Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-27689

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 Mar, 2024 | 00:00
Updated At-08 Aug, 2024 | 20:46
Rejected At-
Credits

Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-article.php.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 Mar, 2024 | 00:00
Updated At:08 Aug, 2024 | 20:46
Rejected At:
▼CVE Numbering Authority (CNA)

Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-article.php.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Xin246/cms/blob/main/2.md
N/A
Hyperlink: https://github.com/Xin246/cms/blob/main/2.md
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Xin246/cms/blob/main/2.md
x_transferred
Hyperlink: https://github.com/Xin246/cms/blob/main/2.md
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
stupid_simple
Product
cms
CPEs
  • cpe:2.3:a:stupid_simple:cms:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 1.2.4 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Mar, 2024 | 17:15
Updated At:28 Mar, 2025 | 14:25

Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-article.php.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
codelyfe
codelyfe
>>stupid_simple_cms>>Versions up to 1.2.4(inclusive)
cpe:2.3:a:codelyfe:stupid_simple_cms:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-352
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/Xin246/cms/blob/main/2.mdcve@mitre.org
Exploit
Third Party Advisory
https://github.com/Xin246/cms/blob/main/2.mdaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: https://github.com/Xin246/cms/blob/main/2.md
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/Xin246/cms/blob/main/2.md
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2355Records found
CVE-2024-56474
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.45%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 15:31
Updated-01 Sep, 2025 | 00:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM TXSeries for Multiplatforms cross-site request forgery

IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-aixlinux_kerneltxseries_for_multiplatformsTXSeries for Multiplatforms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-25914
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.55%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 05:04
Updated-10 Oct, 2024 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SMTP Mail Plugin <= 1.3.20 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20.

Action-Not Available
Vendor-photoboxonePhotoboxone
Product-smtp_mailSMTP Mail
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-27692
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.97%
||
7 Day CHG~0.00%
Published-04 Nov, 2020 | 20:14
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possible to remotely reboot the device or upload malicious firmware.

Action-Not Available
Vendor-imomobilen/a
Product-verve_connect_vh510verve_connect_vh510_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-65573
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.78%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 00:00
Updated-16 Dec, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in AllskyTeam AllSky v2024.12.06_06 allows remote attackers to cause a denial of service via function handle_interface_POST_and_status.

Action-Not Available
Vendor-allskyteamn/a
Product-allskyn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24777
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-13.64% / 94.10%
||
7 Day CHG~0.00%
Published-30 Oct, 2024 | 13:35
Updated-08 Nov, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious web page to trigger this vulnerability.

Action-Not Available
Vendor-level1LevelOnelevelone
Product-wbr-6012_firmwarewbr-6012WBR-6012wbr-6012
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24701
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.44%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 16:16
Updated-08 Jan, 2025 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Setka Editor Plugin <= 2.1.20 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20.

Action-Not Available
Vendor-tinyNative Grid LLC
Product-setka_workflowA no-code page builder for beautiful performance-based content
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-19889
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.29%
||
7 Day CHG~0.00%
Published-24 Aug, 2020 | 14:40
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user.

Action-Not Available
Vendor-dbhcms_projectn/a
Product-dbhcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24935
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.55%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 08:34
Updated-07 Nov, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Basic Log Viewer Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic Log Viewer.This issue affects Basic Log Viewer: from n/a through 1.0.4.

Action-Not Available
Vendor-wpsimpletoolsWpSimpleTools
Product-basic_log_viewerBasic Log Viewer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-64256
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.02% / 6.30%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 14:13
Updated-20 Jan, 2026 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Folio plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Folio simple-folio allows Cross Site Request Forgery.This issue affects Simple Folio: from n/a through <= 1.1.0.

Action-Not Available
Vendor-PressTigers
Product-Simple Folio
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54355
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.02%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-07 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Mailster plugin <= 1.8.17.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0.

Action-Not Available
Vendor-wpmailsterbrandtoss
Product-wp_mailsterWP Mailster
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24702
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.29%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 14:32
Updated-01 Apr, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Page Restrict Plugin <= 2.5.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Matt Martz & Andy Stratton Page Restrict.This issue affects Page Restrict: from n/a through 2.5.5.

Action-Not Available
Vendor-sivelMatt Martz & Andy Stratton
Product-pagerestrictPage Restrict
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-26912
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.43% / 80.39%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:31
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6700v2_firmwared7000wnr2020_firmwarer6120r6080r7450_firmwarewnr2020d7000_firmwarer6220_firmwarer6080_firmwarer6900v2r6120_firmwared6200_firmwarer6800r6900v2_firmwarer6050_firmwarer6700v2r6050r7450r6260_firmwarer6260r6220r6020jr6150_firmwared6200jr6150r6020_firmwarer6800_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24849
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.55%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 07:04
Updated-06 May, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quicksand Post Filter jQuery Plugin Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1.

Action-Not Available
Vendor-developingthewebMark Stockton
Product-quicksand_post_filter_jqueryQuicksand Post Filter jQuery Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-43710
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.31%
||
7 Day CHG~0.00%
Published-26 Jul, 2023 | 00:00
Updated-23 Oct, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields.

