Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-22568

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 Jan, 2024 | 00:00
Updated At-20 Jun, 2025 | 18:14
Rejected At-
Credits

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 Jan, 2024 | 00:00
Updated At:20 Jun, 2025 | 18:14
Rejected At:
▼CVE Numbering Authority (CNA)

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/kayo-zjq/myc/blob/main/1.md
N/A
Hyperlink: https://github.com/kayo-zjq/myc/blob/main/1.md
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/kayo-zjq/myc/blob/main/1.md
x_transferred
Hyperlink: https://github.com/kayo-zjq/myc/blob/main/1.md
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:18 Jan, 2024 | 15:15
Updated At:20 Jun, 2025 | 19:15

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
flycms_project
flycms_project
>>flycms>>1.0
cpe:2.3:a:flycms_project:flycms:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE-352Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-352
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/kayo-zjq/myc/blob/main/1.mdcve@mitre.org
Exploit
Product
https://github.com/kayo-zjq/myc/blob/main/1.mdaf854a3a-2127-422b-91ae-364da2661108
Exploit
Product
Hyperlink: https://github.com/kayo-zjq/myc/blob/main/1.md
Source: cve@mitre.org
Resource:
Exploit
Product
Hyperlink: https://github.com/kayo-zjq/myc/blob/main/1.md
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Product

Change History

0
Information is not available yet

Similar CVEs

2238Records found
CVE-2024-22601
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.80%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22939
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.36% / 84.30%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 00:00
Updated-16 Jan, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component.

Action-Not Available
Vendor-sunkaifein/aflycms_project
Product-flycmsn/aflycms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22817
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 25.44%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-05 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22591
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 23.84%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save.

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22593
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 23.24%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-30 Aug, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22699
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.77%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-05 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save.

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22819
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 25.44%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-02 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update.

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52072
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.23%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 00:00
Updated-17 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte.

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52074
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.23%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 00:00
Updated-13 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte.

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52073
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.23%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 00:00
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte.

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-36065
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.02%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 00:00
Updated-29 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save.

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22818
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 25.44%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-09 Jun, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22603
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.80%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-29 Aug, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22592
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 23.24%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-02 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-27694
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.07% / 23.13%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 00:00
Updated-16 Apr, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit.

Action-Not Available
Vendor-flycms_projectn/aflycms_project
Product-flycmsn/aflycms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-3305
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.50% / 64.97%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 21:09
Updated-07 Aug, 2024 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.

Action-Not Available
Vendor-pixelpostpixelpost
Product-pixelpostpixelpost
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-15009
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.05% / 14.80%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 08:09
Updated-25 Nov, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenACS bug-tracker Search nav-bar.adp cross-site request forgery

A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is aee43e5714cd8b697355ec3bf83eefee176d3fc3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217440.

Action-Not Available
Vendor-openacsOpenACS
Product-bug-trackerbug-tracker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-52002
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.6||HIGH
EPSS-1.75% / 81.79%
||
7 Day CHG~0.00%
Published-08 Nov, 2024 | 22:16
Updated-07 Jan, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in several iTop pages

Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-combodoCombodo
Product-itopiTop
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-38705
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.72% / 71.45%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 19:25
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A successful attack would consist of an authenticated user following a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. This can be exploited to create a secondary administrator account for the attacker.

Action-Not Available
Vendor-cliniccasesn/a
Product-cliniccasesn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-52479
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.10%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-10 Feb, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Jobify plugin <= 4.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Cross Site Request Forgery.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3.

Action-Not Available
Vendor-astoundifyBen Marshall
Product-jobifyJobify - Job Board WordPress Theme
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-20856
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.49%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 00:00
Updated-27 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vrealize_operationsVMware vRealize Operations (vROps)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-34937
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.73%
||
7 Day CHG~0.00%
Published-03 Aug, 2022 | 00:50
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code.

