Total
8684 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7859 | 1 Freakingwildchild | 1 Visual Sound | 2026-01-23 | N/A | 6.5 MEDIUM |
| The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2023-28749 | 1 Cminds | 1 Cm Search And Replace | 2026-01-23 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions. | |||||
| CVE-2025-58576 | 1 Groupsession | 1 Groupsession | 2026-01-23 | N/A | 4.3 MEDIUM |
| Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operations may be performed. | |||||
| CVE-2025-39351 | 1 Themegoods | 1 Grand Restaurant | 2026-01-22 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Restaurant WordPress allows Cross Site Request Forgery.This issue affects Grand Restaurant WordPress: from n/a through 7.0. | |||||
| CVE-2024-32107 | 1 Xlplugins | 1 Finale | 2026-01-22 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. | |||||
| CVE-2024-32104 | 1 Xlplugins | 1 Nextmove | 2026-01-22 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.18.1. | |||||
| CVE-2021-41074 | 1 Webkul | 1 Qloapps | 2026-01-22 | N/A | 5.4 MEDIUM |
| A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document. | |||||
| CVE-2025-68158 | 1 Authlib | 1 Authlib | 2026-01-22 | N/A | 5.7 MEDIUM |
| Authlib is a Python library which builds OAuth and OpenID Connect servers. In version 1.6.5 and prior, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state (easily obtainable via an attacker-initiated authentication flow). When a cache is supplied to the OAuth client registry, FrameworkIntegration.set_state_data writes the entire state blob under _state_{app}_{state}, and get_state_data ignores the caller’s session altogether. This issue has been patched in version 1.6.6. | |||||
| CVE-2025-61547 | 1 Edubusinesssolutions | 1 Print Shop Pro Webdesk | 2026-01-22 | N/A | 6.8 MEDIUM |
| Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34. The application does not implement proper CSRF tokens or other other protective measures, allowing a remote attacker to trick authenticated users into unknowingly executing unintended actions within their session. This can lead to unauthorized data modification such as credential updates. | |||||
| CVE-2025-31963 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2026-01-22 | N/A | 2.9 LOW |
| Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests. | |||||
| CVE-2024-31373 | 1 E2pdf | 1 E2pdf | 2026-01-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf.This issue affects e2pdf: from n/a through 1.20.27. | |||||
| CVE-2024-34828 | 1 Church Admin Project | 1 Church Admin | 2026-01-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.32. | |||||
| CVE-2024-30493 | 1 Church Admin Project | 1 Church Admin | 2026-01-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7. | |||||
| CVE-2024-32090 | 1 Church Admin Project | 1 Church Admin | 2026-01-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27. | |||||
| CVE-2025-59480 | 1 Mattermost | 1 Mattermost Mobile | 2026-01-21 | N/A | 6.1 MEDIUM |
| Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses | |||||
| CVE-2026-22800 | 1 Thm | 1 Pilos | 2026-01-21 | N/A | 2.4 LOW |
| PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery (CSRF) vulnerability exists in an administrative API endpoint responsible for terminating all active video conferences on a single server. The affected endpoint performs a destructive action but is exposed via an HTTP GET request. Although proper authorization checks are enforced and the endpoint cannot be triggered cross-site, the use of GET allows the action to be implicitly invoked through same-site content (e.g. embedded resources rendered within the application). As a result, an authenticated administrator who views crafted content within the application may unknowingly trigger the endpoint, causing all active video conferences on the server to be terminated without explicit intent or confirmation. This vulnerability is fixed in 4.10.0. | |||||
| CVE-2025-69021 | 2026-01-20 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 6.0.7. | |||||
| CVE-2025-68998 | 2026-01-20 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Heateor Support Heateor Social Login heateor-social-login allows Cross Site Request Forgery.This issue affects Heateor Social Login: from n/a through <= 1.1.39. | |||||
| CVE-2025-68885 | 2026-01-20 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Page Carbajal Custom Post Status allows Stored XSS.This issue affects Custom Post Status: from n/a through 1.1.0. | |||||
| CVE-2025-68601 | 2026-01-20 | N/A | 8.8 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Cross Site Request Forgery.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.7. | |||||