ReportizFlow
Filtered by vendor
Subscriptions
Total
9153 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8091 | 2 Jakesnyder, Jupitercow | 2 Enhanced Search Box, Enhanced Search Box | 2024-09-27 | 4.8 Medium |
| The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-8092 | 2 Alaingg, Alaingonzalez | 2 Accordion Image Menu, Accordion Image Menu | 2024-09-27 | 5.4 Medium |
| The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-8093 | 2 Lucas Garcia, Lucasgarcia | 2 Posts Reminder, Posts Reminder | 2024-09-27 | 4.8 Medium |
| The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-7820 | 2 Elliot, Ilc Thickbox | 2 Ilc Thickbox, Ilc Thickbox | 2024-09-27 | 4.3 Medium |
| The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-8052 | 2 Joen, Moc | 2 Review Ratings, Review Ratings | 2024-09-27 | 4.8 Medium |
| The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-7816 | 2 Adeelraza, Gixaw Chat | 2 Gixaw Chat, Gixaw Chat | 2024-09-26 | 6.1 Medium |
| The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-3163 | 2 Easy Property Listings, Realestateconnected | 2 Easy Property Listings, Easy Property Listings | 2024-09-26 | 4.3 Medium |
| The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack | ||||
| CVE-2024-46086 | 1 Frogcms Project | 1 Frogcms | 2024-09-25 | 8.8 High |
| FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/delete/123 | ||||
| CVE-2024-46394 | 1 Frogcms Project | 1 Frogcms | 2024-09-25 | 8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add | ||||
| CVE-2024-6862 | 2 Lunary, Lunary-ai | 2 Lunary, Lunary-ai\/lunary | 2024-09-19 | 8.1 High |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in lunary-ai/lunary version 1.2.34 due to overly permissive CORS settings. This vulnerability allows an attacker to sign up for and create projects or use the instance as if they were a user with local access. The main attack vector is for instances hosted locally on personal machines, which are not publicly accessible. The CORS settings in the backend permit all origins, exposing unauthenticated endpoints to CSRF attacks. | ||||
| CVE-2024-39641 | 1 Thimpress | 1 Learnpress | 2024-09-18 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2. | ||||
| CVE-2024-39645 | 1 Themeum | 1 Tutor Lms | 2024-09-18 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2. | ||||
| CVE-2024-39657 | 1 Sender | 1 Sender | 2024-09-18 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce: from n/a through 2.6.18. | ||||
| CVE-2024-43116 | 1 10up | 1 Simple Local Avatars | 2024-09-18 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10. | ||||
| CVE-2024-6017 | 1 Scriptonite | 1 Music Request Manager | 2024-09-13 | 6.1 Medium |
| The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-5203 | 2024-09-13 | 3.7 Low | ||
| After careful review of CVE-2024-5203, it has been determined that the issue is not exploitable in real-world scenarios. Moreover, the exploit assumes that the attacker has access to a session code parameter that matches a cookie on the Keycloak server. However the attacker does not have access to the cookie, and can therefore not craft a malicious request. | ||||
| CVE-2024-43325 | 1 Naiches | 1 Dark Mode For Wp Dashboard | 2024-09-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Naiche Dark Mode for WP Dashboard.This issue affects Dark Mode for WP Dashboard: from n/a through 1.2.3. | ||||
| CVE-2024-43295 | 1 Wpdataaccess | 1 Wp Data Access | 2024-09-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Passionate Programmers B.V. WP Data Access.This issue affects WP Data Access: from n/a through 5.5.7. | ||||
| CVE-2024-43287 | 1 Sendinblue | 1 Newsletter\, Smtp\, Email Marketing And Subscribe | 2024-09-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.82. | ||||
| CVE-2024-43269 | 1 Wpbackitup | 1 Backup And Restore Wordpress | 2024-09-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WPBackItUp Backup and Restore WordPress.This issue affects Backup and Restore WordPress: from n/a through 1.50. | ||||