A vulnerability was found in moodle-block_sitenews 1.0. It has been classified as problematic. This affects the function get_content of the file block_sitenews.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.1 is able to address this issue. The name of the patch is cd18d8b1afe464ae6626832496f4e070bac4c58f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216879.
A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack
Cross-Site Request Forgery (CSRF) vulnerability in Prince Integrate Google Drive allows Cross Site Request Forgery. This issue affects Integrate Google Drive: from n/a through 1.5.2.
Cross-Site Request Forgery (CSRF) vulnerability in Shahjada WPDM – Premium Packages allows Cross Site Request Forgery. This issue affects WPDM – Premium Packages: from n/a through 6.0.2.
Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow Photo Engine allows Cross Site Request Forgery. This issue affects Photo Engine: from n/a through 6.4.3.
Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Popup allows Cross Site Request Forgery. This issue affects YITH WooCommerce Popup: from n/a through 1.48.0.
A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Cross-Site Request Forgery (CSRF) vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder allows Cross Site Request Forgery. This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.148.
Cross-Site Request Forgery (CSRF) vulnerability in Slickstream Slickstream allows Cross Site Request Forgery. This issue affects Slickstream: from n/a through 2.0.3.
Cross-Site Request Forgery (CSRF) vulnerability in Aftab Husain Hide Admin Bar From Front End allows Cross Site Request Forgery. This issue affects Hide Admin Bar From Front End: from n/a through 1.0.0.
Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium allows Cross Site Request Forgery. This issue affects Kalium: from n/a through 3.18.3.
Cross-Site Request Forgery (CSRF) vulnerability in xfinitysoft WP Post Hide allows Cross Site Request Forgery. This issue affects WP Post Hide: from n/a through 1.0.9.
Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce allows Cross Site Request Forgery. This issue affects Wallet System for WooCommerce: from n/a through 2.6.7.
Cross-Site Request Forgery (CSRF) vulnerability in webcraftic Cyrlitera allows Cross Site Request Forgery. This issue affects Cyrlitera: from n/a through 1.2.0.
The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the reset_customizer_options() function. This makes it possible for unauthenticated attackers to reset the themes settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli Radio Station allows Cross Site Request Forgery. This issue affects Radio Station: from n/a through 2.5.12.
Cross-Site Request Forgery (CSRF) vulnerability in Burst Statistics B.V. Burst Statistics allows Cross Site Request Forgery. This issue affects Burst Statistics: from n/a through 2.0.6.
Cross-Site Request Forgery (CSRF) vulnerability in Konrád Koller ONet Regenerate Thumbnails allows Cross Site Request Forgery. This issue affects ONet Regenerate Thumbnails: from n/a through 1.5.
Cross-Site Request Forgery (CSRF) vulnerability in opicron Image Cleanup allows Cross Site Request Forgery. This issue affects Image Cleanup: from n/a through 1.9.2.
Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to hijack the authentication of administrators via a specially crafted URL.
Cross-Site Request Forgery (CSRF) vulnerability in flexostudio flexo-social-gallery allows Cross Site Request Forgery. This issue affects flexo-social-gallery: from n/a through 1.0006.
Cross-Site Request Forgery (CSRF) vulnerability in ryanpcmcquen Import external attachments allows Cross Site Request Forgery. This issue affects Import external attachments: from n/a through 1.5.12.
Cross-Site Request Forgery (CSRF) vulnerability in Blend Media WordPress CTA allows Cross Site Request Forgery. This issue affects WordPress CTA: from n/a through 1.6.9.
Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8.
Cross-Site Request Forgery (CSRF) vulnerability in rui_mashita Aioseo Multibyte Descriptions allows Cross Site Request Forgery. This issue affects Aioseo Multibyte Descriptions: from n/a through 0.0.6.
Cross-Site Request Forgery (CSRF) vulnerability in cookiebot Cookiebot allows Cross Site Request Forgery. This issue affects Cookiebot: from n/a through 4.5.8.
Cross-Site Request Forgery (CSRF) vulnerability in Trust Payments Trust Payments Gateway for WooCommerce (JavaScript Library) allows Cross Site Request Forgery. This issue affects Trust Payments Gateway for WooCommerce (JavaScript Library): from n/a through 1.3.6.
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Newsletters allows Cross Site Request Forgery. This issue affects Newsletters: from n/a through 4.10.
Cross-Site Request Forgery (CSRF) vulnerability in GSheetConnector by WesternDeal WooCommerce Google Sheet Connector allows Cross Site Request Forgery. This issue affects WooCommerce Google Sheet Connector: from n/a through 1.3.20.
Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin allows Cross Site Request Forgery. This issue affects NetInsight Analytics Implementation Plugin: from n/a through 1.0.3.
A vulnerability was found in Mist Community Edition up to 4.7.1. It has been declared as problematic. This vulnerability affects the function session_start_response of the file src/mist/api/auth/middleware.py. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The patch is identified as db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.
Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Animator allows Cross Site Request Forgery. This issue affects Animator: from n/a through 3.0.16.
Cross-Site Request Forgery (CSRF) vulnerability in imw3 My Wp Brand allows Cross Site Request Forgery. This issue affects My Wp Brand: from n/a through 1.1.3.
Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11.
Cross-Site Request Forgery (CSRF) vulnerability in macbookandrew WP YouTube Live allows Cross Site Request Forgery. This issue affects WP YouTube Live: from n/a through 1.10.0.
Cross-Site Request Forgery (CSRF) vulnerability in Webba Appointment Booking Webba Booking allows Cross Site Request Forgery. This issue affects Webba Booking: from n/a through 5.1.20.
Cross-Site Request Forgery (CSRF) vulnerability in CyberChimps Responsive Plus allows Cross Site Request Forgery. This issue affects Responsive Plus: from n/a through 3.2.2.
Cross-Site Request Forgery (CSRF) vulnerability in marcusjansen Live Sports Streamthunder allows Cross Site Request Forgery. This issue affects Live Sports Streamthunder: from n/a through 2.1.
A vulnerability was found in Tmall Demo up to 20250505. It has been rated as problematic. This issue affects some unknown processing of the file tmall/admin/account/logout. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.4.0.
Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.0.1.
IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241.
Cross-Site Request Forgery (CSRF) vulnerability in David Wood TM Replace Howdy allows Cross Site Request Forgery. This issue affects TM Replace Howdy: from n/a through 1.4.2.
Cross-Site Request Forgery (CSRF) vulnerability in Oganro XML Travel Portal Widget allows Cross Site Request Forgery. This issue affects XML Travel Portal Widget: from n/a through 2.0.
A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
The Estatebud – Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupress_blackhole_ban_ip() function. This makes it possible for unauthenticated attackers to block a user's IP via a forged request granted they can trick the user into performing an action such as clicking on a link.
The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation on the cits_assign_fonts_tab() function. This makes it possible for unauthenticated attackers to delete font assignments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.