CWE:
 

Topic
Date
Author
Low
PHPJabbers Vacation Rental Script 4.0 Cross Site Request Forgery
09.08.2023
Hasan Ali YILDIR
Low
WBCE CMS 1.6.1 Open Redirect & CSRF
03.07.2023
Mirabbas A─čalarov
Low
WordPress WP Sticky Social 1.0.1 CSRF / Cross Site Scripting
22.06.2023
Amirhossein Bahramizad...
Low
Siemens SIMATIC S7-1200 Cross Site Request Forgery
21.05.2023
RoseSecurity
Med.
WordPress Core 6.2 XSS / CSRF / Directory Traversal
17.05.2023
Jakub Zoczek
High
KODExplorer 4.49 Cross Site Request Forgery / Shell Upload
21.04.2023
Mr Empy
Low
WordPress Real Estate 7 Theme <= 3.3.4 - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities
05.03.2023
FearZzZz
Low
WordPress WoodMart Theme <= 7.1.1 - Theme License Options Change via CSRF
05.03.2023
FearZzZz
Low
WordPress WoodMart Theme 7.1.1 Cross Site Request Forgery
01.03.2023
fearzzzz
Med.
Demanzo Matrimony 1.5 Cross Site Request Forgery
19.02.2023
indoushka
Med.
WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization
02.02.2023
Marco Wotschka
Low
Tiki Wiki CMS Groupware 25.0 Cross Site Request Forgery
11.01.2023
EgiX
High
WordPress Royal Elementor 1.3.59 XSS / CSRF / Insufficient Access Controls
11.01.2023
Ramuel Gall
Med.
F5 BIG-IP iControl Cross Site Request Forgery
21.11.2022
Ron Bowes
Low
WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery
15.11.2022
Julien Ahrens
Med.
Online Birth Certificate Management System 1.0 Cross Site Request Forgery
27.09.2022
Yousef Alraddadi
Low
Online Employee Leave Management System 1.0 Cross Site Request Forgery
06.09.2022
Amolo Hunters
High
WordPress Ecwid Ecommerce Shopping Cart 6.10.23 Cross Site Request Forgery
06.08.2022
Marco Wotschka
Low
Transposh WordPress Translation 1.0.8.1 Cross Site Request Forgery
01.08.2022
Julien Ahrens
Med.
WordPress Plugin Blue Admin 21.06.01 Cross-Site Request Forgery (CSRF)
02.07.2022
Anonymous
Low
Marval MSM 14.19.0.12476 Cross Site Request Forgery
20.06.2022
Momen Eldawakhly
Low
PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting
22.05.2022
Rodolfo Tavares
Low
WordPress Blue Admin 21.06.01 Cross Site Request Forgery
11.05.2022
Abisheik M
Low
qdPM 9.2 Cross Site Request Forgery
07.04.2022
Chetanya Sharma
Low
WordPress Curtain 1.0.2 Cross Site Request Forgery
30.03.2022
Hassan Khan Yusufzai
Low
ICEHRM 31.0.0.0S Cross Site Request Forgery
22.03.2022
Devansh Bordia
Low
iRZ Mobile Router Cross Site Request Forgery / Remote Code Execution
22.03.2022
Robert Willis
Low
FileCloud 21.2 Cross Site Request Forgery
23.02.2022
Masashi Fujiwara
High
Zyxel Buffer Overflow / File Disclosure / CSRF / XSS / Broken Access Control
17.02.2022
Stefan Viehbock
Low
WordPress International SMS For Contact Form 7 Integration 1.2 CSRF
15.02.2022
Milad Karimi
Low
Subrion CMS 4.2.1 Cross Site Request Forgery
12.02.2022
Aryan Chehreghani
High
FileBrowser 2.17.2 Code Execution / Cross Site Request Forgery
08.02.2022
Febin Mon Saji
High
Korenix Technology JetWave CSRF / Command Injection / Missing Authentication
07.02.2022
T. Weber
Low
OpenBMCS 2.4 Cross Site Request Forgery
17.01.2022
LiquidWorm
Med.
SB Admin Cross Site Request Forgery / SQL Injection
17.01.2022
Taurus Omar
High
Arunna 1.0.0 Cross Site Request Forgery
17.12.2021
L_L
Low
Zucchetti Axess CLOKI Access Control 1.64 Cross Site Request Forgery
16.12.2021
LiquidWorm
Low
Quick.CMS 6.7 Cross Site Request Forgery / Cross Site Scripting
17.11.2021
Rahad Chowdhury
Low
PHP Laravel 8.70.1 Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)
15.11.2021
Hosein Vita
Low
PHPGurukul Hostel Management System 2.1 Cross-site request forgery (CSRF) to Cross-site Scripting (XSS)
30.10.2021
Anubhav Singh
Med.
Hostel Management System 2.1 Cross Site Request Forgery / Cross Site Scripting
28.10.2021
Anubhav Singh
Med.
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Add Admin Cross-Site Request Forgery (CSRF)
29.09.2021
LiquidWorm
Low
ECOA Building Automation System multiple Cross-Site Request Forgery (CSRF)
24.09.2021
Neurogenesia
High
Backdrop CMS 1.20.0 Cross Site Request Forgery / Command Execution
23.09.2021
V1n1v131r4
Low
WordPress Fitness Calculators 1.9.5 Cross Site Request Forgery
23.09.2021
0xB9
Low
ECOA Building Automation System Cross Site Request Forgery
13.09.2021
Neurogenesia
Low
Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials
20.08.2021
T. Weber
Low
Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery
01.08.2021
LiquidWorm
High
