Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-57983

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-22 Sep, 2025 | 18:24
Updated At-12 May, 2026 | 00:52
Rejected At-
Credits

WordPress BP Disable Activation Reloaded Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Damian BP Disable Activation Reloaded bp-disable-activation-reloaded allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Disable Activation Reloaded: from n/a through <= 1.2.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:22 Sep, 2025 | 18:24
Updated At:12 May, 2026 | 00:52
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress BP Disable Activation Reloaded Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Damian BP Disable Activation Reloaded bp-disable-activation-reloaded allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Disable Activation Reloaded: from n/a through <= 1.2.1.

Affected Products
Vendor
Damian
Product
BP Disable Activation Reloaded
Collection URL
https://wordpress.org/plugins
Package Name
bp-disable-activation-reloaded
Default Status
unaffected
Versions
Affected
  • From 0 through 1.2.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-1Accessing Functionality Not Properly Constrained by ACLs
CAPEC ID: CAPEC-1
Description: Accessing Functionality Not Properly Constrained by ACLs
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Nabil Irawan | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/bp-disable-activation-reloaded/vulnerability/wordpress-bp-disable-activation-reloaded-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/bp-disable-activation-reloaded/vulnerability/wordpress-bp-disable-activation-reloaded-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:22 Sep, 2025 | 19:15
Updated At:23 Apr, 2026 | 15:33

Cross-Site Request Forgery (CSRF) vulnerability in Damian BP Disable Activation Reloaded bp-disable-activation-reloaded allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Disable Activation Reloaded: from n/a through <= 1.2.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Secondaryaudit@patchstack.com
CWE ID: CWE-352
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/bp-disable-activation-reloaded/vulnerability/wordpress-bp-disable-activation-reloaded-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/bp-disable-activation-reloaded/vulnerability/wordpress-bp-disable-activation-reloaded-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

575Records found
CVE-2023-27234
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.07%
||
7 Day CHG~0.00%
Published-15 Mar, 2023 | 00:00
Updated-27 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.

Action-Not Available
Vendor-jizhicmsn/a
Product-jizhicmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27520
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 50.23%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 00:00
Updated-10 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.

Action-Not Available
Vendor-epsonSEIKO EPSON CORPORATION
Product-lp-s5000_firmwaresc-s60650lsc-t5250d_firmwarepx-b500sc-px5v2prifnw7s_firmwaresc-t7255sc-s70650_firmwarepx-5vsc-p7050px-7500n_firmwaresc-t7250dsc-s30650sc-t3050sc-p6050_firmwaresc-s80650lpx-f10000sc-t3050_firmwareesnsb1sc-s50650_firmwarelp-s5300sc-f7200lp-9200c_firmwarelp-s6500_firmwarelp-s4500_firmwareprifnw3s_firmwaresc-t5255lp-s310nsc-t7250lp-s6000_firmwarepx-h10000lp-s4500lp-8200clp-9200ps2_firmwareprifnw2px-h7000sc-f6000tm-c3400lp-9200ps2lp-9200ps3px-h6000sc-p6050lp-s5300_firmwareprifnw2ac_firmwarepx-6250s_firmwareprifnw7ssc-f6350_firmwarelp-9200csc-p9050lp-8500cpx-7550_firmwarepx-h9000_firmwarelp-s3000z_firmwaresc-t3255_firmwarepa-w11gpx-w8000_firmwareesnsb1_firmwarepx-h8000_firmwareprifnw2spa-w11g2_firmwarelp-s3000pa-w11g_firmwaretm-c3400_firmwarepx-b510px-6550_firmwarestylus_pro_gs6000px-7500npx-5800prifnw6sc-s80650_firmwarepx-7550sstylus_pro_gs6000_firmwaresc-t5050_firmwarelp-9200ps3_firmwarelp-s4200px-f8000tm-c3500_firmwaresc-t7255d_firmwareprifnw1stm-c7500px-h6000_firmwarepx-7v_firmwarepx-5002sc-p20050_firmwarelp-s3000rlp-s7500_firmwaresc-f7200_firmwaresc-s80650l_firmwarepx-6250slp-s310n_firmwarelp-s3000_firmwarepx-9550s_firmwarepx-h7000_firmwaresc-f2000_firmwaresc-f2150px-5v_firmwarepx-9550_firmwarelp-s6500px-f8000_firmwaresc-f7100px-9500n_firmwareesnsb2_firmwaresc-p8050sc-f9450sc-f9450hlp-s5300r_firmwaresc-s60650_firmwarepx-h9000lp-s300nprifnw2s_firmwaresc-t5250dsc-t7250d_firmwaresc-t7255_firmwaresc-f9450h_firmwareprifnw1_firmwaresc-p10050_firmwarepx-h8000lp-s8100lp-s9000px-9550ssc-s80650lp-s5300rsc-s40650_firmwaresc-s30650_firmwaresc-t5250prifnw2acsc-t3250_firmwarelp-s3000r_firmwarelp-s6000sc-px7v2sc-p9050_firmwarelp-s4000_firmwarelp-s7000esnsb2esifnw1_firmwareprifnw3_firmwarelp-s7000_firmwarelp-8200c_firmwarelp-s5500px-f10000_firmwarepx-h10000_firmwareprifnw3spx-w8000px-b500_firmwarepx-7550s_firmwarelp-9200b_firmwaresc-t7255dtm-c3500sc-f9200_firmwareprifnw2sac_firmwarelp-s5000px-b510_firmwareprifnw1s_firmwarelp-s3000zprifnw1sc-f2150_firmwareesifnw1lp-8500c_firmwaresc-f6350sc-p8050_firmwaresc-s70650tm-c7500_firmwaresc-f9350prifnw7u_firmwarelp-9800c_firmwareprifnw7upx-7550prifnw2_firmwaresc-t7250_firmwarelp-9200bsc-f7100_firmwarepx-20000_firmwarelp-s9000_firmwarepx-9550lp-s4200_firmwaresc-t5255dsc-f9450_firmwareprifnw3prifnw7sc-t5050sc-s40650lp-s8100_firmwarepa-w11g2sc-s60650lp-s3500lp-8700ps3lp-s7500sc-t7050_firmwarelp-s3000ps_firmwaresc-t3250sc-px5v2_firmwaresc-f9200lp-9800csc-t3255px-9500nsc-px7v2_firmwarelp-s5500_firmwarelp-8700ps3_firmwarelp-s4000sc-s60650l_firmwarepx-5002_firmwaresc-f6000_firmwarelp-9300sc-t7050px-5800_firmwarepx-6550sc-f6200_firmwarelp-s3500_firmwarelp-9600sc-f9350_firmwareprifnw6_firmwarelp-9600_firmwarelp-9300_firmwaresc-t5250_firmwaresc-t5255_firmwaresc-p5050_firmwarelp-s7100_firmwaresc-p20050px-f8000mprifnw7_firmwaresc-p7050_firmwaresc-s50650lp-s7500pslp-s3000pslp-s7500ps_firmwarepx-20000sc-f6200px-f8000m_firmwaresc-f2000prifnw2saclp-9600ssc-p10050sc-t5255d_firmwaresc-px3vlp-s300n_firmwarelp-9600s_firmwaresc-p5050px-7vsc-px3v_firmwarelp-s7100SEIKO EPSON printers/network interface Web Config
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27073
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 37.24%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 00:00
Updated-30 Mar, 2026 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request.

