Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-22290 | Cross-Site Request Forgery (CSRF) vulnerability in Custom Dashboard Widgets Project Custom Dashboard Widgets 1.3.1 Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting (XSS).This issue affects Custom Dashboard Widgets: from n/a through 1.3.1. | 8.8 |
| 2024-01-30 | CVE-2024-22643 | Cross-Site Request Forgery (CSRF) vulnerability in Seopanel SEO Panel 4.10.0 A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets. | 6.5 |
| 2024-01-30 | CVE-2023-51813 | Cross-Site Request Forgery (CSRF) vulnerability in Free and Open Source Inventory Management System Project Free and Open Source Inventory Management System 1.0 Cross Site Request Forgery (CSRF) vulnerability in Free Open-Source Inventory Management System v.1.0 allows a remote attacker to execute arbitrary code via the staff_list parameter in the index.php component. | 6.5 |
| 2024-01-29 | CVE-2023-6390 | Cross-Site Request Forgery (CSRF) vulnerability in Jonathonkemp Wordpress Users 1.4.0 The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 8.8 |
| 2024-01-29 | CVE-2023-6391 | Cross-Site Request Forgery (CSRF) vulnerability in Jeremiahorem Custom User CSS 0.2 The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 8.8 |
| 2024-01-29 | CVE-2023-6503 | Cross-Site Request Forgery (CSRF) vulnerability in Paulgriffinpetty WP Plugin Lister 2.1.0 The WP Plugin Lister WordPress plugin through 2.1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 5.4 |
| 2024-01-29 | CVE-2023-6633 | Cross-Site Request Forgery (CSRF) vulnerability in Sidenotesproject Side Notes 2.0.0 The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks | 4.3 |
| 2024-01-29 | CVE-2023-6946 | Cross-Site Request Forgery (CSRF) vulnerability in Unalignedcode Autotitle 1.0.3 The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 8.8 |
| 2024-01-29 | CVE-2023-7074 | Cross-Site Request Forgery (CSRF) vulnerability in Giovambattistafazioli WP Social Bookmark Menu 1.2 The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 8.8 |
| 2024-01-27 | CVE-2024-0667 | Cross-Site Request Forgery (CSRF) vulnerability in 10Web Form Maker The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. | 6.3 |