CloverDX 5.9.0 Code Execution / Cross Site Request Forgery
30.07.2021
niebardzo
Low
Webmin 1.973 Cross Site Request Forgery
14.07.2021
Mesh3l_911
Low
b2evolution 7.2.2 Cross Site Request Forgery
02.07.2021
Alperen Ergel
Low
ICE Hrm 29.0.0.OS Account Takeover Cross-Site Request Forgery (CSRF)
19.06.2021
Piyush Patil & Rafal L...
High
WordPress Plugin Database Backups 1.2.2.6 Database Backup Download CSRF
19.06.2021
0xB9
Med.
Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication
01.06.2021
T. Weber
Low
Ubee EVW327 Cross Site Request Forgery
01.06.2021
lated
Low
Dental Clinic Appointment Reservation System 1.0 Cross Site Request Forgery (Add Admin)
19.05.2021
Reza Afsahi
Low
NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery
18.05.2021
Harry Sintonen
Med.
Sipwise C5 NGCP CSC Click2Dial Cross-Site Request Forgery
23.04.2021
LiquidWorm
High
GetSimple CMS My SMTP Contact 1.1.1 CSRF / Remote Code Execution
18.04.2021
Bobby Cooke
Med.
GetSimple CMS My SMTP Contact Plugin 1.1.1 CSRF to RCE
16.04.2021
Bobby Cooke
Low
DMA Radius Manager 4.4.0 Cross Site Request Forgery
08.04.2021
Issac Briones
Low
Papoo CMS Cross Site Request Forgery
05.04.2021
Reinhard Westerholt
Low
GetSimple CMS Custom JS Plugin 0.1 CSRF to Persistent XSS
31.03.2021
Abhishek Joshi
Low
SOYAL Biometric Access Control System 5.0 Cross Site Request Forgery
20.03.2021
LiquidWorm
High
VestaCP 0.9.8 File Upload CSRF
17.03.2021
Fady Othman
Low
OpenCMS 11.0.2 Cross Site Request Forgery / Open Redirection
09.03.2021
Daniel Moreno
Low
e107 CMS 2.3.0 Cross Site Request Forgery
04.03.2021
Tadjmen
High
Unibox 2.4 CSRF / Remote Code Execution
08.02.2021
Kaustubh G. Padwad
Low
Unibox Cross Site Request Forgery
08.02.2021
Kaustubh G. Padwad
Low
bloofoxCMS 0.5.2.1 CSRF (Add user)
05.02.2021
LiPeiYi
Low
Pixelimity 1.0 Cross Site Request Forgery
04.02.2021
Noth
Med.
STVS ProVision 5.9.10 Cross Site Request Forgery
29.01.2021
LiquidWorm
Low
Anchor CMS 0.12.7 CSRF (Delete user)
21.01.2021
Ninad Mishra
Low
PHP-Fusion 9.03.90 Cross Site Request Forgery
16.01.2021
Mohamed Oosman B S
Low
Online Hotel Reservation System 1.0 Cross Site Request Forgery
15.01.2021
Mesut Cetin
Low
Advanced Webhost Billing System 3.7.0 Cross Site Request Forgery
07.01.2021
Rahul Ramakant Singh
Low
TypeSetter 5.1 Cross Site Request Forgery
03.01.2021
Alperen Ergel
Low
Rukovoditel 2.6.1 Cross Site Request Forgery
15.12.2020
KeopssGroup0day Inc
Low
OpenAsset Digital Asset Management Cross Site Request Forgery
14.12.2020
Jack Misiura
Low
OpenCart 3.0.3.6 Cross Site Request Forgery
10.12.2020
Mahendra Purbia
Low
EgavilanMedia User Registration & Login System with Admin Panel 1.0 CSRF
04.12.2020
Hardik Solanki
Med.
ZTE MF253V 1.0.0B04 XSS / CSRF / Hardcoded Password
28.11.2020
T. Weber
Low
Customer Support System 1.0 Cross Site Request Forgery
11.11.2020
Ahmed Abbas
High
Genexis Platinum-4410 P4410-V2-1.28 Broken Access Control and CSRF
11.11.2020
Jinson Varghese Behana...
Med.
Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
05.11.2020
Wolfgang Ettlinger
Low
iDS6 DSSPro Digital Signage System 6.2 Cross Site Request Forgery
05.11.2020
LiquidWorm
Low
Genexis Platinum-4410 P4410-V2-1.28 Cross Site Request Forgery
29.10.2020
Mohammed Farhan
Low
Textpattern CMS 4.6.2 Cross-site Request Forgery
19.10.2020
Alperen Ergel
Low
B-swiss 3 Digital Signage System 3.6.5 Cross-Site Request Forgery (Add Maintenance Admin)
15.10.2020
LiquidWorm
High
Garfield Petshop 2020-10-01 Cross Site Request Forgery
09.10.2020
Ramdan Yantu
Low
Liman 0.7 Cross Site Request Forgery
07.10.2020
George Tsimpidas
Med.
RocketLinx Series Authentication Bypass / CSRF / Command Injection
05.10.2020
T. Weber
Low
MonoCMS Blog 1.0 File Deletion / CSRF / Hardcoded Credentials
01.10.2020
Shahrukh Iqbal Mirza
Low
SpinetiX Fusion Digital Signage 3.4.8 Cross Site Request Forgery
01.10.2020
LiquidWorm
Low
BlackCat CMS 1.3.6 Cross Site Request Forgery
23.09.2020
Noth
Med.
Scopia XT Desktop 8.3.915.4 Cross-Site Request Forgery (change admin password)
10.09.2020
v1n1v131r4
Med.
Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
05.09.2020
T. Weber
Low
Hyland OnBase Cross Site Request Forgery
05.09.2020
Adaptive Security Cons...
Low
Stock Management System 1.0 Cross-Site Request Forgery (Change Username)
02.09.2020
Bobby Cooke & Adeeb Sh...
Med.
All-Dynamics Digital Signage System 2.0.2 Cross-Site Request Forgery (Add Admin)
17.08.2020
Gjoko 'LiquidWorm' Krs...


