Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-03 | CVE-2023-6984 | Cross-Site Request Forgery (CSRF) vulnerability in Ideabox Powerpack Addons for Elementor The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.13. | 4.3 |
| 2023-12-26 | CVE-2023-46699 | Cross-Site Request Forgery (CSRF) vulnerability in Weseek Growi Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. | 4.3 |
| 2023-12-25 | CVE-2023-48652 | Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. | 4.3 |
| 2023-12-23 | CVE-2023-5961 | Cross-Site Request Forgery (CSRF) vulnerability in Moxa products A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. | 8.8 |
| 2023-12-20 | CVE-2023-6689 | Cross-Site Request Forgery (CSRF) vulnerability in Efacec BCU 500 Firmware 4.07 A successful CSRF attack could force the user to perform state changing requests on the application. | 8.8 |
| 2023-12-19 | CVE-2023-49164 | Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp Ocean Extra Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2. | 8.8 |
| 2023-12-19 | CVE-2023-49006 | Cross-Site Request Forgery (CSRF) vulnerability in PHPsysinfo 3.4.3 Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file. | 6.5 |
| 2023-12-18 | CVE-2023-49760 | Cross-Site Request Forgery (CSRF) vulnerability in Giannopouloskostas Wpsoononlinepage Cross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas WPsoonOnlinePage.This issue affects WPsoonOnlinePage: from n/a through 1.9. | 8.8 |
| 2023-12-18 | CVE-2023-5882 | Cross-Site Request Forgery (CSRF) vulnerability in Soflyy products The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution. | 8.8 |
| 2023-12-18 | CVE-2023-5886 | Cross-Site Request Forgery (CSRF) vulnerability in Soflyy products The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution. | 8.8 |