Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-40488

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 Aug, 2024 | 00:00
Updated At-09 Aug, 2024 | 17:50
Rejected At-
Credits

A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member action at the /delete_members.php.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 Aug, 2024 | 00:00
Updated At:09 Aug, 2024 | 17:50
Rejected At:
▼CVE Numbering Authority (CNA)

A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member action at the /delete_members.php.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://capec.mitre.org/data/definitions/62.html
N/A
https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/CSRF.pdf
N/A
Hyperlink: https://capec.mitre.org/data/definitions/62.html
Resource: N/A
Hyperlink: https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/CSRF.pdf
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Kashipara Groupkashipara
Product
live_membership_system
CPEs
  • cpe:2.3:a:kashipara:live_membership_system:1.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:12 Aug, 2024 | 13:38
Updated At:28 Apr, 2025 | 14:24

A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member action at the /delete_members.php.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
lopalopa
lopalopa
>>live_membership_system>>1.0
cpe:2.3:a:lopalopa:live_membership_system:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-352
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://capec.mitre.org/data/definitions/62.htmlcve@mitre.org
Third Party Advisory
https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/CSRF.pdfcve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://capec.mitre.org/data/definitions/62.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/CSRF.pdf
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2380Records found
CVE-2024-0880
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 52.91%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 17:31
Updated-03 Jun, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qidianbang qdbcrm Password Reset cross-site request forgery

A vulnerability was found in Qidianbang qdbcrm 1.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/edit?id=2 of the component Password Reset. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252032. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-100296Qidianbang
Product-qdbcrmqdbcrm
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-11649
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 31.91%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 22:00
Updated-05 Aug, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors involving goform/setSnmp.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigorap_910cvigorap_910c_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-6676
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.8||HIGH
EPSS-0.08% / 22.59%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 13:07
Updated-21 Aug, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross Site Request Forgery in National Keep's CyberMath

Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery.This issue affects CyberMath: from v1.4 before v1.5.

Action-Not Available
Vendor-nationalkeepNational Keep Cyber Security Servicesnationalkeep
Product-cybermathCyberMathcybermath
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-6845
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.90%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 19:00
Updated-09 Jan, 2026 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CommentTweets <= 0.6 - Settings Update via CSRF

The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Action-Not Available
Vendor-theresehansenUnknown
Product-commenttweetsCommentTweets
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-27204
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.08% / 23.97%
||
7 Day CHG~0.00%
Published-15 Mar, 2022 | 16:45
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL.

Action-Not Available
Vendor-Jenkins
Product-extended_choice_parameterJenkins Extended Choice Parameter Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52122
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 09:11
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Job Board Plugin <= 2.10.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6.

Action-Not Available
Vendor-presstigersPressTigers
Product-simple_job_boardSimple Job Board
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51683
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.15%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 16:45
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy PayPal Buy Now Button Plugin <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through 1.8.1.

Action-Not Available
Vendor-wppluginScott Paterson
Product-easy_paypal_\&_stripe_buy_now_buttonEasy PayPal & Stripe Buy Now Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-6532
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.37%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 19:03
Updated-18 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Blogs' Planetarium <= 1.0 - Settings Update via CSRF

The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-wp-blogs-planetarium_projectUnknown
Product-wp-blogs-planetariumWP Blogs' Planetarium
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52072
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.19%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 00:00
Updated-17 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte.

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51529
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 37.95%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 04:45
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HT Mega Plugin <= 2.3.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega – Absolute Addons For Elementor.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.3.

Action-Not Available
Vendor-HasTech IT Limited (HasThemes)
Product-ht_megaHT Mega – Absolute Addons For Elementor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51491
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.06%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 00:59
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Depicter Slider plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Slider.This issue affects Depicter Slider: from n/a through 2.0.6.

Action-Not Available
Vendor-Depicter (Averta)
Product-depicterDepicter Slider
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51474
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.39%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 01:09
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TerraClassifieds plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Pixelemu TerraClassifieds.This issue affects TerraClassifieds: from n/a through 2.0.3.

Action-Not Available
Vendor-Pixelemupixelemu
Product-TerraClassifiedsterraclassifieds
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51378
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.15%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 12:08
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rise Blocks Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Blocks – A Complete Gutenberg Page Builder.This issue affects Rise Blocks – A Complete Gutenberg Page Builder: from n/a through 3.1.

Action-Not Available
Vendor-eaglevisionitRise Themes
Product-rise_blocksRise Blocks – A Complete Gutenberg Page Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51358
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.28%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 12:11
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Block IPs for Gravity Forms Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms.This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1.

