Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2024-08-26 CVE-2024-43356 Cross-Site Request Forgery (CSRF) vulnerability in Bobbingwide OIK
Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide.This issue affects oik: from n/a through 4.12.0.
network
low complexity
bobbingwide CWE-352
4.3
2024-08-26 CVE-2024-42792 Cross-Site Request Forgery (CSRF) vulnerability in Lopalopa Music Management System 1.0
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page.
network
low complexity
lopalopa CWE-352
3.5
2024-08-24 CVE-2024-8120 Cross-Site Request Forgery (CSRF) vulnerability in Imagerecycle PDF & Image Compression
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14.
network
low complexity
imagerecycle CWE-352
4.3
2024-08-24 CVE-2024-7568 Cross-Site Request Forgery (CSRF) vulnerability in Pixeljar Favicon Generator
The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.
network
low complexity
pixeljar CWE-352
8.1
2024-08-22 CVE-2024-39744 Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling Connect Direct web Services
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
4.3
2024-08-22 CVE-2024-40886 Cross-Site Request Forgery (CSRF) vulnerability in Mattermost
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console.
network
low complexity
mattermost CWE-352
8.8
2024-08-21 CVE-2024-7647 Cross-Site Request Forgery (CSRF) vulnerability in Otasync OTA Sync Booking Engine Widget
The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7.
network
low complexity
otasync CWE-352
6.1
2024-08-20 CVE-2024-42603 Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall
network
low complexity
pligg CWE-352
8.8
2024-08-20 CVE-2024-42604 Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3
network
low complexity
pligg CWE-352
8.8
2024-08-20 CVE-2024-42605 Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1
network
low complexity
pligg CWE-352
8.8