Export limit exceeded: 10163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9969 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3059 | 1 Enl Newsletter Plugin Project | 1 Enl-newsletter | 2025-05-07 | 5.7 Medium |
| The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack | ||||
| CVE-2024-3058 | 1 Enl Newsletter Plugin Project | 1 Enl-newsletter | 2025-05-07 | 5.4 Medium |
| The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-1756 | 1 Vanquish | 1 Woocommerce Customers Manager | 2025-05-07 | 6.5 Medium |
| The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name | ||||
| CVE-2024-20281 | 1 Cisco | 4 Nexus Dashboard, Nexus Dashboard Fabric Controller, Nexus Dashboard Insights and 1 more | 2025-05-07 | 7.5 High |
| A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts. Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability. | ||||
| CVE-2023-28172 | 1 Weplugins | 1 Wp Maps | 2025-05-07 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions. | ||||
| CVE-2022-25600 | 2 Fedoraproject, Weplugins | 2 Fedora, Wp Maps | 2025-05-07 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). | ||||
| CVE-2015-9309 | 1 Weplugins | 1 Wp Maps | 2025-05-07 | 8.8 High |
| The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature. | ||||
| CVE-2015-9308 | 1 Weplugins | 1 Wp Maps | 2025-05-07 | 8.8 High |
| The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature. | ||||
| CVE-2015-9307 | 1 Weplugins | 1 Wp Maps | 2025-05-07 | 8.8 High |
| The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature. | ||||
| CVE-2023-6499 | 1 Calenfretts | 1 Lastunes | 2025-05-06 | 5.4 Medium |
| The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2022-3419 | 1 Addify | 1 Automatic User Roles Switcher | 2025-05-06 | 6.5 Medium |
| The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator | ||||
| CVE-2022-40291 | 1 Phppointofsale | 1 Php Point Of Sale | 2025-05-06 | 8.8 High |
| The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts. | ||||
| CVE-2024-13118 | 1 Brijeshk89 | 1 Ip Based Login | 2025-05-06 | 4.3 Medium |
| The IP Based Login WordPress plugin before 2.4.1 does not have CSRF checks in some places, which could allow attackers to make logged in users delete all logs via a CSRF attack | ||||
| CVE-2022-40488 | 1 Processwire | 1 Processwire | 2025-05-06 | 6.5 Medium |
| ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF). | ||||
| CVE-2018-6336 | 1 Linuxfoundation | 1 Osquery | 2025-05-06 | 7.8 High |
| An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7 | ||||
| CVE-2024-5076 | 1 Tipsandtricks-hq | 1 Wp Emember | 2025-05-06 | 8.8 High |
| The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2024-5077 | 1 Tipsandtricks-hq | 1 Wp Emember | 2025-05-06 | 6.8 Medium |
| The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-13826 | 1 Intricateweb | 1 Email Keep | 2025-05-06 | 5.4 Medium |
| The Email Keep WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-42764 | 2 Kashipara, Kjayvik | 2 Bus Ticket Reservation System, Bus Ticket Reservation System | 2025-05-06 | 9.4 Critical |
| Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php. | ||||
| CVE-2022-2387 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-05-05 | 4.3 Medium |
| The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack | ||||