Action-Not Available
Vendor-brightpluginsBright Plugins
Product-block_ips_for_gravity_formsBlock IPs for Gravity Forms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-27488
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.66%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 06:39
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiaifortindrfortivoicefortirecorderfortiswitchfortimailFortiRecorderFortiVoiceFortiNDRFortiSwitchFortiMail
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-6946
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.13% / 32.43%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 14:44
Updated-11 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autotitle for WordPress <= 1.0.3 - Settings Update to Stored XSS via CSRF

The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

Action-Not Available
Vendor-unalignedcodeUnknown
Product-autotitleAutotitle for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-27632
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.09% / 26.01%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 09:50
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operations by having a user to view a specially crafted page.

Action-Not Available
Vendor-meikyoMEIKYO ELECTRIC CO.,LTD.
Product-watch_boot_nino_rpc-m2c_firmwarewatch_boot_light_rpc-m5cs_firmwaretime_boot_mini_rsc-mt4hspoe_boot_nino_poe8m2_firmwarewatch_boot_nino_rpc-m2cs_firmwaretime_boot_mini_rsc-mt4h_firmwarewatch_boot_mini_rpc-m4htime_boot_rsc-mt8fs_firmwarewatch_boot_light_rpc-m5c_firmwarewatch_boot_l-zero_rpc-m4l_firmwarewatch_boot_nino_rpc-m2cssignage_rebooter_rpc-m4hsipoe_boot_nino_poe8m2watch_boot_l-zero_rpc-m4lstime_boot_mini_rsc-mt4hpose_se10-8a7b1signage_rebooter_rpc-m4hsi_firmwaretime_boot_mini_rsc-mt4hs_firmwaretime_boot_rsc-mt8fspose_se10-8a7b1_firmwarewatch_boot_light_rpc-m5cswatch_boot_l-zero_rpc-m4ltime_boot_rsc-mt8ftime_boot_rsc-mt8fp_firmwarewatch_boot_light_rpc-m5ctime_boot_rsc-mt8fpwatch_boot_mini_rpc-m4h_firmwaretime_boot_rsc-mt8f_firmwarewatch_boot_l-zero_rpc-m4ls_firmwarewatch_boot_nino_rpc-m2cRebooter, PoE Rebooter, Scheduler, and Contact Converter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51407
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.42%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 00:41
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Split Test For Elementor plugin <= 1.6.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Split Test For Elementor.This issue affects Split Test For Elementor: from n/a through 1.6.9.

Action-Not Available
Vendor-rocketelementsRocket Elements
Product-split_test_for_elementorSplit Test For Elementor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51369
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.38%
||
7 Day CHG~0.00%
Published-15 Mar, 2024 | 14:19
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Customize My Account for WooCommerce plugin <= 1.8.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.This issue affects Customize My Account for WooCommerce: from n/a through 1.8.3.

Action-Not Available
Vendor-sysbasicsSysBasics
Product-customize_my_accountCustomize My Account for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-27226
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.19% / 87.07%
||
7 Day CHG~0.00%
Published-19 Mar, 2022 | 03:04
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.

Action-Not Available
Vendor-irzn/a
Product-ru21rl21_firmwareru21wru41ru21_firmwarerl21rl01ru41_firmwarerl01_firmwareru21w_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-28136
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.26%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 12:30
Updated-15 Oct, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-jiratestresultreporterJenkins JiraTestResultReporter Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51512
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.42%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 00:46
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Table by WBW plugin <= 1.8.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table by WBW.This issue affects Product Table by WBW: from n/a through 1.8.6.

Action-Not Available
Vendor-woobewooWBW
Product-product_tableProduct Table by WBW
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51063
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.59%
||
7 Day CHG~0.00%
Published-13 Jan, 2024 | 00:00
Updated-03 Jun, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component qnme-ajax?method=tree_level.

Action-Not Available
Vendor-qstarn/a
Product-archive_storage_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52223
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.27%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 16:37
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MailerLite – WooCommerce integration Plugin <= 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8.

Action-Not Available
Vendor-mailerliteMailerLite
Product-mailerliteMailerLite – WooCommerce integration
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-28150
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.31%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 12:31
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job.

Action-Not Available
Vendor-Jenkins
Product-job_and_node_ownershipJenkins Job and Node ownership Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52150
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.05%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 08:07
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dynamic Content for Elementor Plugin < 2.12.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor.This issue affects Dynamic Content for Elementor: from n/a before 2.12.5.

Action-Not Available
Vendor-ovationOvation S.r.l.
Product-dynamic_content_for_elementorDynamic Content for Elementor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-25070
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.74%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 20:14
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature.

Action-Not Available
Vendor-usvnn/a
Product-usvnn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52130
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.42%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 08:38
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Affiliates Manager Plugin <= 2.9.31 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31.

Action-Not Available
Vendor-wpaffiliatemanagerwp.insider, wpaffiliatemgr
Product-affiliates_managerAffiliates Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-50902
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 34.74%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 12:28
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress New User Approve Plugin <= 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve.This issue affects New User Approve: from n/a through 2.5.1.

Action-Not Available
Vendor-wpexpertsWPExpertsio
Product-new_user_approveNew User Approve
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51487
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.79%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 01:03
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.2.32 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream Quiz.This issue affects ARI Stream Quiz: from n/a through 1.2.32.

