Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2024-09-08 CVE-2024-6856 Cross-Site Request Forgery (CSRF) vulnerability in Ngothang WP Multitasking
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
network
low complexity
ngothang CWE-352
4.3
2024-09-08 CVE-2024-6925 Cross-Site Request Forgery (CSRF) vulnerability in Themetechmount Truebooker
The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
network
low complexity
themetechmount CWE-352
4.3
2024-09-04 CVE-2024-8414 Cross-Site Request Forgery (CSRF) vulnerability in Munyweki Insurance Management System 1.0
A vulnerability has been found in SourceCodester Insurance Management System 1.0 and classified as problematic.
network
low complexity
munyweki CWE-352
4.3
2024-09-02 CVE-2024-7690 Cross-Site Request Forgery (CSRF) vulnerability in Digireturn DN Popup
The DN Popup WordPress plugin through 1.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
network
low complexity
digireturn CWE-352
4.3
2024-09-02 CVE-2024-45269 Cross-Site Request Forgery (CSRF) vulnerability in Majeedraza Carousel Slider
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature.
network
low complexity
majeedraza CWE-352
4.3
2024-09-02 CVE-2024-45270 Cross-Site Request Forgery (CSRF) vulnerability in Majeedraza Carousel Slider
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature.
network
low complexity
majeedraza CWE-352
4.3
2024-08-30 CVE-2024-8319 Cross-Site Request Forgery (CSRF) vulnerability in Themeific Tourfic
The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20.
network
low complexity
themeific CWE-352
4.3
2024-08-29 CVE-2024-43947 Cross-Site Request Forgery (CSRF) vulnerability in Dineshkarki WP Armour Extended
Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.
network
low complexity
dineshkarki CWE-352
4.3
2024-08-28 CVE-2024-42793 Cross-Site Request Forgery (CSRF) vulnerability in Lopalopa Music Management System 1.0
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.
network
low complexity
lopalopa CWE-352
8.0
2024-08-27 CVE-2024-45264 Cross-Site Request Forgery (CSRF) vulnerability in Skyss Arfa-Cms
A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges.
network
low complexity
skyss CWE-352
8.8