Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-32441

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-15 Apr, 2024 | 08:03
Updated At-28 Apr, 2026 | 16:09
Rejected At-
Credits

WordPress Zoho Campaigns plugin <= 2.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.7.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:15 Apr, 2024 | 08:03
Updated At:28 Apr, 2026 | 16:09
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Zoho Campaigns plugin <= 2.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.7.

Affected Products
Vendor
Zoho Corporation Pvt. Ltd.Zoho Campaigns
Product
Zoho Campaigns
Collection URL
https://wordpress.org/plugins
Package Name
zoho-campaigns
Default Status
unaffected
Versions
Affected
  • From n/a through 2.0.7 (custom)
    • -> unaffectedfrom2.0.8
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update to 2.0.8 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
Majed Refaea (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/zoho-campaigns/wordpress-zoho-campaigns-plugin-2-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/zoho-campaigns/wordpress-zoho-campaigns-plugin-2-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/zoho-campaigns/wordpress-zoho-campaigns-plugin-2-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/zoho-campaigns/wordpress-zoho-campaigns-plugin-2-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:15 Apr, 2024 | 08:15
Updated At:02 Apr, 2025 | 15:01

Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.7.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Zoho Corporation Pvt. Ltd.
zoho
>>zoho_campaigns>>Versions before 2.0.8(exclusive)
cpe:2.3:a:zoho:zoho_campaigns:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Secondaryaudit@patchstack.com
CWE ID: CWE-352
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/zoho-campaigns/wordpress-zoho-campaigns-plugin-2-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cveaudit@patchstack.com
Third Party Advisory
https://patchstack.com/database/vulnerability/zoho-campaigns/wordpress-zoho-campaigns-plugin-2-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cveaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/zoho-campaigns/wordpress-zoho-campaigns-plugin-2-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/zoho-campaigns/wordpress-zoho-campaigns-plugin-2-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

4191Records found
CVE-2019-5963
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.13%
||
7 Day CHG~0.00%
Published-05 Jul, 2019 | 13:20
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Action-Not Available
Vendor-Zoho Corporation Pvt. Ltd.
Product-salesiqZoho SalesIQ
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-32442
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 33.08%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 08:00
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Zoho Campaigns plugin <= 2.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.7.

Action-Not Available
Vendor-Zoho Corporation Pvt. Ltd.
Product-zoho_campaignsZoho Campaigns
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-15645
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 28.77%
||
7 Day CHG~0.00%
Published-27 Aug, 2019 | 11:23
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-salesiqn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-26173
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.78%
||
7 Day CHG~0.00%
Published-16 Jun, 2022 | 21:53
Updated-03 Aug, 2024 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts.

Action-Not Available
Vendor-jforumn/a
Product-jforumn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-43502
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 13.35%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 16:06
Updated-24 Sep, 2024 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.

Action-Not Available
Vendor-Jenkins
Product-build_failure_analyzerJenkins Build Failure Analyzer Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45058
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.61%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 12:34
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Short URL Plugin <= 1.6.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short URL plugin <= 1.6.8 versions.

Action-Not Available
Vendor-kaizencodersKaizenCoders
Product-short_urlShort URL
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-43500
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.06% / 19.53%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 16:06
Updated-24 Sep, 2024 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.

Action-Not Available
Vendor-Jenkins
Product-build_failure_analyzerJenkins Build Failure Analyzer Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44240
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 10:05
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Timthumb Vulnerability Scanner Plugin <= 1.54 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Peter Butler Timthumb Vulnerability Scanner plugin <= 1.54 versions.

Action-Not Available
Vendor-peterbutlerPeter Butler
Product-timthumb_vulnerability_scannerTimthumb Vulnerability Scanner
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-25952
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.23%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 19:35
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Content Egg plugin <= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress.

Action-Not Available
Vendor-keywordrushKeywordrush
Product-content_eggContent Egg (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-26309
Matching Score-4
Assigner-Pandora FMS
ShareView Details
Matching Score-4
Assigner-Pandora FMS
CVSS Score-3.7||LOW
EPSS-0.19% / 40.00%
||
7 Day CHG~0.00%
Published-01 Aug, 2022 | 12:44
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request en Bulk operation (User operation)

Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-54528
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-28 Jul, 2025 | 16:20
Updated-31 Jul, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-55057
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-4.5||MEDIUM
EPSS-0.01% / 3.12%
||
7 Day CHG~0.00%
Published-17 Nov, 2025 | 17:31
Updated-24 Nov, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple CWE-352 Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-maxumRumpus
Product-rumpusFTP Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45063
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.61%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 12:41
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin <= 1.1.5 versions.