Action-Not Available
Vendor-n/aoretnom23
Product-online_food_ordering_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-47828
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.65% / 70.93%
||
7 Day CHG~0.00%
Published-09 Oct, 2024 | 18:35
Updated-17 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery in ampache

ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. This vulnerability can be exploited by creating a malicious script with an arbitrary playlist ID belonging to another user. When the user submits the request, their playlist will be deleted. Any User with active sessions who are tricked into submitting a malicious request are impacted, as their playlists or other objects could be deleted without their consent.

Action-Not Available
Vendor-ampacheampacheampache
Product-ampacheampacheampache
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-20053
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.01% / 0.81%
||
7 Day CHG~0.00%
Published-04 Apr, 2026 | 13:50
Updated-14 Apr, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Redaxo CMS 5.2 Cross-Site Request Forgery via users endpoint

Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields containing admin credentials and account parameters to add new administrator accounts without user consent.

Action-Not Available
Vendor-redaxoRedaxo
Product-redaxoRedaxo CMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-26841
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.78% / 73.82%
||
7 Day CHG~0.00%
Published-25 Apr, 2023 | 00:00
Updated-03 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in.

Action-Not Available
Vendor-churchcrmn/a
Product-churchcrmn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-25706
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 17.49%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 12:19
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Robots.txt optimization plugin <= 1.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Robots.Txt optimization plugin <= 1.4.5 versions.

Action-Not Available
Vendor-pagupPagup
Product-better_robots.txtWordPress Robots.txt optimization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-11015
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.58%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 00:25
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarejnr1010n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-11085
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 54.67%
||
7 Day CHG~0.00%
Published-16 Aug, 2020 | 17:17
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element.

Action-Not Available
Vendor-expresstechn/a
Product-quiz_and_survey_mastern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-10997
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.35%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 14:08
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.

Action-Not Available
Vendor-yourinspirationwebn/a
Product-beauty-premiumn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-10938
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.85%
||
7 Day CHG~0.00%
Published-13 Sep, 2019 | 11:46
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location.

Action-Not Available
Vendor-copy-me_projectn/a
Product-copy-men/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-10962
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.55%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 12:25
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.

