Total
8478 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37435 | 1 Rarathemes | 1 Perfect Portfolio | 2026-01-08 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Perfect Portfolio allows Cross Site Request Forgery.This issue affects Perfect Portfolio: from n/a through 1.2.0. | |||||
| CVE-2024-31371 | 1 Xylusthemes | 1 Wp Event Aggregator | 2026-01-07 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6. | |||||
| CVE-2024-33688 | 1 Extendthemes | 1 Teluro | 2026-01-07 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31. | |||||
| CVE-2024-34809 | 1 Extendthemes | 1 Empowerwp | 2026-01-07 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes EmpowerWP.This issue affects EmpowerWP: from n/a through 1.0.21. | |||||
| CVE-2022-47443 | 1 Danielpowney | 1 Multi Rating | 2026-01-07 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions. | |||||
| CVE-2024-31429 | 1 Blossomthemes | 1 Sarada | 2026-01-07 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Sarada Lite.This issue affects Sarada Lite: from n/a through 1.1.2. | |||||
| CVE-2024-37243 | 1 Blossomthemes | 1 Vandana | 2026-01-07 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Vandana Lite allows Cross Site Request Forgery.This issue affects Vandana Lite: from n/a through 1.1.9. | |||||
| CVE-2023-50931 | 1 Savignano | 1 S-notify | 2026-01-06 | N/A | 8.3 HIGH |
| An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Bitbucket, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be. | |||||
| CVE-2023-50932 | 1 Savignano | 1 S-notify | 2026-01-06 | N/A | 8.3 HIGH |
| An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Confluence, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be. | |||||
| CVE-2025-14163 | 1 Leap13 | 1 Premium Addons For Elementor | 2026-01-05 | N/A | 4.3 MEDIUM |
| The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insert_inner_template' function. This makes it possible for unauthenticated attackers to create arbitrary Elementor templates via a forged request granted they can trick a site administrator or other user with the edit_posts capability into performing an action such as clicking on a link. | |||||
| CVE-2024-6719 | 1 Webgarh | 1 Offload Videos | 2026-01-05 | N/A | 8.1 HIGH |
| The Offload Videos WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow low privilege users to update them via a CSRF attack | |||||
| CVE-2025-65203 | 1 Keepassxc | 1 Keepassxc-browser | 2026-01-05 | N/A | 7.1 HIGH |
| KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directive and iframe attribute sandbox, allowing attacker-controlled script in the sandboxed document to access populated form fields and exfiltrate credentials. | |||||
| CVE-2025-35030 | 1 Mieweb | 1 Enterprise Health | 2026-01-02 | N/A | 8.1 HIGH |
| Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that administrative user. This issue is fixed as of 2025-04-08. | |||||
| CVE-2024-6230 | 1 Wp-master | 1 Pardakht-delkhah | 2026-01-02 | N/A | 6.5 MEDIUM |
| The پلاگین پرداخت دلخواه WordPress plugin through 2.9.8 does not have CSRF check in place when resetting its form fields, which could allow attackers to make a logged in admin perform such action via a CSRF attack | |||||
| CVE-2024-2232 | 1 2code | 1 Himer | 2026-01-02 | N/A | 8.1 HIGH |
| The lacks CSRF checks allowing a user to invite any user to any group (including private groups) | |||||
| CVE-2025-66906 | 1 Turms-im | 1 Turms | 2026-01-02 | N/A | 6.1 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges. | |||||
| CVE-2025-66953 | 1 Nardamiteq | 2 Upc2, Upc2 Firmware | 2026-01-02 | N/A | 8.8 HIGH |
| CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.17 allows a remote attacker to execute arbitrary code via the Web-based management interface and specifically the /system_setup.htm, /set_clock.htm, /receiver_setup.htm, /cal.htm?..., and /channel_setup.htm endpoints | |||||
| CVE-2025-67013 | 1 Etlsystems | 54 C0401d1uia-22476, C0401d1uia-22476 Firmware, C0401d1ula-22419 and 51 more | 2026-01-02 | N/A | 6.5 MEDIUM |
| The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery (CSRF) protection mechanisms (no tokens, no Origin/Referer validation) on critical configuration endpoints. | |||||
| CVE-2024-30855 | 1 Dedecms | 1 Dedecms | 2026-01-02 | N/A | 8.8 HIGH |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php. | |||||
| CVE-2021-40965 | 1 Prasathmani | 1 Tiny File Manager | 2025-12-31 | 9.3 HIGH | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker. | |||||