Action-Not Available
Vendor-rayhan1ReCorp
Product-ai_content_writing_assistantAI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44473
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.85%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 10:08
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Table of Contents Plus Plugin <= 2302 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus plugin <= 2302 versions.

Action-Not Available
Vendor-dublueMichael Tran
Product-table_of_contents_plusTable of Contents Plus
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-26366
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.81%
||
7 Day CHG~0.00%
Published-30 Nov, 2022 | 12:30
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AdRotate Banner Manager Plugin <= 5.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on WordPress.

Action-Not Available
Vendor-adrotate_banner_manager_projectArnan de Gans
Product-adrotate_banner_managerAdRotate Banner Manager (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45047
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.72%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 08:27
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LeadSquared Suite Plugin <= 0.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in LeadSquared, Inc LeadSquared Suite plugin <= 0.7.4 versions.

Action-Not Available
Vendor-leadsquaredLeadSquared, Inc
Product-leadsquared_suiteLeadSquared Suite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44260
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 08:35
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woocommerce ESTO Plugin <= 2.23.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Mikk Mihkel Nurges, Rebing OÜ Woocommerce ESTO plugin <= 2.23.1 versions.

Action-Not Available
Vendor-rebingMikk Mihkel Nurges, Rebing OÜ
Product-woocommerce_estoWoocommerce ESTO
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44470
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.24%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 13:59
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kv TinyMCE Editor Add Fonts Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin <= 1.1 versions.

Action-Not Available
Vendor-kvvaradhaKvvaradha
Product-kv_tinymce_editor_add_fontsKv TinyMCE Editor Add Fonts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44236
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.85%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 09:13
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Captcha Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Devnath verma WP Captcha plugin <= 2.0.0 versions.

Action-Not Available
Vendor-devnath_vermaDevnath verma
Product-wp_captchaWP Captcha
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-25754
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.27%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 09:07
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request.

Action-Not Available
Vendor-Siemens AG
Product-scalance_x308-2m_ts_firmwarescalance_x307-3_firmwarescalance_xr324-12mscalance_x310fescalance_x310fe_firmwarescalance_xr324-4m_eecscalance_x308-2ldscalance_x320-1fe_firmwaresiplus_net_scalance_x308-2scalance_xr324-4m_poe_firmwarescalance_x308-2scalance_x307-2eecscalance_xr324-4m_eec_firmwarescalance_x308-2_firmwarescalance_x304-2fe_firmwarescalance_xr324-12m_ts_firmwarescalance_x306-1ldfe_firmwarescalance_x307-2eec_firmwarescalance_x320-1-2ldfesiplus_net_scalance_x308-2_firmwarescalance_x308-2lh_firmwarescalance_x302-7eec_firmwarescalance_x308-2lhscalance_x307-3ld_firmwarescalance_x310scalance_x320-1-2ldfe_firmwarescalance_xr324-12m_firmwarescalance_x308-2m_poe_firmwarescalance_x308-2lh\+scalance_x310_firmwarescalance_x308-2m_poescalance_x308-2lh\+_firmwarescalance_x308-2ld_firmwarescalance_xr324-12m_tsscalance_x308-2m_tsscalance_x308-2m_firmwarescalance_x320-1fescalance_x408-2scalance_xr324-4m_poescalance_x306-1ldfescalance_x307-3ldscalance_x308-2mscalance_x408-2_firmwarescalance_x307-3scalance_x304-2fescalance_xr324-4m_poe_tsscalance_xr324-4m_poe_ts_firmwarescalance_x302-7eecSCALANCE XR324-12M TS (24V)SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE XR324-4M EEC (24V, ports on front)SCALANCE XR324-12M (230V, ports on rear)SCALANCE X307-2 EEC (2x 24V, coated)SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X307-3SCALANCE X308-2MSCALANCE XR324-12M (24V, ports on rear)SCALANCE X308-2SCALANCE X308-2M PoESCALANCE X310FESCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SCALANCE X308-2LH+SCALANCE X302-7 EEC (24V, coated)SCALANCE X307-2 EEC (230V, coated)SCALANCE X307-3LDSCALANCE X308-2LHSCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE XR324-4M PoE (24V, ports on front)SCALANCE X302-7 EEC (2x 230V)SCALANCE X408-2SIPLUS NET SCALANCE X308-2SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE X302-7 EEC (230V)SCALANCE X307-2 EEC (24V, coated)SCALANCE X307-2 EEC (2x 230V, coated)SCALANCE X302-7 EEC (2x 24V, coated)SCALANCE X308-2LDSCALANCE X307-2 EEC (24V)SCALANCE X304-2FESCALANCE X310SCALANCE X307-2 EEC (2x 24V)SCALANCE X307-2 EEC (230V)SCALANCE XR324-12M (24V, ports on front)SCALANCE X320-1 FESCALANCE X302-7 EEC (2x 24V)SCALANCE X306-1LD FESCALANCE X308-2M TSSCALANCE XR324-4M PoE (230V, ports on front)SCALANCE X307-2 EEC (2x 230V)SCALANCE X302-7 EEC (24V)SCALANCE X302-7 EEC (230V, coated)SCALANCE X302-7 EEC (2x 230V, coated)SCALANCE X320-1-2LD FESCALANCE XR324-4M EEC (2x 24V, ports on rear)SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-12M (230V, ports on front)SCALANCE XR324-4M EEC (2x 24V, ports on front)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-55147
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-8.8||HIGH
EPSS-0.34% / 56.96%
||
7 Day CHG-0.04%
Published-09 Sep, 2025 | 15:32
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute sensitive actions on behalf of the victim user. User interaction is required