Action-Not Available
Vendor-yuban/a
Product-u5cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-28195
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.64% / 69.53%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 17:16
Updated-15 Apr, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) vulnerability in API and login in your_spotify

your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery (CSRF). Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or delete data on the affected YourSpotify instance. Using repeated CSRF attacks, it is also possible to create a new user on the victim instance and promote the new user to instance administrator if a legitimate administrator visits a website prepared by an attacker. Note: Real-world exploitability of this vulnerability depends on the browser version and browser settings in use by the victim. This issue has been addressed in version 1.9.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-yooooomiYooooomiyooooomi
Product-your_spotifyyour_spotifyyour_spotify
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-36569
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.47%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.

Action-Not Available
Vendor-thedaylightstudion/a
Product-fuel_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-3819
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.84%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 12:25
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-firefly-iiifirefly-iii
Product-firefly_iiifirefly-iii/firefly-iii
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-52415
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.04% / 9.71%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 21:15
Updated-18 Nov, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SK WP Settings Backup plugin <= 1.0 - CSRF to PHP Object Injection vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Skpstorm SK WP Settings Backup allows Object Injection.This issue affects SK WP Settings Backup: from n/a through 1.0.

Action-Not Available
Vendor-Skpstorm
Product-SK WP Settings Backup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-1085
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.07%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 20:51
Updated-06 Aug, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF vulnerability in Smoothwall Express 3.

Action-Not Available
Vendor-smoothwallSmoothwall
Product-smoothwall_expressSmoothwall Express
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-27948
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.89%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 18:17
Updated-14 Feb, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Atahualpa Theme <= 3.7.24 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahualpa.This issue affects Atahualpa: from n/a through 3.7.24.

Action-Not Available
Vendor-bytesforallbytesforall
Product-atahualpaAtahualpa
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-6497
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.60%
||
7 Day CHG~0.00%
Published-15 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF

Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).

Action-Not Available
Vendor-Micro Focus International Limited
Product-universal_cmbd_servercms_serverUniversal CMDB ServerCMS Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2016-15005
Matching Score-4
Assigner-Go Project
ShareView Details
Matching Score-4
Assigner-Go Project
CVSS Score-8.8||HIGH
EPSS-0.04% / 8.83%
||
7 Day CHG~0.00%
Published-27 Dec, 2022 | 21:13
Updated-11 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cryptographically weak random number generation in github.com/dinever/golf

CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.

Action-Not Available
Vendor-golf_projectgithub.com/dinever/golf
Product-golfgithub.com/dinever/golf
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-7746
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.34% / 79.18%
||
7 Day CHG~0.00%
Published-07 Mar, 2018 | 17:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.

Action-Not Available
Vendor-cobubn/a
Product-razorn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-20011
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.35%
||
7 Day CHG~0.00%
Published-23 Feb, 2023 | 00:00
Updated-28 Oct, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-application_policy_infrastructure_controllercloud_network_controllerCisco Application Policy Infrastructure Controller (APIC)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-52446
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.04% / 9.71%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 11:10
Updated-20 Nov, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Buying Buddy IDX CRM plugin <= 1.1.12 - CSRF to PHP Object Injection vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Buying Buddy Buying Buddy IDX CRM allows Object Injection.This issue affects Buying Buddy IDX CRM: from n/a through 1.1.12.

Action-Not Available
Vendor-Buying Buddybuying_buddy
Product-Buying Buddy IDX CRMbuying_buddy_idx_crm
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-7720
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.34% / 56.12%
||
7 Day CHG~0.00%
Published-07 Mar, 2018 | 08:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation.

Action-Not Available
Vendor-cobubn/a
Product-razorn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-0235
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-26.02% / 96.07%
||
7 Day CHG~0.00%
Published-30 Apr, 2020 | 19:22
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.

