Total
8645 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1909 | 1 Frenify | 1 Categorify | 2025-01-07 | N/A | 4.3 MEDIUM |
| The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-1910 | 1 Frenify | 1 Categorify | 2025-01-07 | N/A | 4.3 MEDIUM |
| The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-1912 | 1 Frenify | 1 Categorify | 2025-01-07 | N/A | 4.3 MEDIUM |
| The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update the folder position of categories as well as update the metadata of other taxonomies via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-12383 | 2025-01-07 | N/A | 6.1 MEDIUM | ||
| The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'bmw_display_pv_set_page' function and insufficient input sanitization and output escaping of the 'product_points' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-12322 | 2025-01-07 | N/A | 8.8 HIGH | ||
| The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the 'update_option' function. This makes it possible for unauthenticated attackers to update the 'tpwKey' option with stored cross-site scripting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-12291 | 2025-01-07 | N/A | 6.1 MEDIUM | ||
| The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-12288 | 2025-01-07 | N/A | 6.1 MEDIUM | ||
| The Simple add pages or posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-12170 | 2025-01-07 | N/A | 5.4 MEDIUM | ||
| The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-12557 | 2025-01-07 | N/A | 6.1 MEDIUM | ||
| The Transporters.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.84. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-12541 | 2025-01-07 | N/A | 5.4 MEDIUM | ||
| The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the add_chative_widget_action() function. This makes it possible for unauthenticated attackers to change the channel ID or organization ID via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This could lead to redirecting the live chat widget to an attacker-controlled channel. | |||||
| CVE-2024-9665 | 1 Zimbra | 1 Zimbra | 2025-01-03 | N/A | 6.5 MEDIUM |
| Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerability in that the target must open a malicious email message. The specific flaw exists within the implementation of the graphql endpoint. The issue results from the lack of proper protections against cross-site request forgery (CSRF) attacks. An attacker can leverage this vulnerability to disclose information in the context of the target email account. Was ZDI-CAN-23939. | |||||
| CVE-2023-35141 | 1 Jenkins | 1 Jenkins | 2025-01-02 | N/A | 8.0 HIGH |
| In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu. | |||||
| CVE-2024-38732 | 2025-01-02 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in VolThemes Patricia Blog allows Cross Site Request Forgery.This issue affects Patricia Blog: from n/a through 1.2. | |||||
| CVE-2024-38731 | 2025-01-02 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Marsian i-amaze allows Cross Site Request Forgery.This issue affects i-amaze: from n/a through 1.3.7. | |||||
| CVE-2024-37931 | 2025-01-02 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Creativthemes Point allows Cross Site Request Forgery.This issue affects Point: from n/a through 1.1. | |||||
| CVE-2024-37925 | 2025-01-02 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in BUDDYBOSS LLC BuddyBoss Theme allows Cross Site Request Forgery.This issue affects BuddyBoss Theme: from n/a through 2.4.61. | |||||
| CVE-2024-37452 | 2025-01-02 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop Schema Lite allows Cross Site Request Forgery.This issue affects Schema Lite: from n/a through 1.2.2. | |||||
| CVE-2024-37438 | 2025-01-02 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Cross Site Request Forgery.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a before 4.1.4.1. | |||||
| CVE-2024-37241 | 2025-01-02 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager - Resume Manager allows Cross Site Request Forgery.This issue affects WP Job Manager - Resume Manager: from n/a through 2.1.0. | |||||
| CVE-2024-38764 | 2025-01-02 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Marsian allows Cross Site Request Forgery.This issue affects i-transform: from n/a through 3.0.9. | |||||