Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-5766

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-06 Jun, 2025 | 13:00
Updated At-06 Jun, 2025 | 13:36
Rejected At-
Credits

code-projects Laundry System cross-site request forgery

A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:06 Jun, 2025 | 13:00
Updated At:06 Jun, 2025 | 13:36
Rejected At:
▼CVE Numbering Authority (CNA)
code-projects Laundry System cross-site request forgery

A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected Products
Vendor
Source Code & Projectscode-projects
Product
Laundry System
Versions
Affected
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-352Cross-Site Request Forgery
CWECWE-862Missing Authorization
Type: CWE
CWE ID: CWE-352
Description: Cross-Site Request Forgery
Type: CWE
CWE ID: CWE-862
Description: Missing Authorization
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
3.04.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
2.05.0N/A
AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
Version: 3.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
Version: 2.0
Base score: 5.0
Base severity: N/A
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
DS_Leo (VulDB User)
Timeline
EventDate
VulDB entry created2025-06-05 02:00:00
Advisory disclosed2025-06-06 00:00:00
VulDB entry last update2025-06-06 00:10:32
Event: VulDB entry created
Date: 2025-06-05 02:00:00
Event: Advisory disclosed
Date: 2025-06-06 00:00:00
Event: VulDB entry last update
Date: 2025-06-06 00:10:32
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.311308
vdb-entry
https://vuldb.com/?ctiid.311308
signature
permissions-required
https://vuldb.com/?submit.590851
third-party-advisory
https://github.com/tuooo/CVE/issues/7
exploit
issue-tracking
https://code-projects.org/
product
Hyperlink: https://vuldb.com/?id.311308
Resource:
vdb-entry
Hyperlink: https://vuldb.com/?ctiid.311308
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.590851
Resource:
third-party-advisory
Hyperlink: https://github.com/tuooo/CVE/issues/7
Resource:
exploit
issue-tracking
Hyperlink: https://code-projects.org/
Resource:
product
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:06 Jun, 2025 | 13:16
Updated At:10 Jun, 2025 | 19:29

A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Secondary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Secondary
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches
Source Code & Projects
code-projects
>>simple_laundry_system>>1.0
cpe:2.3:a:code-projects:simple_laundry_system:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarycna@vuldb.com
CWE-862Primarycna@vuldb.com
CWE ID: CWE-352
Type: Primary
Source: cna@vuldb.com
CWE ID: CWE-862
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://code-projects.org/cna@vuldb.com
Product
https://github.com/tuooo/CVE/issues/7cna@vuldb.com
Exploit
Issue Tracking
Third Party Advisory
https://vuldb.com/?ctiid.311308cna@vuldb.com
Permissions Required
VDB Entry
https://vuldb.com/?id.311308cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.590851cna@vuldb.com
Third Party Advisory
VDB Entry
Hyperlink: https://code-projects.org/
Source: cna@vuldb.com
Resource:
Product
Hyperlink: https://github.com/tuooo/CVE/issues/7
Source: cna@vuldb.com
Resource:
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://vuldb.com/?ctiid.311308
Source: cna@vuldb.com
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?id.311308
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.590851
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

1893Records found
CVE-2024-31251
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.68%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 12:54
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Community by PeepSo plugin <= 6.3.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1.

Action-Not Available
Vendor-PeepSo
Product-Community by PeepSo
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3089
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.66%
||
7 Day CHG~0.00%
Published-30 Mar, 2024 | 11:31
Updated-14 Feb, 2025 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Emergency Ambulance Hiring Portal Manage Ambulance Page manage-ambulance.php cross-site request forgery

A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/manage-ambulance.php of the component Manage Ambulance Page. The manipulation of the argument del leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258682 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-PHPGurukul LLP
Product-emergency_ambulance_hiring_portalEmergency Ambulance Hiring Portalemergency_ambulance_hiring_portal
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31429
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 09:32
Updated-02 Aug, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sarada Lite theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Sarada Lite.This issue affects Sarada Lite: from n/a through 1.1.2.

Action-Not Available
Vendor-Blossom Themes
Product-Sarada Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30421
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 08:57
Updated-02 Aug, 2024 | 01:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Events Manager plugin <= 6.4.7.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1.

Action-Not Available
Vendor-Pixelite
Product-Events Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31422
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.50%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 10:08
Updated-02 Aug, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Favicon by RealFaviconGenerator plugin <= 1.3.29 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Philippe Bernard Favicon.This issue affects Favicon: from n/a through 1.3.29.

Action-Not Available
Vendor-Philippe Bernard
Product-Favicon
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45270
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.01%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 15:13
Updated-16 Sep, 2024 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pinpoint Booking System Plugin <= 2.9.9.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions.

Action-Not Available
Vendor-pinpointPINPOINT.WORLD
Product-pinpoint_booking_systemPinpoint Booking System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2237
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 63.80%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 13:25
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision.

Action-Not Available
Vendor-Jenkins
Product-flaky_test_handlerJenkins Flaky Test Handler Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31382
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 40.71%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 10:15
Updated-31 Jan, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blocksy theme <= 2.0.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Creative Themes HQ Blocksy.This issue affects Blocksy: from n/a through 2.0.22.

