Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 8695 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-26748 2025-04-16 N/A 8.1 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Arkhe allows PHP Local File Inclusion. This issue affects Arkhe: from n/a through 3.11.0.
CVE-2025-39601 2025-04-16 N/A 9.6 CRITICAL
Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote Code Inclusion. This issue affects Custom CSS, JS & PHP: from n/a through 2.4.1.
CVE-2025-39600 2025-04-16 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for WooCommerce and QuickBooks allows Cross Site Request Forgery. This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.3.1.
CVE-2025-39593 2025-04-16 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in EverAccounting Ever Accounting allows Cross Site Request Forgery. This issue affects Ever Accounting: from n/a through 2.1.5.
CVE-2023-51525 1 Wpsimplebookingcalendar 1 Wp Simple Booking Calendar 2025-04-15 N/A 5.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg WP Simple Booking Calendar.This issue affects WP Simple Booking Calendar: from n/a through 2.0.8.4.
CVE-2024-30482 1 B-website 1 Simple Revisions Delete 2025-04-15 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Brice CAPOBIANCO Simple Revisions Delete.This issue affects Simple Revisions Delete: from n/a through 1.5.3.
CVE-2025-25379 1 07fly 1 07flycms 2025-04-15 N/A 9.6 CRITICAL
Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component.
CVE-2024-57611 1 07fly 1 07flycms 2025-04-15 N/A 3.5 LOW
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId.
CVE-2024-57159 1 07fly 1 07flycms 2025-04-15 N/A 3.5 LOW
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html.
CVE-2024-33651 1 Mf Gig Calendar Project 1 Mf Gig Calendar 2025-04-15 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through 1.2.1.
CVE-2025-2871 2025-04-15 N/A 4.3 MEDIUM
The WordPress Mega Menu – QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajax_dismiss_notice() function. This makes it possible for unauthenticated attackers to update any user meta to a value of one, including wp_capabilities which could result in a privilege deescalation of an administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2025-30965 2025-04-15 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Cross Site Request Forgery. This issue affects WPJobBoard: from n/a through n/a.
CVE-2025-27009 2025-04-15 N/A 7.1 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro allows Stored XSS.This issue affects My auctions allegro: from n/a through 3.6.20.
CVE-2024-34957 1 Idccms 1 Idccms 2025-04-15 N/A 5.4 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.
CVE-2024-34958 1 Idccms 1 Idccms 2025-04-15 N/A 6.5 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add
CVE-2024-35011 1 Idccms 1 Idccms 2025-04-15 N/A 5.4 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close.
CVE-2024-35012 1 Idccms 1 Idccms 2025-04-15 N/A 6.3 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.
CVE-2024-35039 1 Idccms 1 Idccms 2025-04-15 N/A 3.8 LOW
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.
CVE-2024-35108 1 Idccms 1 Idccms 2025-04-15 N/A 8.8 HIGH
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.
CVE-2024-35109 1 Idccms 1 Idccms 2025-04-15 N/A 6.5 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.