Action-Not Available
Vendor-The Apache Software Foundation
Product-ofbizApache OFBiz
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-51144
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.34%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-06 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability exists in the 'pvmsg.php?action=add_message', pvmsg.php?action=confirm_delete , and ajax.server.php?page=user&action=flip_follow endpoints in Ampache <= 6.6.0.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-39197
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.21% / 43.78%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 17:30
Updated-04 Aug, 2024 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery in better_errors

better_errors is an open source replacement for the standard Rails error page with more information rich error pages. It is also usable outside of Rails in any Rack app as Rack middleware. better_errors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct "Content-Type" header for these requests, which allowed a cross-origin "simple request" to be made without CORS protection. These together left an application with better_errors enabled open to cross-origin attacks. As a developer tool, better_errors documentation strongly recommends addition only to the `development` bundle group, so this vulnerability should only affect development environments. Please ensure that your project limits better_errors to the `development` group (or the non-Rails equivalent). Starting with release 2.8.x, CSRF protection is enforced. It is recommended that you upgrade to the latest release, or minimally to "~> 2.8.3". There are no known workarounds to mitigate the risk of using older releases of better_errors.

Action-Not Available
Vendor-better_errors_projectBetterErrors
Product-better_errorsbetter_errors
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-0398
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.35%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 21:35
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.

Action-Not Available
Vendor-SAP SE
Product-businessobjects_business_intelligence_platformSAP BusinessObjects Business Intelligence Platform (Monitoring Application)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-50858
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.82%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 00:00
Updated-06 Jun, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration.

Action-Not Available
Vendor-gestioipn/a
Product-gestioipn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-13529
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.34%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 15:26
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.

Action-Not Available
Vendor-smaSMA Solar Technology AG
Product-sunny_webboxsunny_webbox_firmwareSunny WebBox
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-6504
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-20 Sep, 2018 | 19:00
Updated-16 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability

A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF).

Action-Not Available
Vendor-Micro Focus International Limited
Product-arcsight_management_centerArcSight Management Center
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-6496
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.02%
||
7 Day CHG~0.00%
Published-15 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF

Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).

Action-Not Available
Vendor-Micro Focus International Limited
Product-universal_cmbd_browserUCMDB Browser
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2016-10982
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.90%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 14:17
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF.

Action-Not Available
Vendor-kentothemesn/a
Product-kento-post-view-countern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-10974
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.90%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 14:02
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS.

Action-Not Available
Vendor-tonjoostudion/a
Product-fluid-responsive-slideshown/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-51669
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.25%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 22:04
Updated-25 Nov, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dynamic Widgets plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Vivwebs Dynamic Widgets.This issue affects Dynamic Widgets: from n/a through 1.6.4.

Action-Not Available
Vendor-vivwebsolutionsVivwebs
Product-dynamic_widgetsDynamic Widgets
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-10978
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.90%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 14:08
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF.

Action-Not Available
Vendor-fossuran/a
Product-tag_minern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-5076
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.39% / 59.38%
||
7 Day CHG+0.33%
Published-13 Jul, 2024 | 06:00
Updated-06 May, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP eMember < 10.6.6 - Bulk Delete via CSRF

The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Action-Not Available
Vendor-UnknownTips and Tricks HQ
Product-wp_ememberwp-eMemberwp_emember
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-50466
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.59%
||
7 Day CHG+0.01%
Published-29 Oct, 2024 | 16:34
Updated-06 Nov, 2024 | 23:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DarkMySite – Advanced Dark Mode Plugin for WordPress plugin <= 1.2.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite – Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite – Advanced Dark Mode Plugin for WordPress: from n/a through 1.2.8.

Action-Not Available
Vendor-darkmysiteDarkMySite
Product-darkmysiteDarkMySite – Advanced Dark Mode Plugin for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-10945
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.51%
||
7 Day CHG~0.00%
Published-13 Sep, 2019 | 12:00
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.

Action-Not Available
Vendor-pagelinesn/a
Product-pagelinesn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-49628
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.58%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 10:10
Updated-22 Oct, 2024 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Most And Least Read Posts Widget plugin <= 2.5.18 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WhileTrue Most And Least Read Posts Widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.18.

Action-Not Available
Vendor-whiletrueWhileTrue
Product-most_and_least_read_posts_widgetMost And Least Read Posts Widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 44
  • 45
  • Next
Details not found