Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-50466 | Cross-Site Request Forgery (CSRF) vulnerability in Darkmysite Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite – Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite – Advanced Dark Mode Plugin for WordPress: from n/a through 1.2.8. | 8.8 |
| 2024-10-29 | CVE-2024-9990 | Cross-Site Request Forgery (CSRF) vulnerability in Odude Crypto Tool The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. | 8.8 |
| 2024-10-29 | CVE-2024-6673 | Cross-Site Request Forgery (CSRF) vulnerability in Lollms web UI A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. | 6.5 |
| 2024-10-29 | CVE-2024-49672 | Cross-Site Request Forgery (CSRF) vulnerability in Google Docs Rsvp Project Google Docs Rsvp Cross-Site Request Forgery (CSRF) vulnerability in Gifford Cheung, Brian Watanabe, Chongsun Ahn Google Docs RSVP allows Stored XSS.This issue affects Google Docs RSVP: from n/a through 2.0.1. | 6.1 |
| 2024-10-29 | CVE-2024-46872 | Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Server Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks | 4.6 |
| 2024-10-28 | CVE-2024-10448 | Cross-Site Request Forgery (CSRF) vulnerability in Fabianros Blood Bank Management System 1.0 A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. | 6.5 |
| 2024-10-24 | CVE-2024-47879 | Cross-Site Request Forgery (CSRF) vulnerability in Openrefine OpenRefine is a free, open source tool for working with messy data. | 8.8 |
| 2024-10-24 | CVE-2024-9943 | The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. | 6.3 |
| 2024-10-23 | CVE-2024-10045 | Cross-Site Request Forgery (CSRF) vulnerability in Wpbeginner Transients Manager The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. | 4.3 |
| 2024-10-22 | CVE-2024-26271 | Cross-Site Request Forgery (CSRF) vulnerability in Liferay Digital Experience Platform and Liferay Portal Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the _com_liferay_my_account_web_portlet_MyAccountPortlet_backURL parameter. | 8.8 |