Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2024-02-28 CVE-2024-0432 Cross-Site Request Forgery (CSRF) vulnerability in Fabrick Gestpay for Woocommerce
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130.
network
low complexity
fabrick CWE-352
4.3
4.3
2024-02-28 CVE-2024-0433 Cross-Site Request Forgery (CSRF) vulnerability in Fabrick Gestpay for Woocommerce
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130.
network
low complexity
fabrick CWE-352
4.3
4.3
2024-02-28 CVE-2024-1943 Cross-Site Request Forgery (CSRF) vulnerability in Wpmoose Yuki
The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14.
network
low complexity
wpmoose CWE-352
4.3
4.3
2024-02-23 CVE-2024-1360 Cross-Site Request Forgery (CSRF) vulnerability in Colibriwp Colibri
The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94.
network
low complexity
colibriwp CWE-352
4.3
4.3
2024-02-23 CVE-2024-1777 Cross-Site Request Forgery (CSRF) vulnerability in Zestard Admin Side Data Storage for Contact Form 7 1.0.0/1.1.0/1.1.1
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1.
network
low complexity
zestard CWE-352
4.3
4.3
2024-02-22 CVE-2024-26350 Cross-Site Request Forgery (CSRF) vulnerability in Flusity 2.33
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_contact_form_settings.php
network
low complexity
flusity CWE-352
8.8
8.8
2024-02-20 CVE-2023-47635 Cross-Site Request Forgery (CSRF) vulnerability in Decidim
Decidim is a participatory democracy framework.
network
low complexity
decidim CWE-352
5.7
5.7
2024-02-19 CVE-2024-25982 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.
network
low complexity
moodle fedoraproject CWE-352
8.8
8.8
2024-02-14 CVE-2024-23785 Cross-Site Request Forgery (CSRF) vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware
Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings.
network
low complexity
sharp CWE-352
6.5
6.5
2024-02-13 CVE-2023-52431 Cross-Site Request Forgery (CSRF) vulnerability in Plack::Middleware::Xsrfblock Project Plack::Middleware::Xsrfblock
The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled).
network
low complexity
plack CWE-352
8.8
8.8