Action-Not Available
Vendor-Ivanti Software
Product-connect_securepolicy_secureneurons_for_secure_accesszero_trust_access_gatewayPolicy SecureZTA GatewayNeurons for Secure AccessConnect Secure
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44233
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.85%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 15:04
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FooGallery Plugin <= 2.2.44 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin <= 2.2.44 versions.

Action-Not Available
Vendor-foopluginsFooPlugins
Product-foogalleryBest WordPress Gallery Plugin – FooGallery
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44261
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 34.72%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 09:04
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Block Plugin Update Plugin <= 3.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <= 3.3 versions.

Action-Not Available
Vendor-dineshkarkiDinesh Karki
Product-block_plugin_updateBlock Plugin Update
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44146
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 14:59
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Checkfront Online Booking System Plugin <= 3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Checkfront Online Booking System plugin <= 3.6 versions.

Action-Not Available
Vendor-checkfrontCheckfront Inc.
Product-checkfront_online_booking_systemCheckfront Online Booking System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45052
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 12:28
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Bing Map Pro Plugin < 5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map Pro plugin < 5.0 versions.

Action-Not Available
Vendor-dan009dan009
Product-wp_bing_map_proWP Bing Map Pro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44385
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-1.35% / 80.27%
||
7 Day CHG~0.00%
Published-19 Oct, 2023 | 22:02
Updated-12 Sep, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Client-Side Request Forgery in Home Assistant iOS/macOS native Apps

The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this security advisory, may result in full compromise and remote code execution (RCE). Version 2023.7 addresses this issue and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-161.

Action-Not Available
Vendor-home-assistanthome-assistant
Product-home_assistant_companioncore
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-25600
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 33.15%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).

Action-Not Available
Vendor-wepluginsFlippercodeFedora Project
Product-fedorawp_mapsWP Google Map Plugin (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44232
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 08:43
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Hide Pages Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Hide Pages plugin <= 1.0 versions.

Action-Not Available
Vendor-nxsnHuseyin Berberoglu
Product-wp_hide_pagesWP Hide Pages
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-54174
Matching Score-4
Assigner-CERT.PL
ShareView Details
Matching Score-4
Assigner-CERT.PL
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.43%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 12:53
Updated-08 Sep, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery in QuickCMS

QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

Action-Not Available
Vendor-opensolutionOpenSolution
Product-quick.cmsQuick.CMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-54030
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.28%
||
7 Day CHG+0.06%
Published-16 Jul, 2025 | 10:36
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Google Sheet Connector plugin <= 1.3.20 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WesternDeal WooCommerce Google Sheet Connector wc-gsheetconnector allows Cross Site Request Forgery.This issue affects WooCommerce Google Sheet Connector: from n/a through <= 1.3.20.

Action-Not Available
Vendor-WesternDeal
Product-WooCommerce Google Sheet Connector
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44994
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 34.72%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 14:31
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShortCodes UI Plugin <= 1.9.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions.

Action-Not Available
Vendor-Bainternet (Ohad Raz)
Product-shortcodes_uiShortCodes UI
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44231
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 08:40
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in NickDuncan Contact Form plugin <= 2.0.10 versions.

Action-Not Available
Vendor-nickduncanNickDuncan
Product-contact_formContact Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44243
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 15:02
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Instant CSS Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <= 1.2.1 versions.

