Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2024-09-10 CVE-2023-2919 The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4.
network
low complexity
CWE-352
4.3
2024-09-08 CVE-2024-6852 The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
network
low complexity
CWE-352
4.3
2024-09-08 CVE-2024-6853 The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack
network
low complexity
CWE-352
4.3
2024-09-08 CVE-2024-6855 The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack
network
low complexity
CWE-352
4.3
2024-09-08 CVE-2024-6856 The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
network
low complexity
CWE-352
4.3
2024-09-08 CVE-2024-6925 The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
network
low complexity
CWE-352
4.3
2024-09-04 CVE-2024-8414 Cross-Site Request Forgery (CSRF) vulnerability in Munyweki Insurance Management System 1.0
A vulnerability has been found in SourceCodester Insurance Management System 1.0 and classified as problematic.
network
low complexity
munyweki CWE-352
4.3
2024-09-02 CVE-2024-45269 Cross-Site Request Forgery (CSRF) vulnerability in Majeedraza Carousel Slider
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature.
network
low complexity
majeedraza CWE-352
4.3
2024-09-02 CVE-2024-45270 Cross-Site Request Forgery (CSRF) vulnerability in Majeedraza Carousel Slider
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature.
network
low complexity
majeedraza CWE-352
4.3
2024-08-30 CVE-2024-8319 Cross-Site Request Forgery (CSRF) vulnerability in Themeific Tourfic
The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20.
network
low complexity
themeific CWE-352
4.3