Action-Not Available
Vendor-creativethemesCreative Themes HQ
Product-blocksyBlocksy
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0616
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.80%
||
7 Day CHG~0.00%
Published-21 Mar, 2022 | 18:55
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Amelia < 1.0.46 - Arbitrary Customer Deletion via CSRF

The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack

Action-Not Available
Vendor-tms-outsourceUnknown
Product-ameliaAmelia – Events & Appointments Booking Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3143
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.33%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 00:00
Updated-15 Jan, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS member_rank.php cross-site request forgery

A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/member_rank.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258918 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31371
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.83%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 09:28
Updated-02 Aug, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Event Aggregator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6.

Action-Not Available
Vendor-Xylus Themes
Product-WP Event Aggregator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31428
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 09:33
Updated-02 Aug, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Conference theme <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme The Conference.This issue affects The Conference: from n/a through 1.2.0.

Action-Not Available
Vendor-Rara Theme
Product-The Conference
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31384
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 10:13
Updated-02 Aug, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spa and Salon theme <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Spa and Salon.This issue affects Spa and Salon: from n/a through 1.2.7.

Action-Not Available
Vendor-Rara Theme
Product-Spa and Salon
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31268
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.69%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 12:42
Updated-27 May, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AppPresser plugin <= 4.3.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.

Action-Not Available
Vendor-apppresserAppPresser Team
Product-apppresserAppPresser
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30493
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 13:51
Updated-25 Mar, 2025 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Church Admin plugin <= 4.1.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7.

Action-Not Available
Vendor-Andy Moyle
Product-Church Admin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30462
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.79%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 16:24
Updated-13 Mar, 2025 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HUSKY plugin <= 1.3.5.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.1.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-husky_-_products_filter_professional_for_woocommerceHUSKY – Products Filter for WooCommerce (formerly WOOF)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31113
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.34% / 56.37%
||
7 Day CHG~0.00%
Published-10 May, 2024 | 08:34
Updated-07 Feb, 2025 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Digital Downloads plugin <= 3.2.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.

Action-Not Available
Vendor-Sandhills Development, LLC (EasyDigitalDownloads)
Product-easy_digital_downloadsEasy Digital Downloads
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30482
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.44%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 15:58
Updated-15 Apr, 2025 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Revisions Delete plugin <= 1.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Brice CAPOBIANCO Simple Revisions Delete.This issue affects Simple Revisions Delete: from n/a through 1.5.3.

Action-Not Available
Vendor-b-websiteBrice CAPOBIANCO
Product-simple_revisions_deleteSimple Revisions Delete
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-43502
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.34%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 16:06
Updated-24 Sep, 2024 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.

Action-Not Available
Vendor-Jenkins
Product-build_failure_analyzerJenkins Build Failure Analyzer Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31250
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.65%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 12:56
Updated-08 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Server Health Stats plugin <= 1.7.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Saumya Majumder WP Server Health Stats.This issue affects WP Server Health Stats: from n/a through 1.7.3.

Action-Not Available
Vendor-Saumya Majumder
Product-WP Server Health Stats
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30456
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.79%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 13:07
Updated-02 Aug, 2024 | 01:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPCS – WordPress Currency Switcher Professional plugin <=1.2.0.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WPCS.This issue affects WPCS: from n/a through 1.2.0.1.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-WPCSwordpress_currency_switcher
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31379
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 10:21
Updated-02 Aug, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Smash Balloon Social Post Feed plugin <= 4.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Smash Balloon Social Post Feed.This issue affects Smash Balloon Social Post Feed: from n/a through 4.2.1.

Action-Not Available
Vendor-Smash Balloon, LLC (Smash Balloon)
Product-Smash Balloon Social Post Feed
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3146
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.03%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 01:31
Updated-15 Jan, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS makehtml_rss_action.php cross-site request forgery

A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/makehtml_rss_action.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258921 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31388
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.50%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 10:11
Updated-02 Aug, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tablesome plugin <= 1.0.25 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Pauple Table & Contact Form 7 Database – Tablesome.This issue affects Table & Contact Form 7 Database – Tablesome: from n/a through 1.0.25.

Action-Not Available
Vendor-Pauple
Product-Table & Contact Form 7 Database – Tablesome
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30546
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 10:26
Updated-08 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Login With Ajax plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Login With Ajax.This issue affects Login With Ajax: from n/a through 4.1.

Action-Not Available
Vendor-Pixelite
Product-Login With Ajax
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2303
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-2.53% / 84.85%
||
7 Day CHG~0.00%
Published-04 Nov, 2020 | 14:35
Updated-04 Aug, 2024 | 07:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-active_directoryJenkins Active Directory Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3147
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.65%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 01:31
Updated-15 Jan, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS makehtml_map.php cross-site request forgery

A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/makehtml_map.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258922 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30468
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 16:20
Updated-02 Aug, 2024 | 01:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress All-In-One Security (AIOS) – Security and Firewall plugin <= 5.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.This issue affects All In One WP Security & Firewall: from n/a through 5.2.6.

