Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2024-20421 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. | 6.5 |
| 2024-10-16 | CVE-2020-36839 | The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. | 8.3 |
| 2024-10-16 | CVE-2024-8507 | Cross-Site Request Forgery (CSRF) vulnerability in Filemanagerpro File Manager The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. | 8.8 |
| 2024-10-16 | CVE-2024-9649 | Cross-Site Request Forgery (CSRF) vulnerability in Wpulike WP Ulike The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. | 4.3 |
| 2024-10-16 | CVE-2024-49340 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Watson Studio Local 1.2.3 IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2024-10-14 | CVE-2024-45737 | Cross-Site Request Forgery (CSRF) vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF). | 3.5 |
| 2024-10-13 | CVE-2024-6959 | Cross-Site Request Forgery (CSRF) vulnerability in Lollms web UI 9.8 A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. | 7.1 |
| 2024-10-12 | CVE-2024-9778 | Cross-Site Request Forgery (CSRF) vulnerability in Getbutterfly Imagepress The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. | 4.3 |
| 2024-10-12 | CVE-2024-9592 | The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. | 6.1 |
| 2024-10-10 | CVE-2024-8477 | Cross-Site Request Forgery (CSRF) vulnerability in Brevo Newsletter, Smtp, Email Marketing and Subscribe The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. | 4.3 |