Action-Not Available
Vendor-ARI Soft
Product-ari_stream_quizARI Stream Quiz
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52145
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.42%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 08:17
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Republish Old Posts Plugin <= 1.21 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.This issue affects Republish Old Posts: from n/a through 1.21.

Action-Not Available
Vendor-mariosalexandrouMarios Alexandrou
Product-republish_old_postsRepublish Old Posts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51538
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.00%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 09:47
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Awesome Support Plugin <= 6.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.5.

Action-Not Available
Vendor-getawesomesupportAwesome Support Team
Product-awesome_supportAwesome Support – WordPress HelpDesk & Support Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-27629
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.14% / 32.93%
||
7 Day CHG~0.00%
Published-20 Apr, 2022 | 01:05
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operation via unspecified vectors.

Action-Not Available
Vendor-videowhisperVideoWhisper
Product-micropaymentsMicroPayments - Paid Author Subscriptions, Content, Downloads, Membership
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52074
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.19%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 00:00
Updated-13 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte.

Action-Not Available
Vendor-flycms_projectn/a
Product-flycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-6391
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.39%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 14:44
Updated-29 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Custom User CSS <= 0.2 - Settings Update via CSRF

The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

Action-Not Available
Vendor-jeremiahoremUnknown
Product-custom_user_cssCustom User CSS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51486
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.79%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 01:05
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <= 1.2.101 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce PDF Invoice Builder.This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.101.

Action-Not Available
Vendor-rednaoRedNao
Product-woocommerce_pdf_invoice_builderWooCommerce PDF Invoice Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51535
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.49%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 09:57
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.

Action-Not Available
Vendor-cleantalkСleanTalk - Anti-Spam Protection
Product-spam_protection\,_antispam\,_firewallSpam protection, Anti-Spam, FireWall by CleanTalk
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52128
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.66%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 08:49
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress White Label Plugin <= 2.9.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard: from n/a through 2.9.0.

Action-Not Available
Vendor-linksoftwarellcWhiteWP
Product-white_labelWhite Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-3191
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.12% / 30.37%
||
7 Day CHG~0.00%
Published-25 May, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Cloud Foundry
Product-cloud_foundry_uaacf-releasecloud_foundry_elastic_runtimeCloud Foundry
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-6390
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.39%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 14:44
Updated-20 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Users <= 1.4 - Settings Update via CSRF

The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

Action-Not Available
Vendor-jonathonkempUnknown
Product-wordpress_usersWordPress Users
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51539
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 13.16%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 09:44
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Apollo13 Framework Extensions Plugin <= 1.9.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.1.

Action-Not Available
Vendor-apollo13themesApollo13Themes
Product-apollo13_framework_extensionsApollo13 Framework Extensions
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-26309
Matching Score-4
Assigner-Pandora FMS
ShareView Details
Matching Score-4
Assigner-Pandora FMS
CVSS Score-3.7||LOW
EPSS-0.19% / 39.97%
||
7 Day CHG~0.00%
Published-01 Aug, 2022 | 12:44
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request en Bulk operation (User operation)

Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-24984
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.34% / 56.69%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 21:11
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web server.

Action-Not Available
Vendor-quadbasen/a
Product-espressreports_esn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-50878
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.15%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 12:32
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MStore API Plugin <= 4.10.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1.

Action-Not Available
Vendor-inspireuiInspireUI
Product-mstore_apiMStore API
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52120
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 13.16%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 09:25
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2.

Action-Not Available
Vendor-basixonlineBasix
Product-nex-formsNEX-Forms – Ultimate Form Builder – Contact forms and much more
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52047
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.23% / 45.20%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 00:00
Updated-01 Apr, 2025 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsn/adedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-26180
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.45% / 63.70%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 20:08
Updated-03 Aug, 2024 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.

Action-Not Available
Vendor-qdpmn/a
Product-qdpmn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-25952
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.27%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 19:35
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Content Egg plugin <= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress.

Action-Not Available
Vendor-keywordrushKeywordrush
Product-content_eggContent Egg (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52184
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 08:00
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Job Portal Plugin <= 2.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.6.

Action-Not Available
Vendor-WP Job Portal
Product-wp_job_portalWP Job Portal – A Complete Job Board
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-6904
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.11%
||
7 Day CHG~0.00%
Published-17 Dec, 2023 | 23:00
Updated-02 Aug, 2024 | 08:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jahastech NxFilter config,admin.jsp cross-site request forgery

A vulnerability classified as problematic was found in Jahastech NxFilter 4.3.2.5. This vulnerability affects unknown code of the file /config,admin.jsp. The manipulation of the argument admin_name leads to cross-site request forgery. The attack can be initiated remotely. VDB-248266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-nxfilterJahastech
Product-nxfilterNxFilter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 47
  • 48
  • Next
Details not found