CVEMAP Search Results

CVE
Details
Description
2023-09-25
Waiting for details
CVE-2023-3547

Updating...
 

 
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.

 
2023-09-18
Waiting for details
CVE-2023-39446

Updating...
 

 
** UNSUPPPORTED WHEN ASSIGNED ** Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application.

 
Waiting for details
CVE-2023-5036

Updating...
 

 
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.

 
2023-09-13
Waiting for details
CVE-2023-4916

Updating...
 

 
The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.8. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

 
2023-09-11
Waiting for details
CVE-2023-4318

Updating...
 

 
The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack

 
Waiting for details
CVE-2023-4307

Updating...
 

 
The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack

 
Waiting for details
CVE-2023-3510

Updating...
 

 
The FTP Access WordPress plugin through 1.0 does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin will view the settings of the plugin. The attack could also be perform via CSRF against any authenticated user.

 
2023-09-10
Waiting for details
CVE-2023-4869

Updating...
 

 
A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file update.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-239354 is the identifier assigned to this vulnerability.

 
Waiting for details
CVE-2023-4868

Updating...
 

 
A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239353 was assigned to this vulnerability.

 
2023-09-09
Waiting for details
CVE-2023-4865

Updating...
 

 
A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239350 is the identifier assigned to this vulnerability.

 

 


Copyright 2023, cxsecurity.com

 

Back to Top