Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-01 | CVE-2023-28949 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2024-02-15 | CVE-2024-20718 | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6 Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. | 6.5 |
| 2024-02-14 | CVE-2024-23785 | Cross-Site Request Forgery (CSRF) vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings. | 6.5 |
| 2024-02-13 | CVE-2023-52431 | Cross-Site Request Forgery (CSRF) vulnerability in Plack::Middleware::Xsrfblock Project Plack::Middleware::Xsrfblock The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled). | 8.8 |
| 2024-02-13 | CVE-2024-25914 | Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone Smtp Mail 1.2.16 Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20. | 8.8 |
| 2024-02-13 | CVE-2023-52060 | Cross-Site Request Forgery (CSRF) vulnerability in Gestsup A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request. | 4.3 |
| 2024-02-12 | CVE-2023-6499 | Cross-Site Request Forgery (CSRF) vulnerability in Calenfretts Lastunes The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | 5.4 |
| 2024-02-12 | CVE-2023-6501 | Cross-Site Request Forgery (CSRF) vulnerability in Cochinoman Splashscreen The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 4.3 |
| 2024-02-12 | CVE-2024-24875 | Cross-Site Request Forgery (CSRF) vulnerability in Ylefebvre Link Library Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Link Library.This issue affects Link Library: from n/a through 7.5.13. | 8.8 |
| 2024-02-12 | CVE-2024-24884 | Cross-Site Request Forgery (CSRF) vulnerability in Ari-Soft Contact Form 7 Connector Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector.This issue affects Contact Form 7 Connector: from n/a through 1.2.2. | 8.8 |