Total
8582 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24872 | 1 Themify | 1 Builder | 2025-02-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5. | ||||
| CVE-2023-30529 | 1 Jenkins | 1 Lucene-search | 2025-02-07 | 4.3 Medium |
| Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database. | ||||
| CVE-2024-1446 | 1 Nextscripts | 1 Social Networks Auto Poster | 2025-02-07 | 5.4 Medium |
| The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to delete arbitrary posts or pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-30525 | 1 Jenkins | 1 Report Portal | 2025-02-07 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication. | ||||
| CVE-2025-25074 | 2025-02-07 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP Social Stream allows Stored XSS. This issue affects WP Social Stream: from n/a through 1.1. | ||||
| CVE-2025-25071 | 2025-02-07 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in topplugins Vignette Ads allows Stored XSS. This issue affects Vignette Ads: from n/a through 0.2. | ||||
| CVE-2025-25075 | 2025-02-07 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Show notice or message on admin area allows Stored XSS. This issue affects Show notice or message on admin area: from n/a through 2.0. | ||||
| CVE-2025-25111 | 2025-02-07 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP Spell Check allows Cross Site Request Forgery. This issue affects WP Spell Check: from n/a through 9.21. | ||||
| CVE-2025-25103 | 2025-02-07 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Indeed API allows Cross Site Request Forgery. This issue affects Indeed API: from n/a through 0.5. | ||||
| CVE-2024-31113 | 1 Sandhillsdev | 1 Easy Digital Downloads | 2025-02-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. | ||||
| CVE-2024-31362 | 1 Metagauss | 1 Profilegrid | 2025-02-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | ||||
| CVE-2024-31301 | 1 Themeisle | 1 Multiple Page Generator | 2025-02-07 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. | ||||
| CVE-2024-31293 | 1 Sandhillsdev | 1 Easy Digital Downloads | 2025-02-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6. | ||||
| CVE-2023-3075 | 1 Corebos | 1 Corebos | 2025-02-06 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8. | ||||
| CVE-2018-17451 | 1 Gitlab | 1 Gitlab | 2025-02-06 | 8.8 High |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands. | ||||
| CVE-2022-36424 | 1 Easy-appointments | 1 Easy Appointments | 2025-02-06 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy Appointments plugin <= 3.11.9 versions. | ||||
| CVE-2024-57373 | 2025-02-06 | 8.1 High | ||
| Cross Site Request Forgery (CSRF) vulnerability in LifestyleStore v1.0 allows a remote attacker to execute unauthorized actions on behalf of an authenticated user, potentially leading to account modifications or data compromise. | ||||
| CVE-2024-1360 | 1 Colibriwp | 1 Colibri | 2025-02-05 | 4.3 Medium |
| The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwp_install_plugin() function. This makes it possible for unauthenticated attackers to install recommended plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-29213 | 1 Xwiki | 1 Xwiki | 2025-02-05 | 9.1 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of `org.xwiki.platform:xwiki-platform-logging-ui` it is possible to trick a user with programming rights into visiting a constructed url where e.g., by embedding an image with this URL in a document that is viewed by a user with programming rights which will evaluate an expression in the constructed url and execute it. This issue has been addressed in versions 13.10.11, 14.4.7, and 14.10. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2022-32516 | 1 Schneider-electric | 2 Conext Combox, Conext Combox Firmware | 2025-02-05 | 7.5 High |
| A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All Versions) | ||||