Action-Not Available
Vendor-dylanblokhuisDylan Blokhuis
Product-instant_cssInstant CSS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45060
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.85%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 12:38
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Interactive World Map Plugin <= 3.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions.

Action-Not Available
Vendor-fla-shopFla-shop.com
Product-interactive_world_mapInteractive World Map
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44993
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 10:11
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ChatBot Plugin <= 4.7.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions.

Action-Not Available
Vendor-quantumcloudQuantumCloud
Product-wpbotAI ChatBot
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44995
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.24%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 15:46
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Login Redirect Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect plugin <= 2.2.4 versions.

Action-Not Available
Vendor-wpdoctorWP Doctor
Product-woocommerce_login_redirectWooCommerce Login Redirect
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2008-3938
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.35% / 57.47%
||
7 Day CHG+0.08%
Published-05 Sep, 2008 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action.

Action-Not Available
Vendor-opendbn/a
Product-opendbn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45011
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 12:12
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Power Stats Plugin <= 2.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Power Stats plugin <= 2.2.3 versions.

Action-Not Available
Vendor-websivuIgor Buyanov
Product-wp_power_statsWP Power Stats
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44471
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 34.72%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 14:22
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Backend Localization Plugin <= 2.1.10 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backend Localization plugin <= 2.1.10 versions.

Action-Not Available
Vendor-kau-boysBernhard Kau
Product-backend_localizationBackend Localization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-54042
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.28%
||
7 Day CHG+0.06%
Published-16 Jul, 2025 | 10:36
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Post Hide plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Xfinitysoft WP Post Hide wp-post-hide allows Cross Site Request Forgery.This issue affects WP Post Hide: from n/a through <= 1.0.9.

Action-Not Available
Vendor-Xfinitysoft
Product-WP Post Hide
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44237
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 09:42
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Site Protector Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin <= 2.0 versions.

Action-Not Available
Vendor-moriyan_jayMoriyan Jay
Product-wp_site_protectorWP Site Protector
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-25615
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:38
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress eRoom plugin <= 1.3.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cache Deletion

Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion.

Action-Not Available
Vendor-stylemixthemesStylemixThemes
Product-eroom_-_zoom_meetings_\&_webinareRoom – Zoom Meetings & Webinar (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44998
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 12:10
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Category Meta Plugin <= 1.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy Hoyt, steveclarkcouk, Vitaliy Kukin, Eric Le Bail, Tom Ransom Category Meta plugin plugin <= 1.2.8 versions.

Action-Not Available
Vendor-randyhoytjosecoelho, Randy Hoyt, steveclarkcouk, Vitaliy Kukin, Eric Le Bail, Tom Ransom
Product-category_metaCategory Meta plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44476
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 34.72%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 14:28
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CopyRightPro Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. CopyRightPro plugin <= 2.1 versions.

Action-Not Available
Vendor-wp-copyrightproAndres Felipe Perea V.
Product-wp-copyrightproCopyRightPro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44246
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 10:00
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Shockingly Simple Favicon Plugin <= 1.8.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Matias s Shockingly Simple Favicon plugin <= 1.8.2 versions.

Action-Not Available
Vendor-matiassMatias s
Product-shockingly_simple_faviconShockingly Simple Favicon
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44238
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 09:57
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Remove slug from custom post type Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Joakim Ling Remove slug from custom post type plugin <= 1.0.3 versions.

Action-Not Available
Vendor-joakimlingJoakim Ling
Product-remove_slug_from_custom_post_typeRemove slug from custom post type
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53483
Matching Score-4
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-4
Assigner-The Wikimedia Foundation
CVSS Score-8.8||HIGH
EPSS-0.09% / 25.03%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 17:28
Updated-08 Jul, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SecurePoll: Multiple admin actions vulnerable to Cross-Site Request Forgery

ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

Action-Not Available
Vendor-Wikimedia Foundation
Product-Mediawiki - SecurePoll extension
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44996
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.24%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 15:50
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post View Count Plugin <= 1.8.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Naresh Parmar Post View Count plugin <= 1.8.2 versions.

Action-Not Available
Vendor-nareshparmar827Naresh Parmar
Product-post_view_countPost View Count
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45048
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.85%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 12:16
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social proof testimonials and reviews by Repuso Plugin <= 5.00 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof testimonials and reviews by Repuso plugin <= 5.00 versions.

Action-Not Available
Vendor-repusoRepuso
Product-repusoSocial proof testimonials and reviews by Repuso
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-25192
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.06% / 17.07%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 16:11
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-snow_commanderJenkins Snow Commander Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 83
  • 84
  • Next
Details not found