Action-Not Available
Vendor-gxsoftwaren/a
Product-xperiencentraln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24524
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.64% / 81.69%
||
7 Day CHG+0.23%
Published-02 Feb, 2024 | 00:00
Updated-01 Aug, 2024 | 23:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component.

Action-Not Available
Vendor-flusityn/aflusity
Product-flusityn/aflusity
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-13516
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.09% / 25.19%
||
7 Day CHG~0.00%
Published-15 Aug, 2019 | 18:49
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect.

Action-Not Available
Vendor-osisoftn/a
Product-pi_web_apiOSIsoft PI Web API
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24470
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.78% / 73.30%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 00:00
Updated-20 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component.

Action-Not Available
Vendor-flusityn/a
Product-flusityn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24802
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.55%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 07:29
Updated-06 May, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JTRT Responsive Tables Plugin <= 4.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in John Tendik JTRT Responsive Tables.This issue affects JTRT Responsive Tables: from n/a through 4.1.9.

Action-Not Available
Vendor-jtrt_responsive_tables_projectJohn Tendik
Product-jtrt_responsive_tablesJTRT Responsive Tables
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54352
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.21% / 42.74%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sogrid plugin <= 1.5.2 - CSRF to Privilege Escalation vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Sabri Taieb Sogrid allows Privilege Escalation.This issue affects Sogrid: from n/a through 1.5.2.

Action-Not Available
Vendor-Sabri Taieb
Product-Sogrid
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24929
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 26.70%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 08:39
Updated-08 Oct, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Contact Form Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter Westwood WP Contact Form.This issue affects WP Contact Form: from n/a through 1.6.

Action-Not Available
Vendor-ftwrRyan Duff, Peter Westwood
Product-wp_contact_formWP Contact Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54851
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.02% / 4.60%
||
7 Day CHG~0.00%
Published-29 Jan, 2025 | 00:00
Updated-30 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24872
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.55%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 06:57
Updated-07 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Themify Builder Plugin <= 7.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5.

Action-Not Available
Vendor-themifyThemify
Product-builderThemify Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24887
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.86%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 08:43
Updated-08 Oct, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4.

Action-Not Available
Vendor-contest-galleryContest Gallery
Product-contest_galleryPhotos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-54248
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.34%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:24
Updated-13 Dec, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Eewee Admin Custom plugin <= 1.8.2.4 - CSRF to Privilege Escalation vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Michael DUMONTET eewee admin custom allows Privilege Escalation.This issue affects eewee admin custom: from n/a through 1.8.2.4.

Action-Not Available
Vendor-Michael DUMONTET
Product-eewee admin custom
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-19639
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.30%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 02:24
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI.

Action-Not Available
Vendor-insman/a
Product-wifi_mini_spy_1080p_hd_security_ip_camera_firmwarewifi_mini_spy_1080p_hd_security_ip_cameran/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-55921
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-2.61% / 85.35%
||
7 Day CHG+2.45%
Published-14 Jan, 2025 | 19:36
Updated-26 Aug, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery in Extension Manager Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Extension Manager Module” allows attackers to retrieve and install 3rd party extensions from the TYPO3 Extension Repository - which can lead to remote code execution in the worst case. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described.

Action-Not Available
Vendor-TYPO3 Association
Product-typo3typo3
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-749
Exposed Dangerous Method or Function
CVE-2024-53946
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.87%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 00:00
Updated-15 Aug, 2025 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection vulnerability in /goform/formMultiApnSetting. Successful exploitation can also lead to unauthorized configuration changes.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-6459
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.02% / 4.75%
||
7 Day CHG~0.00%
Published-02 Jul, 2025 | 03:47
Updated-08 Jul, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Cross-Site Request Forgery to PHP Code Injection in bsaCreateAdTemplate

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.89. This is due to missing or incorrect nonce validation on the bsaCreateAdTemplate function. This makes it possible for unauthenticated attackers to inject and execute arbitrary PHP code via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-scripteoscripteo
Product-ads_proAds Pro Plugin - Multi-Purpose WordPress Advertising Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24468
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.61% / 81.50%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 00:00
Updated-15 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php.

Action-Not Available
Vendor-flusityn/a
Product-flusityn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-26802
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.83%
||
7 Day CHG~0.00%
Published-08 Oct, 2020 | 16:38
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover.

Action-Not Available
Vendor-formalmsn/a
Product-formalmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-12769
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.63% / 69.84%
||
7 Day CHG~0.00%
Published-18 Mar, 2020 | 17:38
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.

Action-Not Available
Vendor-n/aSolarWinds Worldwide, LLC.
Product-serv-u_managed_file_transfern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-23910
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.20%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 23:07
Updated-22 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".

