/poll-maker/tags/5.5.5/includes/lists/class-poll-maker-polls-list-table.php?old=3202972&old_path=poll-maker%2Ftags%2F5.5.4%2Fincludes%2Flists%2Fclass-poll-maker-polls-list-table.phpsecurity@wordfence.com
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/e76447ec-2815-4758-ae2c-67a938a739d9?source=cvesecurity@wordfence.com
Third Party Advisory
Hyperlink: https://plugins.trac.wordpress.org/changeset/3202972/poll-maker/tags/5.5.5/includes/lists/class-poll-maker-polls-list-table.php?old=3202972&old_path=poll-maker%2Ftags%2F5.5.4%2Fincludes%2Flists%2Fclass-poll-maker-polls-list-table.php
Source: security@wordfence.com
Resource:
Patch
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/e76447ec-2815-4758-ae2c-67a938a739d9?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1793Records found
CVE-2022-1960
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.80%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MyCSS <= 1.1 - Arbitrary Settings Update via CSRF

The MyCSS WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-mycss_projectUnknown
Product-mycssMyCSS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1203
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-3.56% / 87.24%
||
7 Day CHG~0.00%
Published-30 May, 2022 | 00:00
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update

The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options

Action-Not Available
Vendor-content_mask_projectUnknown
Product-content_maskContent Mask
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45639
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.76%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 09:32
Updated-16 Sep, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sort SearchResult By Title Plugin <= 10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Codex-m Sort SearchResult By Title plugin <= 10.0 versions.

Action-Not Available
Vendor-phpdeveloperCodex-m
Product-sort_searchresult_by_titleSort SearchResult By Title
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46087
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.76%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 14:28
Updated-16 Sep, 2024 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Who Hit The Page – Hit Counter Plugin <= 1.4.14.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa Who Hit The Page – Hit Counter plugin <= 1.4.14.3 versions.

Action-Not Available
Vendor-mahlamusaMahlamusa
Product-who_hit_the_page_hit_counterWho Hit The Page – Hit Counter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3631
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 51.00%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 06:00
Updated-15 May, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack

Action-Not Available
Vendor-dachande663Unknown
Product-hl_twitterHL Twitter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-2223
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.10%
||
7 Day CHG~0.00%
Published-18 Jul, 2022 | 16:12
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewic_duplicate_slider. This make it possible for unauthenticated attackers to duplicate existing posts or pages granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-ghozylabghozylab
Product-image_sliderImage Slider
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46190
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.80%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 10:23
Updated-11 Sep, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Novo-Map : your WP posts on custom google maps Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin <= 1.1.2 versions.

Action-Not Available
Vendor-novo-mediaNovo-media
Product-novo-map\Novo-Map : your WP posts on custom google maps
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34755
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.12%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 09:52
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through 1.3.9.

Action-Not Available
Vendor-CRM Perks
Product-Integration for Contact Form 7 and Salesforce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-24572
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.91%
||
7 Day CHG~0.00%
Published-01 Nov, 2021 | 08:46
Updated-03 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Paypal Donation < 1.3.1 - CSRF to Arbitrary Post Deletion

The Accept Donations with PayPal WordPress plugin before 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and there is no control to check if the deleted post was a button post. As a result, an attacker could make logged in admins delete arbitrary posts

Action-Not Available
Vendor-wppluginUnknown
Product-accept_donations_with_paypalAccept Donations with PayPal
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34823
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.88%
||
7 Day CHG~0.00%
Published-10 May, 2024 | 08:21
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Arigato Autoresponder and Newsletter plugin <= 2.7.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter.This issue affects Arigato Autoresponder and Newsletter: from n/a through 2.7.2.3.

Action-Not Available
Vendor-Kiboko Labskibokolabs
Product-Arigato Autoresponder and Newsletterarigato_autoresponder_and_newsletter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45655
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.76%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:49
Updated-16 Sep, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PixFields Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions.

Action-Not Available
Vendor-pixelgradePixelGrade
Product-pixfieldsPixFields
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34806
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.12%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 09:48
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Clearfy Cache plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Clearfy Cache.This issue affects Clearfy Cache: from n/a through 2.2.1.

Action-Not Available
Vendor-Creative Motion
Product-Clearfy Cache
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-21179
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.96%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 09:50
Updated-03 Aug, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series) allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted page, and Mail Magazine Templates and/or transmitted history information may be deleted unintendedly.

Action-Not Available
Vendor-ec-cubeEC-CUBE CO.,LTD.
Product-e-mail_newsletter_managementEC-CUBE plugin 'Mail Magazine Management Plugin'
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-35632
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.12%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 11:49
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through 1.1.5.

