Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-26 | CVE-2024-43340 | Cross-Site Request Forgery (CSRF) vulnerability in Advancedformintegration Advanced Form Integration Cross-Site Request Forgery (CSRF) vulnerability in Nasirahmed Advanced Form Integration.This issue affects Advanced Form Integration: from n/a through 1.89.4. | 4.3 |
| 2024-08-26 | CVE-2024-43356 | Cross-Site Request Forgery (CSRF) vulnerability in Bobbingwide OIK Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide.This issue affects oik: from n/a through 4.12.0. | 4.3 |
| 2024-08-26 | CVE-2024-42792 | Cross-Site Request Forgery (CSRF) vulnerability in Lopalopa Music Management System 1.0 A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page. | 3.5 |
| 2024-08-24 | CVE-2024-8120 | Cross-Site Request Forgery (CSRF) vulnerability in Imagerecycle PDF & Image Compression The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14. | 4.3 |
| 2024-08-24 | CVE-2024-7568 | Cross-Site Request Forgery (CSRF) vulnerability in Pixeljar Favicon Generator The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. | 8.1 |
| 2024-08-22 | CVE-2024-39744 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling Connect Direct web Services IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2024-08-22 | CVE-2024-40886 | Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console. | 8.8 |
| 2024-08-21 | CVE-2024-7647 | Cross-Site Request Forgery (CSRF) vulnerability in Otasync OTA Sync Booking Engine Widget The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. | 6.1 |
| 2024-08-20 | CVE-2024-42603 | Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall | 8.8 |
| 2024-08-20 | CVE-2024-42604 | Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3 | 8.8 |