Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2024-01-11 CVE-2023-4248 Cross-Site Request Forgery (CSRF) vulnerability in Givewp
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3.
network
low complexity
givewp CWE-352
4.3
4.3
2024-01-11 CVE-2023-7048 Cross-Site Request Forgery (CSRF) vulnerability in Premio MY Sticky BAR
The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6.
network
low complexity
premio CWE-352
4.3
4.3
2024-01-11 CVE-2023-6520 Cross-Site Request Forgery (CSRF) vulnerability in Melapress WP 2FA
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0.
network
low complexity
melapress CWE-352
4.3
4.3
2024-01-10 CVE-2023-48258 Cross-Site Request Forgery (CSRF) vulnerability in Bosch Nexo-Os 1000/1500Sp2
The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session.
network
low complexity
bosch CWE-352
8.1
8.1
2024-01-10 CVE-2023-5455 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.
network
low complexity
freeipa fedoraproject redhat CWE-352
6.5
6.5
2024-01-09 CVE-2023-50930 Cross-Site Request Forgery (CSRF) vulnerability in Savignano S-Notify
An issue was discovered in savignano S/Notify before 4.0.2 for Jira.
network
low complexity
savignano CWE-352
7.1
7.1
2024-01-09 CVE-2023-50931 Cross-Site Request Forgery (CSRF) vulnerability in Savignano S/Notify
An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket.
network
low complexity
savignano CWE-352
7.1
7.1
2024-01-09 CVE-2023-50932 Cross-Site Request Forgery (CSRF) vulnerability in Savignano S/Notify
An issue was discovered in savignano S/Notify before 4.0.2 for Confluence.
network
low complexity
savignano CWE-352
7.1
7.1
2024-01-09 CVE-2023-6788 Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Metform Elementor Contact Form Builder
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1.
network
low complexity
wpmet CWE-352
5.4
5.4
2024-01-08 CVE-2023-52072 Cross-Site Request Forgery (CSRF) vulnerability in Flycms Project Flycms 1.0
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte.
network
low complexity
flycms-project CWE-352
8.8
8.8