Action-Not Available
Vendor-icegramn/a
Product-icegram_engagen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-64262
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 3.14%
||
7 Day CHG~0.00%
Published-13 Nov, 2025 | 09:24
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Auto Prune Posts plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through <= 3.0.0.

Action-Not Available
Vendor-ramon fincken
Product-Auto Prune Posts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-25443
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.48%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 12:29
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Button Generator – easily Button Builder Plugin <= 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.5 versions.

Action-Not Available
Vendor-wow-companyWow-Company
Product-button_generatorButton Generator – easily Button Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-45987
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 28.98%
||
7 Day CHG~0.00%
Published-26 Sep, 2024 | 00:00
Updated-25 Mar, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent or knowledge. The attack leverages the user's active session to perform the unauthorized action, compromising the integrity of the voting process.

Action-Not Available
Vendor-online_voting_system_projectn/a
Product-online_voting_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-45372
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 26.10%
||
7 Day CHG~0.00%
Published-26 Sep, 2024 | 04:06
Updated-25 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc.

Action-Not Available
Vendor-planexPLANEX COMMUNICATIONS INC.
Product-mzk-dp300nmzk-dp300n_firmwareMZK-DP300N
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-2508
Matching Score-4
Assigner-Fluid Attacks
ShareView Details
Matching Score-4
Assigner-Fluid Attacks
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.25%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 15:05
Updated-24 Sep, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSRF in PaperCutNG Mobility Print leads to sophisticated phishing

The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure printer discovery" section). This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc.

Action-Not Available
Vendor-PaperCut Software Pty LtdApple Inc.
Product-mobility_print_servermacosMobility Print
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9388
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.55%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 14:56
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.

Action-Not Available
Vendor-mtouch_quiz_projectn/a
Product-mtouch_quizn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9413
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 54.06%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 23:25
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter.

Action-Not Available
Vendor-eshop_projectn/a
Product-eshopn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9442
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 49.70%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 03:51
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin.

Action-Not Available
Vendor-avenirsoftn/a
Product-directdownloadn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-4597
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.02% / 6.09%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 01:38
Updated-13 Dec, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9421
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.01%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 00:08
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter.

Action-Not Available
Vendor-olevmedian/a
Product-olevmedia_shortcodesn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-45504
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.76%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 04:35
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.

Action-Not Available
Vendor-MOTEX CorporationJMA Systems CorporationTrend Micro IncorporatedQualitySoft CorporationALSI (Alps System Integration)MIROKU JYOHO SERVICEAXSEEDHammock Corporation
Product-MJS WebFilteringInterSafe MobileSecurityInterSafe WebFilterInterSafe GatewayConnectionInterSafe LogDirectorLANSCOPE EndpointManager WebFilteringKAITO SecureBrowserInterSafe LogNavigatorSPPM Secure FilteringInterSafe CATSAssetView FInterScan WebManagerURL FilteringSPPM BizBrowser
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9447
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 43.99%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 03:39
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters.

Action-Not Available
Vendor-unitegalleryn/a
Product-unite_gallery_liten/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9437
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.74%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 01:18
Updated-27 Nov, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter.

Action-Not Available
Vendor-vivwebsolutionsn/a
Product-dynamic_widgetsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9422
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 37.34%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 00:19
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters.

Action-Not Available
Vendor-simplysymphonyn/a
Product-plugneditn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9417
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.45%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 23:44
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS.

Action-Not Available
Vendor-slidervillan/a
Product-testimonial_slidern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9427
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 51.58%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 00:47
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter.

Action-Not Available
Vendor-googmonify_projectn/a
Product-googmonifyn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9409
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 54.06%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 16:59
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php.

Action-Not Available
Vendor-alo-easymail_projectn/a
Product-alo-easymailn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9387
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.45%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 14:54
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF.

Action-Not Available
Vendor-mtouch_quiz_projectn/a
Product-mtouch_quizn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9424
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.74%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 00:35
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter.

Action-Not Available
Vendor-doc4designn/a
Product-multiconsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-4382
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.39%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 06:00
Updated-26 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF

The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks

Action-Not Available
Vendor-wielebenwirUnknown
Product-commonsbookingCB (legacy)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-24457
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 24.94%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account.

Action-Not Available
Vendor-Jenkins
Product-keycloak_authenticationJenkins Keycloak Authentication Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-40518
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.57%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 15:52
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Airangel HSMX Gateway devices through 5.2.04 allow CSRF.

Action-Not Available
Vendor-airangeln/a
Product-hsmx-app-1000_firmwarehsmx-app-20000_firmwarehsmx-app-1000hsmx-app-5000_firmwarehsmx-app-20000hsmx-app-25hsmx-app-100hsmx-app-25_firmwarehsmx-app-5000hsmx-app-100_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9432
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 37.79%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 01:07
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter.

