Total
7663 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-3538 | 1 Webmaster Tools Verification Project | 1 Webmaster Tools Verification | 2025-04-30 | N/A | 6.5 MEDIUM |
The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins | |||||
CVE-2025-46249 | 1 Migaweb | 1 Simple Calendar For Elementor | 2025-04-30 | N/A | 4.3 MEDIUM |
Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.4. | |||||
CVE-2025-46251 | 1 E4jconnect | 1 Vikrestaurants Table Reservations And Take-away | 2025-04-30 | N/A | 7.1 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Cross Site Request Forgery. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.3.3. | |||||
CVE-2022-43693 | 1 Concretecms | 1 Concrete Cms | 2025-04-30 | N/A | 8.8 HIGH |
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth. | |||||
CVE-2025-27189 | 1 Adobe | 1 Commerce B2b | 2025-04-30 | N/A | 4.3 MEDIUM |
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to the vulnerable application, which may disrupt service availability. Exploitation of this issue requires user interaction, typically in the form of clicking a malicious link or visiting an attacker-controlled website. | |||||
CVE-2022-42246 | 1 Duofoxtechnologies | 1 Duofox Cms | 2025-04-29 | N/A | 8.8 HIGH |
Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account. | |||||
CVE-2020-23582 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-29 | N/A | 6.5 MEDIUM |
A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID. | |||||
CVE-2025-46241 | 1 Codepeople | 1 Appointment Booking Calendar | 2025-04-29 | N/A | 8.2 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar allows SQL Injection. This issue affects Appointment Booking Calendar: from n/a through 1.3.92. | |||||
CVE-2025-46243 | 1 Sktthemes | 1 Recover Abandoned Cart For Woocommerce | 2025-04-29 | N/A | 4.3 MEDIUM |
Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows Cross Site Request Forgery. This issue affects Recover abandoned cart for WooCommerce: from n/a through 2.2. | |||||
CVE-2025-46245 | 1 Cminds | 1 Cm Ad Changer | 2025-04-29 | N/A | 4.3 MEDIUM |
Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer allows Cross Site Request Forgery. This issue affects CM Ad Changer: from n/a through 2.0.5. | |||||
CVE-2025-46246 | 1 Cminds | 1 Cm Answers | 2025-04-29 | N/A | 4.3 MEDIUM |
Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers allows Cross Site Request Forgery. This issue affects CM Answers: from n/a through 3.3.3. | |||||
CVE-2025-31690 | 2025-04-29 | N/A | 8.8 HIGH | ||
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cache Utility allows Cross Site Request Forgery.This issue affects Cache Utility: from 0.0.0 before 1.2.1. | |||||
CVE-2025-31689 | 2025-04-29 | N/A | 8.1 HIGH | ||
Cross-Site Request Forgery (CSRF) vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2. | |||||
CVE-2025-31688 | 2025-04-29 | N/A | 6.8 MEDIUM | ||
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Configuration Split allows Cross Site Request Forgery.This issue affects Configuration Split: from 0.0.0 before 1.10.0, from 2.0.0 before 2.0.2. | |||||
CVE-2025-31684 | 2025-04-29 | N/A | 6.8 MEDIUM | ||
Cross-Site Request Forgery (CSRF) vulnerability in Drupal OAuth2 Client allows Cross Site Request Forgery.This issue affects OAuth2 Client: from 0.0.0 before 4.1.3. | |||||
CVE-2021-29334 | 1 Jizhicms | 1 Jizhicms | 2025-04-29 | N/A | 8.8 HIGH |
An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html | |||||
CVE-2020-23593 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-29 | N/A | 6.5 MEDIUM |
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ' /mgm_log_cfg.asp.' The system starts to log events, 'Remote' mode or 'Both' mode on "Syslog -- Configuration page" logs events and sends to remote syslog server IP and Port. | |||||
CVE-2020-23592 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-29 | N/A | 8.8 HIGH |
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ' /mgm_dev_reset.asp.' Resetting to default leads to Escalation of Privileges by logging-in with default credentials. | |||||
CVE-2020-23590 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-29 | N/A | 6.5 MEDIUM |
A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to change the Password for "WLAN SSID" through "wlwpa.asp". | |||||
CVE-2020-23589 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-29 | N/A | 6.5 MEDIUM |
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to cause a Denial of Service by Rebooting the router through " /mgm_dev_reboot.asp." |