Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2024-10-22 CVE-2024-26271 Cross-Site Request Forgery (CSRF) vulnerability in Liferay Digital Experience Platform and Liferay Portal
Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the _com_liferay_my_account_web_portlet_MyAccountPortlet_backURL parameter.
network
low complexity
liferay CWE-352
8.8
2024-10-22 CVE-2024-26272 Cross-Site Request Forgery (CSRF) vulnerability in Liferay Digital Experience Platform and Liferay Portal
Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the p_l_back_url parameter.
network
low complexity
liferay CWE-352
8.8
2024-10-22 CVE-2024-26273 Cross-Site Request Forgery (CSRF) vulnerability in Liferay Digital Experience Platform and Liferay Portal
Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 update 29 through update 35 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the _com_liferay_commerce_catalog_web_internal_portlet_CommerceCatalogsPortlet_redirect parameter.
network
low complexity
liferay CWE-352
8.8
2024-10-22 CVE-2024-8980 Cross-Site Request Forgery (CSRF) vulnerability in Liferay Digital Experience Platform and Liferay Portal
The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently protect against Cross-Site Request Forgery (CSRF) attacks, which allows remote attackers to execute arbitrary Groovy script via a crafted URL or a XSS vulnerability.
network
low complexity
liferay CWE-352
6.1
2024-10-22 CVE-2024-9588 Cross-Site Request Forgery (CSRF) vulnerability in Aftabhusain Category and Taxonomy Meta Fields
The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0.
network
low complexity
aftabhusain CWE-352
5.4
2024-10-21 CVE-2024-43945 Cross-Site Request Forgery (CSRF) vulnerability in Latepoint
Cross-Site Request Forgery (CSRF) vulnerability in Latepoint LatePoint allows Cross Site Request Forgery.This issue affects LatePoint: from n/a through 4.9.91.
network
low complexity
latepoint CWE-352
8.8
2024-10-20 CVE-2024-47634 Cross-Site Request Forgery (CSRF) vulnerability in Majas-Lapu-Izstrade Cartbounty
Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty – Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a through 8.2.
network
low complexity
majas-lapu-izstrade CWE-352
critical
9.8
2024-10-20 CVE-2024-49250 Cross-Site Request Forgery (CSRF) vulnerability in Dublue Table of Contents Plus
Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through 2408.
network
low complexity
dublue CWE-352
8.8
2024-10-20 CVE-2024-49272 Cross-Site Request Forgery (CSRF) vulnerability in Wpwebinfotech Social Auto Poster
Cross-Site Request Forgery (CSRF) vulnerability in WPWeb Social Auto Poster allows Cross Site Request Forgery.This issue affects Social Auto Poster: from n/a through 5.3.15.
network
low complexity
wpwebinfotech CWE-352
8.8
2024-10-20 CVE-2024-49274 Cross-Site Request Forgery (CSRF) vulnerability in Infomaniak VOD Infomaniak
Cross-Site Request Forgery (CSRF) vulnerability in Infomaniak Staff VOD Infomaniak allows Cross Site Request Forgery.This issue affects VOD Infomaniak: from n/a through 1.5.7.
network
low complexity
infomaniak CWE-352
8.8