Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2024-07-09 CVE-2024-40039 Cross-Site Request Forgery (CSRF) vulnerability in Idccms Project Idccms 1.35
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del
network
low complexity
idccms-project CWE-352
8.8
8.8
2024-07-07 CVE-2024-40601 Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki
An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1.
network
low complexity
mediawiki CWE-352
6.5
6.5
2024-07-07 CVE-2024-40603 Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki
An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1.
network
low complexity
mediawiki CWE-352
4.3
4.3
2024-07-03 CVE-2024-2040 Cross-Site Request Forgery (CSRF) vulnerability in 2Code Himer
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack
network
low complexity
2code CWE-352
4.3
4.3
2024-07-03 CVE-2024-2233 Cross-Site Request Forgery (CSRF) vulnerability in 2Code Himer
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.
network
low complexity
2code CWE-352
4.3
4.3
2024-07-03 CVE-2024-2235 Cross-Site Request Forgery (CSRF) vulnerability in 2Code Himer
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack
network
low complexity
2code CWE-352
4.3
4.3
2024-07-03 CVE-2024-2376 Cross-Site Request Forgery (CSRF) vulnerability in 2Code Wpqa Builder
The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
network
low complexity
2code CWE-352
8.8
8.8
2024-07-02 CVE-2024-5767 Cross-Site Request Forgery (CSRF) vulnerability in Sitetweet Project Sitetweet
The sitetweet WordPress plugin through 0.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
network
low complexity
sitetweet-project CWE-352
8.8
8.8
2024-07-01 CVE-2024-23737 Cross-Site Request Forgery (CSRF) vulnerability in Savignano S-Notify
Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email.
network
low complexity
savignano CWE-352
5.4
5.4
2024-06-29 CVE-2024-6405 Cross-Site Request Forgery (CSRF) vulnerability in Varniinfotech Floating Social Buttons
The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.
network
low complexity
varniinfotech CWE-352
5.4
5.4