Total
7680 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0433 | 1 Fabrick | 1 Gestpay For Woocommerce | 2025-02-10 | N/A | 4.3 MEDIUM |
| The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_unset_default_card' function. This makes it possible for unauthenticated attackers to remove the default status of a card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-5097 | 1 Argie | 1 Simple Inventory System | 2025-02-10 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Simple Inventory System 1.0. Affected is an unknown function of the file /tableedit.php#page=editprice. The manipulation of the argument itemnumber leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265080. | |||||
| CVE-2023-51522 | 1 Cozmoslabs | 1 Paid Membership Subscriptions | 2025-02-09 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4. | |||||
| CVE-2024-54355 | 1 Wpmailster | 1 Wp Mailster | 2025-02-07 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0. | |||||
| CVE-2022-0707 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack | |||||
| CVE-2024-24872 | 1 Themify | 1 Builder | 2025-02-07 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5. | |||||
| CVE-2023-30529 | 1 Jenkins | 1 Lucene-search | 2025-02-07 | N/A | 4.3 MEDIUM |
| Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database. | |||||
| CVE-2024-1446 | 1 Nextscripts | 1 Social Networks Auto Poster | 2025-02-07 | N/A | 5.4 MEDIUM |
| The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to delete arbitrary posts or pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-30525 | 1 Jenkins | 1 Report Portal | 2025-02-07 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication. | |||||
| CVE-2025-25156 | 2025-02-07 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Stanko Metodiev Quote Comments allows Stored XSS. This issue affects Quote Comments: from n/a through 2.2.1. | |||||
| CVE-2025-25154 | 2025-02-07 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in scweber Custom Comment Notifications allows Stored XSS. This issue affects Custom Comment Notifications: from n/a through 1.0.8. | |||||
| CVE-2025-25153 | 2025-02-07 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in djjmz Simple Auto Tag allows Stored XSS. This issue affects Simple Auto Tag: from n/a through 1.1. | |||||
| CVE-2025-25152 | 2025-02-07 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in LukaszWiecek Smart DoFollow allows Stored XSS. This issue affects Smart DoFollow: from n/a through 1.0.2. | |||||
| CVE-2025-25149 | 2025-02-07 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Danillo Nunes Login-box allows Stored XSS. This issue affects Login-box: from n/a through 2.0.4. | |||||
| CVE-2025-25148 | 2025-02-07 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ElbowRobo Read More Copy Link allows Stored XSS. This issue affects Read More Copy Link: from n/a through 1.0.2. | |||||
| CVE-2025-25147 | 2025-02-07 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Phillip.Gooch Auto SEO allows Stored XSS. This issue affects Auto SEO: from n/a through 2.5.6. | |||||
| CVE-2025-25146 | 2025-02-07 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in saleandro Songkick Concerts and Festivals allows Cross Site Request Forgery. This issue affects Songkick Concerts and Festivals: from n/a through 0.9.7. | |||||
| CVE-2025-25145 | 2025-02-07 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics allows Cross Site Request Forgery. This issue affects Infusionsoft Analytics: from n/a through 2.0. | |||||
| CVE-2025-25143 | 2025-02-07 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ibasit GlobalQuran allows Cross Site Request Forgery. This issue affects GlobalQuran: from n/a through 1.0. | |||||
| CVE-2025-25140 | 2025-02-07 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile allows Stored XSS. This issue affects Simple User Profile: from n/a through 1.9. | |||||