Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2024-09-02 CVE-2024-45270 Cross-Site Request Forgery (CSRF) vulnerability in Majeedraza Carousel Slider
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature.
network
low complexity
majeedraza CWE-352
4.3
2024-08-30 CVE-2024-8319 Cross-Site Request Forgery (CSRF) vulnerability in Themeific Tourfic
The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20.
network
low complexity
themeific CWE-352
4.3
2024-08-29 CVE-2024-43947 Cross-Site Request Forgery (CSRF) vulnerability in Dineshkarki WP Armour Extended
Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.
network
low complexity
dineshkarki CWE-352
4.3
2024-08-28 CVE-2024-42793 Cross-Site Request Forgery (CSRF) vulnerability in Lopalopa Music Management System 1.0
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.
network
low complexity
lopalopa CWE-352
8.0
2024-08-27 CVE-2024-45264 Cross-Site Request Forgery (CSRF) vulnerability in Skyss Arfa-Cms
A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges.
network
low complexity
skyss CWE-352
8.8
2024-08-27 CVE-2024-8200 Cross-Site Request Forgery (CSRF) vulnerability in Smashballoon Reviews Feed
The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2.
network
low complexity
smashballoon CWE-352
4.3
2024-08-26 CVE-2024-39628 Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms
Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6.
network
low complexity
ninjaforms CWE-352
8.8
2024-08-26 CVE-2024-39641 Cross-Site Request Forgery (CSRF) vulnerability in Thimpress Learnpress
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2.
network
low complexity
thimpress CWE-352
8.8
2024-08-26 CVE-2024-39645 Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS
Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.
network
low complexity
themeum CWE-352
8.8
2024-08-26 CVE-2024-39657 Cross-Site Request Forgery (CSRF) vulnerability in Sender
Cross-Site Request Forgery (CSRF) vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce: from n/a through 2.6.18.
network
low complexity
sender CWE-352
8.8