Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-50466 Cross-Site Request Forgery (CSRF) vulnerability in Darkmysite
Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite – Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite – Advanced Dark Mode Plugin for WordPress: from n/a through 1.2.8.
network
low complexity
darkmysite CWE-352
8.8
2024-10-29 CVE-2024-9990 Cross-Site Request Forgery (CSRF) vulnerability in Odude Crypto Tool
The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15.
network
low complexity
odude CWE-352
8.8
2024-10-29 CVE-2024-6673 Cross-Site Request Forgery (CSRF) vulnerability in Lollms web UI
A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest.
network
low complexity
lollms CWE-352
6.5
2024-10-29 CVE-2024-49672 Cross-Site Request Forgery (CSRF) vulnerability in Google Docs Rsvp Project Google Docs Rsvp
Cross-Site Request Forgery (CSRF) vulnerability in Gifford Cheung, Brian Watanabe, Chongsun Ahn Google Docs RSVP allows Stored XSS.This issue affects Google Docs RSVP: from n/a through 2.0.1.
network
low complexity
google-docs-rsvp-project CWE-352
6.1
2024-10-29 CVE-2024-46872 Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Server
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks
network
low complexity
mattermost CWE-352
4.6
2024-10-28 CVE-2024-10448 Cross-Site Request Forgery (CSRF) vulnerability in Fabianros Blood Bank Management System 1.0
A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0.
network
low complexity
fabianros CWE-352
6.5
2024-10-25 CVE-2024-9598 The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1.
network
low complexity
CWE-352
8.8
2024-10-24 CVE-2024-47879 Cross-Site Request Forgery (CSRF) vulnerability in Openrefine
OpenRefine is a free, open source tool for working with messy data.
network
low complexity
openrefine CWE-352
8.8
2024-10-24 CVE-2024-9943 The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4.
network
low complexity
CWE-352
6.3
2024-10-23 CVE-2024-10045 Cross-Site Request Forgery (CSRF) vulnerability in Wpbeginner Transients Manager
The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6.
network
low complexity
wpbeginner CWE-352
4.3