Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-03 | CVE-2024-4543 | Cross-Site Request Forgery (CSRF) vulnerability in Yeken Snippet Shortcodes The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. | 4.3 |
| 2024-07-02 | CVE-2024-5767 | Cross-Site Request Forgery (CSRF) vulnerability in Sitetweet Project Sitetweet The sitetweet WordPress plugin through 0.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | 8.8 |
| 2024-07-01 | CVE-2024-23737 | Cross-Site Request Forgery (CSRF) vulnerability in Savignano S-Notify Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email. | 5.4 |
| 2024-06-30 | CVE-2024-31902 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2024-06-29 | CVE-2024-6405 | Cross-Site Request Forgery (CSRF) vulnerability in Varniinfotech Floating Social Buttons The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. | 5.4 |
| 2024-06-27 | CVE-2024-5935 | Cross-Site Request Forgery (CSRF) vulnerability in Zylon Privategpt 0.5.0 A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. | 8.1 |
| 2024-06-24 | CVE-2021-45785 | Cross-Site Request Forgery (CSRF) vulnerability in Trudesk Project Trudesk 1.1.11 TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. | 6.5 |
| 2024-06-24 | CVE-2024-4499 | Cross-Site Request Forgery (CSRF) vulnerability in Lollms 9.6 A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. | 6.3 |
| 2024-06-22 | CVE-2024-3593 | Cross-Site Request Forgery (CSRF) vulnerability in Sevenspark Ubermenu 3.8.3 The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. | 5.4 |
| 2024-06-21 | CVE-2024-37118 | Cross-Site Request Forgery (CSRF) vulnerability in Uncannyowl Uncanny Automator Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through 5.3. | 8.8 |