Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-02 | CVE-2024-5767 | Cross-Site Request Forgery (CSRF) vulnerability in Sitetweet Project Sitetweet The sitetweet WordPress plugin through 0.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | 8.8 |
| 2024-07-01 | CVE-2024-23737 | Cross-Site Request Forgery (CSRF) vulnerability in Savignano S-Notify Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email. | 5.4 |
| 2024-06-29 | CVE-2024-6405 | Cross-Site Request Forgery (CSRF) vulnerability in Varniinfotech Floating Social Buttons The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. | 5.4 |
| 2024-06-24 | CVE-2021-45785 | Cross-Site Request Forgery (CSRF) vulnerability in Trudesk Project Trudesk 1.1.11 TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. | 6.5 |
| 2024-06-22 | CVE-2024-3593 | Cross-Site Request Forgery (CSRF) vulnerability in Sevenspark Ubermenu 3.8.3 The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. | 5.4 |
| 2024-06-21 | CVE-2024-37118 | Cross-Site Request Forgery (CSRF) vulnerability in Uncannyowl Uncanny Automator Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through 5.3. | 8.8 |
| 2024-06-21 | CVE-2024-37198 | Cross-Site Request Forgery (CSRF) vulnerability in Blazethemes Digital Newspaper Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through 1.1.5. | 8.8 |
| 2024-06-21 | CVE-2024-37227 | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7. | 8.8 |
| 2024-06-21 | CVE-2024-4382 | Cross-Site Request Forgery (CSRF) vulnerability in Wielebenwir Commonsbooking The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks | 6.5 |
| 2024-06-21 | CVE-2024-4474 | Cross-Site Request Forgery (CSRF) vulnerability in Onetarek WP Logs Book 1.0.1 The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 4.3 |