Total
9168 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47020 | 1 Ncratleos | 1 Terminal Handler | 2025-06-10 | 8.8 High |
| Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types. | ||||
| CVE-2025-47708 | 1 Miniorange | 1 Miniorange 2fa | 2025-06-10 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | ||||
| CVE-2024-3076 | 1 Mmilan81 | 1 Mm-email2image | 2025-06-10 | 3.8 Low |
| The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2023-27633 | 1 Pixelgrade | 1 Customify | 2025-06-10 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin <= 2.10.4 versions. | ||||
| CVE-2023-27453 | 1 Lws | 1 Lws Tools | 2025-06-10 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.3.1 versions. | ||||
| CVE-2024-5081 | 2 Tipsandtricks-hq, Wp Emember | 2 Wp Emember, Wp Emember | 2025-06-09 | 6.1 Medium |
| The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-6496 | 1 Dmytropopov | 1 Light Poll | 2025-06-09 | 6.5 Medium |
| The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks when deleting polls, which could allow attackers to make logged in users perform such action via a CSRF attack | ||||
| CVE-2024-22818 | 1 Flycms Project | 1 Flycms | 2025-06-09 | 8.8 High |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save | ||||
| CVE-2024-12750 | 1 Raiserweb | 1 Competition Form | 2025-06-09 | 4.3 Medium |
| The Competition Form WordPress plugin through 2.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-11373 | 1 Floriansimunek | 1 Connexion Logs | 2025-06-09 | 4.3 Medium |
| The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-11719 | 1 Couleurcitron | 1 Tarteaucitron-wp | 2025-06-09 | 6.1 Medium |
| The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-12301 | 1 Joomlaserviceprovider | 1 Jsp Store Locator | 2025-06-09 | 6.5 Medium |
| The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. | ||||
| CVE-2024-12282 | 1 Smyx | 1 Wp-connect | 2025-06-09 | 6.1 Medium |
| The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-10634 | 1 Nokautpl | 1 Nokaut Offers Box | 2025-06-09 | 4.3 Medium |
| The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack | ||||
| CVE-2025-5521 | 1 5kcrm | 1 Wukongcrm | 2025-06-09 | 4.3 Medium |
| A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-5155 | 1 Ravster | 1 Inquiry Cart | 2025-06-06 | 6.1 Medium |
| The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-50858 | 1 Gestioip | 1 Gestioip | 2025-06-06 | 8.8 High |
| Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration. | ||||
| CVE-2024-28158 | 1 Jenkins | 1 Subversion Partial Release Manager | 2025-06-06 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build. | ||||
| CVE-2025-24398 | 1 Jenkins | 1 Bitbucket Server Integration | 2025-06-06 | 8.8 High |
| Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | ||||
| CVE-2024-42553 | 1 Vaibhavverma9999 | 1 Hotel Management System | 2025-06-05 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. | ||||