Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-29 | CVE-2023-7074 | Cross-Site Request Forgery (CSRF) vulnerability in Giovambattistafazioli WP Social Bookmark Menu 1.2 The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 8.8 |
| 2024-01-27 | CVE-2024-0667 | Cross-Site Request Forgery (CSRF) vulnerability in 10Web Form Maker The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. | 6.3 |
| 2024-01-25 | CVE-2024-0880 | Cross-Site Request Forgery (CSRF) vulnerability in 100296 Qdbcrm 1.1.0 A vulnerability was found in Qidianbang qdbcrm 1.1.0 and classified as problematic. | 8.8 |
| 2024-01-25 | CVE-2024-0624 | Cross-Site Request Forgery (CSRF) vulnerability in Strangerstudios Paid Memberships PRO The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. | 5.3 |
| 2024-01-24 | CVE-2024-23902 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Branch Source A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL. | 4.3 |
| 2024-01-22 | CVE-2023-6625 | Cross-Site Request Forgery (CSRF) vulnerability in Gravitymaster Product Enquiry for Woocommerce 3.0 The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack | 4.3 |
| 2024-01-20 | CVE-2024-0623 | Cross-Site Request Forgery (CSRF) vulnerability in Vektor-Inc VK Block Patterns The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. | 4.3 |
| 2024-01-20 | CVE-2023-47024 | Cross-Site Request Forgery (CSRF) vulnerability in Ncratleos Terminal Handler 1.5.1 Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. | 8.8 |
| 2024-01-19 | CVE-2023-47718 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2024-01-19 | CVE-2024-22424 | Cross-Site Request Forgery (CSRF) vulnerability in Linuxfoundation Argo-Cd Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. | 8.3 |