Total
8699 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51489 | 1 Automattic | 1 Crowdsignal Dashboard | 2025-02-27 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11. | |||||
| CVE-2023-51491 | 1 Depicter | 1 Depicter | 2025-02-27 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Slider.This issue affects Depicter Slider: from n/a through 2.0.6. | |||||
| CVE-2023-51510 | 1 Atlasgondal | 1 Export All Urls | 2025-02-27 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Atlas Gondal Export Media URLs.This issue affects Export Media URLs: from n/a through 1.0. | |||||
| CVE-2023-51486 | 1 Rednao | 1 Woocommerce Pdf Invoice Builder | 2025-02-27 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce PDF Invoice Builder.This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.101. | |||||
| CVE-2023-51487 | 1 Ari-soft | 1 Ari Stream Quiz | 2025-02-27 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream Quiz.This issue affects ARI Stream Quiz: from n/a through 1.2.32. | |||||
| CVE-2024-12526 | 1 Arena.im | 1 Arena.im | 2025-02-27 | N/A | 4.3 MEDIUM |
| The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.0. This is due to missing or incorrect nonce validation on the 'albfre_user_action' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-51531 | 1 Thrivethemes | 1 Thrive Automator | 2025-02-27 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Automator.This issue affects Thrive Automator: from n/a through 1.17. | |||||
| CVE-2023-51530 | 1 Gsplugins | 1 Logo Slider | 2025-02-27 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through 3.5.1. | |||||
| CVE-2023-51528 | 1 Aipower | 1 Aipower | 2025-02-27 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.12. | |||||
| CVE-2024-1501 | 1 Webfactoryltd | 1 Wp Database Reset | 2025-02-26 | N/A | 4.7 MEDIUM |
| The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the install_wpr() function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-0497 | 1 Hasthemes | 1 Ht Portfolio | 2025-02-26 | N/A | 4.3 MEDIUM |
| The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | |||||
| CVE-2022-4148 | 1 Dash10 | 1 Oauth Server | 2025-02-26 | N/A | 4.3 MEDIUM |
| The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. | |||||
| CVE-2024-2354 | 1 Iteachyou | 1 Dreamer Cms | 2025-02-26 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-26925 | 2025-02-26 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager allows Cross Site Request Forgery.This issue affects Admin Menu Manager: from n/a through 1.0.3. | |||||
| CVE-2024-13339 | 1 Debounce | 1 Email Validator | 2025-02-26 | N/A | 6.1 MEDIUM |
| The DeBounce Email Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.6. This is due to missing or incorrect nonce validation on the 'debounce_email_validator' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-13560 | 2025-02-26 | N/A | 4.3 MEDIUM | ||
| The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-0431 | 1 Fabrick | 1 Gestpay For Woocommerce | 2025-02-25 | N/A | 4.3 MEDIUM |
| The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_set_default_card' function. This makes it possible for unauthenticated attackers to set the default card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-12385 | 1 Kevonadonis | 1 Wp Abstracts | 2025-02-25 | N/A | 6.1 MEDIUM |
| The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstracts_load_status() and wpabstracts_delete_abstracts() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-28674 | 1 Jenkins | 1 Octoperf Load Testing | 2025-02-25 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. | |||||
| CVE-2023-28671 | 1 Jenkins | 1 Octoperf Load Testing | 2025-02-25 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||