Total
7682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30536 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Slugs Manager.This issue affects Slugs Manager: from n/a through 2.6.7. | |||||
| CVE-2024-30521 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Landingi Landingi Landing Pages.This issue affects Landingi Landing Pages: from n/a through 3.1.1. | |||||
| CVE-2024-30518 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0. | |||||
| CVE-2024-30493 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7. | |||||
| CVE-2024-30468 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.This issue affects All In One WP Security & Firewall: from n/a through 5.2.6. | |||||
| CVE-2024-30460 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Tumult Inc Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.11. | |||||
| CVE-2024-30457 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.1. | |||||
| CVE-2024-30421 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1. | |||||
| CVE-2024-2911 | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-2904 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calliope.This issue affects Calliope: from n/a through 1.0.33. | |||||
| CVE-2024-2817 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-2816 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-2748 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-2741 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to trick some authenticated users into performing actions in their session, such as adding or updating accounts through the Switch web interface. | |||||
| CVE-2024-2483 | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0. This issue affects some unknown processing of the file /change-password.php of the component Password Change Handler. The manipulation of the argument oldpassword leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256889 was assigned to this vulnerability. | |||||
| CVE-2024-2416 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Cross-Site Request Forgery vulnerability in Movistar's 4G router affecting version ES_WLD71-T1_v2.0.201820. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application in which they are currently authenticated. | |||||
| CVE-2024-2376 | 1 2code | 1 Wpqa Builder | 2024-11-21 | N/A | 8.8 HIGH |
| The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | |||||
| CVE-2024-2368 | 1 Wobbie | 1 Mollie Forms | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm() function. This makes it possible for unauthenticated attackers to duplicate forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-2354 | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-2288 | 1 Lollms | 1 Lollms Web Ui | 2024-11-21 | N/A | 8.3 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers to change a victim's profile picture without their consent, potentially leading to a denial of service by overloading the filesystem with files. Additionally, this flaw can be exploited to perform a stored cross-site scripting (XSS) attack, enabling attackers to execute arbitrary JavaScript in the context of the victim's browser session. The issue is resolved in version 9.3. | |||||