| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-Site Request Forgery (CSRF) vulnerability in sminozzi reCAPTCHA for all recaptcha-for-all allows Cross Site Request Forgery.This issue affects reCAPTCHA for all: from n/a through <= 2.26. |
| Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through 0.2.43. |
| Cross-Site Request Forgery (CSRF) vulnerability in raphaelheide Donate Me donate-me allows Stored XSS.This issue affects Donate Me: from n/a through <= 1.2.5. |
| A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of danswer-ai/danswer allows attackers to perform unauthorized actions in the context of the victim's browser. This includes connecting the victim's application with a malicious Slack Bot, inviting users, and deleting chats, among other actions. The application does not implement any CSRF protection, making it susceptible to these attacks. |
| Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack. |
| Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through 1.1.5. |
| Cross-Site Request Forgery (CSRF) vulnerability in hogash KALLYAS kallyas allows Cross Site Request Forgery.This issue affects KALLYAS: from n/a through < 4.25.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in progpars.net mybb Last Topics mybb-last-topics allows Stored XSS.This issue affects mybb Last Topics: from n/a through <= 1.0. |
| The Posts Navigation Links for Sections and Headings – Free by WP Masters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'wpm_navigation_links_settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Cross Site Request Forgery.This issue affects NetInsight Analytics Implementation Plugin: from n/a through <= 1.0.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in Shafaet Alam Attire Blocks attire-blocks allows Cross Site Request Forgery.This issue affects Attire Blocks: from n/a through <= 1.9.6. |
| Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN NewsmanApp newsmanapp allows Stored XSS.This issue affects NewsmanApp: from n/a through <= 2.7.7. |
| Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager allows Cross Site Request Forgery.This issue affects WP Job Manager: from n/a through 2.0.0. |
| The News Wall plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the nwap_newslist_page() function. This makes it possible for unauthenticated attackers to update the plugin's settings and modify news lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| Cross-Site Request Forgery (CSRF) vulnerability in yonifre Lenix scss compiler lenix-scss-compiler allows Cross Site Request Forgery.This issue affects Lenix scss compiler: from n/a through <= 1.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in coderscom WP Odoo Form Integrator wp-odoo-form-integrator allows Stored XSS.This issue affects WP Odoo Form Integrator: from n/a through <= 1.1.0. |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager. |
| Cross-Site Request Forgery (CSRF) vulnerability in krolow Twitter Post twitterpost allows Stored XSS.This issue affects Twitter Post: from n/a through <= 0.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson WP GoToWebinar allows Cross-Site Scripting (XSS).This issue affects WP GoToWebinar: from n/a through 15.7. |
| Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Emergency Password Reset emergency-password-reset allows Cross Site Request Forgery.This issue affects Emergency Password Reset: from n/a through <= 9.3. |
