Export limit exceeded: 346626 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9132 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5077 | 1 Tipsandtricks-hq | 1 Wp Emember | 2025-05-06 | 6.8 Medium |
| The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-13826 | 1 Intricateweb | 1 Email Keep | 2025-05-06 | 5.4 Medium |
| The Email Keep WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-42764 | 2 Kashipara, Kjayvik | 2 Bus Ticket Reservation System, Bus Ticket Reservation System | 2025-05-06 | 9.4 Critical |
| Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php. | ||||
| CVE-2022-2387 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-05-05 | 4.3 Medium |
| The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack | ||||
| CVE-2021-28656 | 1 Apache | 1 Zeppelin | 2025-05-05 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. | ||||
| CVE-2024-0779 | 1 Mediabetaprojects | 1 Enjoy Social Feed | 2025-05-05 | 8.8 High |
| The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example | ||||
| CVE-2024-0858 | 1 Theinnovs | 1 Innovs Hr | 2025-05-05 | 8.8 High |
| The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees. | ||||
| CVE-2024-0856 | 1 Codepeople | 1 Appointment Booking Calendar | 2025-05-05 | 8.8 High |
| The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying. | ||||
| CVE-2018-10312 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member. | ||||
| CVE-2018-18711 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info. | ||||
| CVE-2018-18712 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1. | ||||
| CVE-2018-10248 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete. | ||||
| CVE-2018-11493 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add. | ||||
| CVE-2024-3940 | 1 Bozdoz | 1 Recaptcha Jetpack | 2025-05-05 | 8.8 High |
| The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-3941 | 1 Bozdoz | 1 Recaptcha Jetpack | 2025-05-05 | 4.7 Medium |
| The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2021-34645 | 1 Wpeasycart | 1 Shopping Cart \& Ecommerce Store | 2025-05-05 | 8.8 High |
| The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_currency_settings function found in the ~/admin/inc/wp_easycart_admin_initial_setup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0. | ||||
| CVE-2022-42751 | 1 Auieo | 1 Candidats | 2025-05-05 | 8.8 High |
| CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions. | ||||
| CVE-2022-30608 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-05 | 8.8 High |
| "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295. | ||||
| CVE-2024-21381 | 1 Microsoft | 1 Azure Active Directory | 2025-05-03 | 6.8 Medium |
| Microsoft Azure Active Directory B2C Spoofing Vulnerability | ||||
| CVE-2022-41413 | 1 Perfsonar | 1 Perfsonar | 2025-05-02 | 4.3 Medium |
| perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function. | ||||