Action-Not Available
Vendor-CRM Perks.
Product-Integration for Contact Form 7 and Constant Contact
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46204
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.34% / 55.99%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 10:53
Updated-10 Sep, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Duplicate Theme Plugin <= 0.1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. Duplicate Theme plugin <= 0.1.6 versions.

Action-Not Available
Vendor-mullerdigitalMuller Digital Inc.
Product-duplicate_themeDuplicate Theme
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34828
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.89%
||
7 Day CHG~0.00%
Published-10 May, 2024 | 08:16
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Church Admin plugin <= 4.1.32 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.32.

Action-Not Available
Vendor-Andy Moyle
Product-Church Admin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-35638
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.12%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 08:57
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ActiveDEMAND plugin <= 0.2.43 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through 0.2.43.

Action-Not Available
Vendor-JumpDEMAND Inc.
Product-ActiveDEMAND
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-35636
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 40.12%
||
7 Day CHG~0.00%
Published-01 Jun, 2024 | 09:07
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uploadcare File Uploader and Adaptive Delivery plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery (beta) uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery (beta): from n/a through 3.0.11.

Action-Not Available
Vendor-Uploadcare
Product-Uploadcare File Uploader and Adaptive Delivery (beta)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-35560
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 41.16%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 13:38
Updated-25 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCN.

Action-Not Available
Vendor-n/aidccms_project
Product-n/aidccms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-35684
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.12%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:53
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ElasticPress plugin <= 5.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress.This issue affects ElasticPress: from n/a through 5.1.1.

Action-Not Available
Vendor-10up10up
Product-elasticpressElasticPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34809
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.12%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 09:43
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EmpowerWP theme <= 1.0.21 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes EmpowerWP.This issue affects EmpowerWP: from n/a through 1.0.21.

Action-Not Available
Vendor-Extend Themesextendthemes
Product-EmpowerWPempowerwp
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34557
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.68%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 11:40
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.4.

Action-Not Available
Vendor-UkrSolution
Product-Barcode Scanner with Inventory & Order Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-10025
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.73%
||
7 Day CHG~0.00%
Published-08 Apr, 2023 | 17:00
Updated-06 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exit Strategy Plugin exitpage.php exitpageadmin cross-site request forgery

A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is able to address this issue. The patch is identified as d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. VDB-225266 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-exit_strategy_projectn/a
Product-exit_strategyExit Strategy Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34756
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.12%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 09:49
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Integration for HubSpot and Contact Form 7 plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 HubSpot.This issue affects Integration for Contact Form 7 HubSpot: from n/a through 1.3.1.

Action-Not Available
Vendor-CRM Perkscrmperks
Product-Integration for Contact Form 7 HubSpotintegration_for_constant_contact_and_contact_form_7\,_wpforms\,_elementor\,_ninja
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45749
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.76%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 10:04
Updated-16 Sep, 2024 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AGP Font Awesome Collection Plugin <= 3.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions.

Action-Not Available
Vendor-profosboxAlexey Golubnichenko
Product-agp_font_awesome_collectionAGP Font Awesome Collection
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0707
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.80%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 17:10
Updated-07 Feb, 2025 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Easy Digital Downloads < 2.11.6 - Arbitrary Payment Note Insertion via CSRF

The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack

Action-Not Available
Vendor-UnknownAwesome Motive Inc.
Product-easy_digital_downloadsEasy Digital Downloads – Simple eCommerce for Selling Digital Files
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46191
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.79%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 10:32
Updated-10 Sep, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Open Graph Metabox Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar Open Graph Metabox plugin <= 1.4.4 versions.

Action-Not Available
Vendor-underdockNiels van Renselaar
Product-open_graph_metaboxOpen Graph Metabox
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0875
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.80%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:55
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
miniOrange Google Authenticator < 1.0.5 - CSRF to Stored Cross-Site Scripting

The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks

Action-Not Available
Vendor-miniorangeUnknown
Product-google_authenticatorGoogle Authenticator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1421
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-7.61% / 91.49%
||
7 Day CHG~0.00%
Published-06 Jun, 2022 | 08:50
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discy < 5.2 - Settings Update via CSRF

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack

Action-Not Available
Vendor-2codeUnknown
Product-discyDiscy
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0226
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.14%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:00
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-livehelperchatlivehelperchat
Product-live_helper_chatlivehelperchat/livehelperchat
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-33690
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 12:52
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Financio theme <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio.This issue affects Financio: from n/a through 1.1.3.

