Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Preschool and Kindergarten allows Cross Site Request Forgery.This issue affects Preschool and Kindergarten: from n/a through 1.2.1.
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Perfect Portfolio allows Cross Site Request Forgery.This issue affects Perfect Portfolio: from n/a through 1.2.0.
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Lawyer Landing Page allows Cross Site Request Forgery.This issue affects Lawyer Landing Page: from n/a through 1.2.4.
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme JobScout allows Cross Site Request Forgery.This issue affects JobScout: from n/a through 1.1.4.
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Elegant Pink allows Cross Site Request Forgery.This issue affects Elegant Pink: from n/a through 1.3.0.
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Rara Business allows Cross Site Request Forgery.This issue affects Rara Business: from n/a through 1.2.5.
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Construction Landing Page allows Cross Site Request Forgery.This issue affects Construction Landing Page: from n/a through 1.3.5.
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through 1.2.3.
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Chic Lite allows Cross Site Request Forgery.This issue affects Chic Lite: from n/a through 1.1.3.
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Education Zone allows Cross Site Request Forgery.This issue affects Education Zone: from n/a through 1.3.4.
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Restaurant and Cafe.This issue affects Restaurant and Cafe: from n/a through 1.2.1.
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Spa and Salon.This issue affects Spa and Salon: from n/a through 1.2.7.
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme The Conference.This issue affects The Conference: from n/a through 1.2.0.
Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory.
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Travel Agency allows Cross Site Request Forgery.This issue affects Travel Agency: from n/a through 1.4.9.
Missing Authorization vulnerability in Rara Themes Business One Page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through 1.2.9.
The Mailchimp List Subscribe Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on the mailchimp_sf_change_list_if_necessary() function. This makes it possible for unauthenticated attackers to change Mailchimp lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request.
CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request.
CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request.
The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is due to a reverted fix of CVE-2025-1305.
Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL
CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request.
The Country Blocker for AdSense plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the CBFA_guardar_cbfa() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dieno_update_page_title. This makes it possible for unauthenticated attackers to update page titles and metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request.
Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <=Â 1.2 versions.
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.
The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to incorrect nonce validation logic that uses OR (||) instead of AND (&&), causing the validation to fail when the nonce field is not empty OR when verification fails, rather than when it's empty AND verification fails. This makes it possible for unauthenticated attackers to modify the plugin's post type slug removal settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request.
The Whatsiplus Scheduled Notification for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'wsnfw_save_users_settings' AJAX action. This makes it possible for unauthenticated attackers to modify plugin configuration settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request.
CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request.
Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch – Grow your Email List plugin <= 3.1.2 versions.
CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request.
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request.
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request.
CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request.
CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request.
CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request.
CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request.
CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request.
CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request.
A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261991.
Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request.
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2.
CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request.
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add.