Action-Not Available
Vendor-thealpinepressn/a
Product-alpine-photo-tile-for-instagramn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9433
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 37.34%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 01:09
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php.

Action-Not Available
Vendor-wp_social_bookmarking_light_projectn/a
Product-wp_social_bookmarking_lightn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9431
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.01%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 01:06
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter.

Action-Not Available
Vendor-qtranslate_x_projectn/a
Product-qtranslate_xn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9428
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.01%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 00:50
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters.

Action-Not Available
Vendor-wplegalpagesn/a
Product-wp_legal_pagesn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9434
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.01%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 01:12
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter.

Action-Not Available
Vendor-kiwi-logo-carousel_projectn/a
Product-kiwi-logo-carouseln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-25015
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.78%
||
7 Day CHG~0.00%
Published-02 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.

Action-Not Available
Vendor-clockwork_web_projectn/aRuby on Rails
Product-clockwork_webrailsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-652
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
CVE-2015-9443
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 49.70%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 03:51
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP.

Action-Not Available
Vendor-wp_accurate_form_data_projectn/a
Product-wp_accurate_form_datan/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-43945
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 37.67%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 11:05
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LatePoint plugin <= 4.9.91 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Latepoint LatePoint allows Cross Site Request Forgery.This issue affects LatePoint: from n/a through 4.9.91.

Action-Not Available
Vendor-latepointLatepoint
Product-latepointLatePoint
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-43192
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 2.95%
||
7 Day CHG~0.00%
Published-27 Sep, 2025 | 01:14
Updated-11 Dec, 2025 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage TS4500 Library cross-site request forgery

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Action-Not Available
Vendor-IBM Corporation
Product-storage_ts4500_librarydiamondback_tape_library_firmwarestorage_ts4500_library_firmwarediamondback_tape_libraryStorage TS4500 Library
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-60645
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 7.16%
||
7 Day CHG~0.00%
Published-12 Nov, 2025 | 00:00
Updated-03 Dec, 2025 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request.

Action-Not Available
Vendor-xuxuelin/a
Product-xxl-apin/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-58878
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 6.81%
||
7 Day CHG+0.01%
Published-05 Sep, 2025 | 13:45
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woocommerce Gifts Product Plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in usamafarooq Woocommerce Gifts Product woo-gift-product allows Cross Site Request Forgery.This issue affects Woocommerce Gifts Product: from n/a through <= 1.0.0.

Action-Not Available
Vendor-usamafarooq
Product-Woocommerce Gifts Product
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-57902
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 3.31%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:25
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RIS Version Switcher – Downgrade or Upgrade WP Versions Easily Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Md Taufiqur Rahman RIS Version Switcher – Downgrade or Upgrade WP Versions Easily ris-version-switcher allows Cross Site Request Forgery.This issue affects RIS Version Switcher – Downgrade or Upgrade WP Versions Easily: from n/a through <= 1.0.

Action-Not Available
Vendor-Md Taufiqur Rahman
Product-RIS Version Switcher – Downgrade or Upgrade WP Versions Easily
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-41795
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.34% / 56.94%
||
7 Day CHG-0.08%
Published-08 Apr, 2025 | 08:22
Updated-23 Sep, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device administrator to click on a malicious link.

Action-Not Available
Vendor-Siemens AG
Product-7kt_pac1260_data_manager7kt_pac1260_data_manager_firmwareSENTRON 7KT PAC1260 Data Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-41744
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.24%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 16:53
Updated-18 Jun, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM CICS TX Standard cross-site request forgery

IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelcics_txCICS TX Standard
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-40883
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.28%
||
7 Day CHG+0.01%
Published-01 Aug, 2024 | 01:18
Updated-12 May, 2026 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.

Action-Not Available
Vendor-Elecom Co., Ltd.
Product-wrc-2533gs2-b_firmwarewrc-2533gs2v-bwrc-2533gs2v-b_firmwarewrc-x6000xs-gwrc-2533gs2-wwrc-x1500gs-b_firmwarewrc-2533gs2-bwrc-2533gs2-w_firmwarewrc-x1500gs-bwrc-x1500gsa-b_firmwarewrc-x1500gsa-bwrc-x6000xs-g_firmwareWRC-XE5400GSA-GWRC-X3000GS2-BWRC-X1800GS-BWRC-X3000GS2A-BWRC-X3000GST2-BWRC-X6000XST-GWRC-X1500GS-BWRC-X6000XS-GWRC-X1800GSH-BWRC-X6000QS-GWRC-X3000GS2-WWRC-XE5400GS-GWRC-X6000QSA-GWRC-X1500GSA-BWRC-X1800GSA-B
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-40601
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 20.10%
||
7 Day CHG~0.00%
Published-06 Jul, 2024 | 00:00
Updated-27 Oct, 2024 | 01:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-mediawikin/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 11
  • 12
  • Next
Details not found