Action-Not Available
Vendor-Jegstudiojegstudio
Product-Financiofinancio
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0444
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.76%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:55
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XCloner < 4.3.6 - Plugin Settings Reset

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key.

Action-Not Available
Vendor-watchfulUnknown
Product-xclonerBackup, Restore and Migrate WordPress Sites With the XCloner Plugin
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-24740
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.14%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 15:28
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage

Action-Not Available
Vendor-pluck-cmsn/a
Product-pluckn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44994
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.76%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 14:31
Updated-18 Sep, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShortCodes UI Plugin <= 1.9.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions.

Action-Not Available
Vendor-Bainternet (Ohad Raz)
Product-shortcodes_uiShortCodes UI
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0199
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-21 Feb, 2022 | 10:46
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coming soon and Maintenance mode < 3.6.8 - Arbitrary Email Sending to Subscribed Users via CSRF

The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack

Action-Not Available
Vendor-UnknownWpDevArt
Product-coming_soon_and_maintenance_modeComing soon and Maintenance mode
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0245
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.7||MEDIUM
EPSS-0.11% / 29.36%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 05:15
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0.

Action-Not Available
Vendor-livehelperchatlivehelperchat
Product-livehelperchatlivehelperchat/livehelperchat
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-33689
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 12:54
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Radio Station plugin <= 2.5.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli, Tony Hayes Radio Station.This issue affects Radio Station: from n/a through 2.5.7.

Action-Not Available
Vendor-Tony Zeoli, Tony Hayes
Product-Radio Station
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-32712
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.95%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 12:25
Updated-19 Mar, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Podlove Podcast Publisher plugin <= 4.0.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14.

Action-Not Available
Vendor-podlovePodlove
Product-podlove_podcast_publisherPodlove Podcast Publisher
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2024-34427
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.74%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 11:45
Updated-02 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Favorite Posts plugin <= 1.6.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Favorite Posts.This issue affects WP Favorite Posts: from n/a through 1.6.8.

Action-Not Available
Vendor-Huseyin Berberoglu
Product-WP Favorite Posts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44237
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.01%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 09:42
Updated-19 Sep, 2024 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Site Protector Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin <= 2.0 versions.

Action-Not Available
Vendor-moriyan_jayMoriyan Jay
Product-wp_site_protectorWP Site Protector
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45107
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.01%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 12:00
Updated-16 Sep, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GoodBarber Plugin <= 1.0.22 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin <= 1.0.22 versions.

Action-Not Available
Vendor-goodbarberGoodBarber
Product-goodbarberGoodBarber
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-10499
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.71%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 13:06
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request.

Action-Not Available
Vendor-chadhaajayn/a
Product-phpkbn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45052
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.01%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 12:28
Updated-19 Feb, 2025 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Bing Map Pro Plugin < 5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map Pro plugin < 5.0 versions.

Action-Not Available
Vendor-dan009dan009
Product-wp_bing_map_proWP Bing Map Pro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-20613
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.88%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 00:00
Updated-03 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

Action-Not Available
Vendor-Oracle CorporationJenkins
Product-communications_cloud_native_core_automated_test_suitemailerJenkins Mailer Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-33650
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 07:11
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Serious Slider plugin <= 1.2.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Cryout Creations Serious Slider.This issue affects Serious Slider: from n/a through 1.2.4.

Action-Not Available
Vendor-Cryout Creations
Product-Serious Slider
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44476
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.76%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 14:28
Updated-18 Sep, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CopyRightPro Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. CopyRightPro plugin <= 2.1 versions.

Action-Not Available
Vendor-wp-copyrightproAndres Felipe Perea V.
Product-wp-copyrightproCopyRightPro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-48047
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.10%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 12:10
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Linked Variation for WooCommerce plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Razon Komar Pal Linked Variation for WooCommerce allows Cross Site Request Forgery.This issue affects Linked Variation for WooCommerce: from n/a through 1.0.5.

Action-Not Available
Vendor-Razon Komar Pal
Product-Linked Variation for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44243
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.01%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 15:02
Updated-19 Sep, 2024 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Instant CSS Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <= 1.2.1 versions.

Action-Not Available
Vendor-dylanblokhuisDylan Blokhuis
Product-instant_cssInstant CSS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-33688
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.42%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 12:55
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Teluro theme <= 1.0.31 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31.

Action-Not Available
Vendor-Extend ThemesWordPress.org
Product-Teluroteluro_theme
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44231
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.01%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 08:40
Updated-19 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in NickDuncan Contact Form plugin <= 2.0.10 versions.

Action-Not Available
Vendor-nickduncanNickDuncan
Product-contact_formContact Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 35
  • 36
  • Next
Details not found