Action-Not Available
Vendor-Elecom Co., Ltd.
Product-wrc-2533gs2v-bwmc-x1800gst-bwrc-2533gst2_firmwarewrc-2533gs2-bwrc-g01-wwrc-2533gs2-wwsc-x1800gs-bwrc-1167gs2h-bwrc-1167gst2wrc-1167gs2h-b_firmwarewrc-x3200gst3-b_firmwarewmc-x1800gst-b_firmwarewrc-1167gst2_firmwarewrc-2533gs2-w_firmwarewrc-2533gst2wrc-1167gs2-b_firmwarewsc-x1800gs-b_firmwarewrc-g01-w_firmwarewrc-x3200gst3-bwrc-2533gs2-b_firmwarewrc-2533gs2v-b_firmwarewrc-1167gs2-bWRC-1167GS2-BWRC-2533GST2WRC-1167GS2H-BWRC-X3200GST3-BWRC-2533GS2-WWRC-2533GS2V-BWMC-X1800GST-BWRC-2533GS2-BWRC-1167GST2WRC-G01-WWSC-X1800GS-Bwmc-x1800gst-bwrc-2533gs2-bwrc-2533gs2-wwsc-x1800gs-bwrc-g01-w_firmwarewrc-1167gs2h-bwrc-x3200gst3-b_firmwarewrc-2533gs2v-bwrc-1167gs2-b
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24875
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.55%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 08:50
Updated-10 Oct, 2024 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Link Library Plugin <= 7.5.13 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Link Library.This issue affects Link Library: from n/a through 7.5.13.

Action-Not Available
Vendor-ylefebvreYannick Lefebvre
Product-link_libraryLink Library
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22601
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.12%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-63712
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.5||MEDIUM
EPSS-0.03% / 10.06%
||
7 Day CHG~0.00%
Published-10 Nov, 2025 | 00:00
Updated-18 Nov, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User Management module (delete-user.php) allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF protection.

Action-Not Available
Vendor-n/aSenior Walter
Product-web-based_pharmacy_product_management_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53684
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.29%
||
7 Day CHG~0.00%
Published-01 Dec, 2025 | 15:25
Updated-05 Dec, 2025 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (csrf) vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious webpage to trigger this vulnerability.

Action-Not Available
Vendor-socomecSocomec
Product-diris_m-70diris_m-70_firmwareDIRIS Digiware M-70
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-23519
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.44%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 16:27
Updated-08 Jan, 2025 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Email Before Download Plugin <= 6.9.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7.

Action-Not Available
Vendor-mandsconsultingM&S Consulting
Product-email_before_downloadEmail Before Download
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-53751
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 41.55%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-05 Feb, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Build App Online plugin <= 1.0.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Abdul Hakeem Build App Online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through 1.0.22.

Action-Not Available
Vendor-buildappAbdul Hakeem
Product-build_app_onlineBuild App Online
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-23510
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.44%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 13:42
Updated-13 May, 2025 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Don't Muck My Markup plugin <= 1.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Martyn Chamberlin Don't Muck My Markup.This issue affects Don't Muck My Markup: from n/a through 1.8.

Action-Not Available
Vendor-martynchamberlinMartyn Chamberlin
Product-dont_muck_my_markupDon't Muck My Markup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-52415
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.13% / 32.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 21:15
Updated-18 Nov, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SK WP Settings Backup plugin <= 1.0 - CSRF to PHP Object Injection vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Skpstorm SK WP Settings Backup allows Object Injection.This issue affects SK WP Settings Backup: from n/a through 1.0.

Action-Not Available
Vendor-Skpstorm
Product-SK WP Settings Backup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-52479
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.32%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-10 Feb, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Jobify plugin <= 4.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Cross Site Request Forgery.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3.

Action-Not Available
Vendor-astoundifyBen Marshall
Product-jobifyJobify - Job Board WordPress Theme
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-26641
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.97%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 19:58
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts.

Action-Not Available
Vendor-idreamsoftn/a
Product-icmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-62890
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.02% / 6.30%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 01:33
Updated-20 Jan, 2026 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Premmerce Brands for WooCommerce plugin <= 1.2.13 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Brands for WooCommerce premmerce-woocommerce-brands allows Cross Site Request Forgery.This issue affects Premmerce Brands for WooCommerce: from n/a through <= 1.2.13.

Action-Not Available
Vendor-Premmerce
Product-Premmerce Brands for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22592
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 22.67%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-02 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-23736
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 49.70%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 00:00
Updated-01 Aug, 2024 | 23:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email.

Action-Not Available
Vendor-n/abitbucketconfluencejira
Product-n/asnotify
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22603
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.12%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-29 Aug, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22593
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 22.67%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-30 Aug, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22819
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.65%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-02 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update.

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22939
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.36% / 84.65%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 00:00
Updated-16 Jan, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component.

Action-Not Available
Vendor-sunkaifein/aflycms_project
Product-flycmsn/aflycms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-62896
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.02% / 6.30%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 01:33
Updated-20 Jan, 2026 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multilang Contact Form plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in digitaldonkey Multilang Contact Form multilang-contact-form allows Stored XSS.This issue affects Multilang Contact Form: from n/a through <= 1.5.

Action-Not Available
Vendor-digitaldonkey
Product-Multilang Contact Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 47
  • 48
  • Next
Details not found