Action-Not Available
Vendor-All In One WP Security & Firewall Team
Product-All In One WP Security & Firewall
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30463
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.34%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 16:22
Updated-13 Mar, 2025 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BEAR plugin <= 1.1.4.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.3.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-bear_-_woocommerce_bulk_editor_and_products_manager_professionalBEAR
CWE ID-CWE-862
Missing Authorization
CVE-2024-30526
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.83%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 18:33
Updated-09 Jun, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin <= 6.5.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Easy Social Feed.This issue affects Easy Social Feed: from n/a through 6.5.6.

Action-Not Available
Vendor-easysocialfeedEasy Social Feed
Product-easy_social_feedEasy Social Feed
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-4251
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.62%
||
7 Day CHG~0.00%
Published-31 Oct, 2023 | 13:54
Updated-22 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EventPrime < 3.2.0 - Booking Creation via CSRF

The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.

Action-Not Available
Vendor-UnknownMetagauss Inc.
Product-eventprimeEventPrime
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30541
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.73%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 18:30
Updated-08 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LWS Optimize plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Optimize.This issue affects LWS Optimize: from n/a through 1.9.1.

Action-Not Available
Vendor-LWS
Product-LWS Optimize
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31385
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 10:12
Updated-02 Aug, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ReDi Restaurant Reservation plugin <= 24.0128 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.

Action-Not Available
Vendor-Reservation Diary
Product-ReDi Restaurant Reservation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-31096
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.73%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 18:29
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Nictitate theme <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in kopatheme Nictitate.This issue affects Nictitate: from n/a through 1.1.4.

Action-Not Available
Vendor-kopatheme
Product-Nictitate
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-30454
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.79%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 16:30
Updated-19 Mar, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP SMS plugin <= 6.6.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.6.2.

Action-Not Available
Vendor-veronalabsVeronaLabs
Product-wp_smsWP SMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-4592
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 27.18%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 14:00
Updated-15 Jan, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS sys_group_edit.php cross-site request forgery

A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/sys_group_edit.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3144
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.65%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 01:00
Updated-15 Jan, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS makehtml_spec.php cross-site request forgery

A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/makehtml_spec.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3145
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.65%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 01:00
Updated-15 Jan, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS makehtml_js_action.php cross-site request forgery

A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/makehtml_js_action.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258920. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3142
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.16%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 00:00
Updated-28 Aug, 2024 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clavister E10/E80 Setting cross-site request forgery

A vulnerability was found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-258917 was assigned to this vulnerability.

Action-Not Available
Vendor-Clavisterclavister
Product-E10E80e10e80
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2147
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 53.18%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 15:01
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-macJenkins Mac Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-29093
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.93%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 16:40
Updated-02 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.3.

Action-Not Available
Vendor-Tobias Conrad
Product-Builder for WooCommerce reviews shortcodes – ReviewShort
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2911
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.11% / 30.21%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 21:31
Updated-21 Aug, 2025 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tianjin PubliCMS cross-site request forgery

A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-publiccmsTianjintianjin
Product-publiccmsPubliCMSpublicms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2960
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.38%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 16:52
Updated-20 Feb, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the deletePricingTable() function. This makes it possible for unauthenticated attackers to delete pricing tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-svs-websoftsvs-websoftWordPress.org
Product-svs_pricing_tablesSVS Pricing Tablessvs_pricing_tables
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2186
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 66.21%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 12:45
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.

Action-Not Available
Vendor-Jenkins
Product-amazon_ec2Jenkins Amazon EC2 Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-4318
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.72%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 19:46
Updated-23 Apr, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Herd Effects < 5.2.4 - Effect Deletion via CSRF

The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack

Action-Not Available
Vendor-wow-companyUnknown
Product-herd_effectsHerd Effects
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0638
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.96%
||
7 Day CHG~0.00%
Published-17 Feb, 2022 | 16:30
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in microweber/microweber

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

Action-Not Available
Vendor-Microweber (‘Microweber Academy’ Foundation)
Product-microwebermicroweber/microweber
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-27967
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 36.78%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 15:29
Updated-27 May, 2025 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DSGVO All in one for WP plugin <= 4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3.

Action-Not Available
Vendor-dsgvo-for-wpMichael Leithold
Product-dsgvo_all_in_one_for_wpDSGVO All in one for WP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-47305
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.67%
||
7 Day CHG~0.00%
Published-25 Sep, 2024 | 17:34
Updated-02 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Use Any Font plugin <= 6.3.08 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08.

Action-Not Available
Vendor-dineshkarkiDnesscarkey
Product-use_any_fontUse Any Font
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-4585
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.92%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 12:00
Updated-15 Jan, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS member_type.php cross-site request forgery

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/member_type.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263307. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2821
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 13.32%
||
7 Day CHG-0.01%
Published-22 Mar, 2024 | 16:00
Updated-27 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS friendlink_edit.php cross-site request forgery

A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 37
  • 38
  • Next
Details not found