Total
7382 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25379 | 1 07fly | 1 07flycms | 2025-04-15 | N/A | 9.6 CRITICAL |
| Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component. | |||||
| CVE-2024-57611 | 1 07fly | 1 07flycms | 2025-04-15 | N/A | 3.5 LOW |
| 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId. | |||||
| CVE-2024-57159 | 1 07fly | 1 07flycms | 2025-04-15 | N/A | 3.5 LOW |
| 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html. | |||||
| CVE-2024-33651 | 1 Mf Gig Calendar Project | 1 Mf Gig Calendar | 2025-04-15 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through 1.2.1. | |||||
| CVE-2025-2871 | 2025-04-15 | N/A | 4.3 MEDIUM | ||
| The WordPress Mega Menu – QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajax_dismiss_notice() function. This makes it possible for unauthenticated attackers to update any user meta to a value of one, including wp_capabilities which could result in a privilege deescalation of an administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-13338 | 2025-04-15 | N/A | 5.3 MEDIUM | ||
| The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the wclearfy_cache_delete functionality . This makes it possible for unauthenticated attackers to clear the cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-27009 | 2025-04-15 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro allows Stored XSS.This issue affects My auctions allegro: from n/a through 3.6.20. | |||||
| CVE-2025-3557 | 2025-04-15 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-30965 | 2025-04-15 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Cross Site Request Forgery. This issue affects WPJobBoard: from n/a through n/a. | |||||
| CVE-2025-3561 | 2025-04-15 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-13337 | 2025-04-15 | N/A | 4.3 MEDIUM | ||
| The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the 'setup-wbcr_clearfy' page. This makes it possible for unauthenticated attackers to update the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-34957 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 5.4 MEDIUM |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet. | |||||
| CVE-2024-34958 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 6.5 MEDIUM |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add | |||||
| CVE-2024-35011 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 5.4 MEDIUM |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close. | |||||
| CVE-2024-35012 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 6.3 MEDIUM |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close. | |||||
| CVE-2024-35039 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 3.8 LOW |
| idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area. | |||||
| CVE-2024-35108 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 8.8 HIGH |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN. | |||||
| CVE-2024-35109 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 6.5 MEDIUM |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close. | |||||
| CVE-2024-36670 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 8.8 HIGH |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del | |||||
| CVE-2024-39019 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 5.4 MEDIUM |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/idcProData_deal.php?mudi=del | |||||