Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-17 | CVE-2024-49237 | Cross-Site Request Forgery (CSRF) vulnerability in Ahmetimamoglu Ahmeti WP Timeline Cross-Site Request Forgery (CSRF) vulnerability in Ahmet Imamoglu Ahmeti Wp Timeline allows Stored XSS.This issue affects Ahmeti Wp Timeline: from n/a through 5.1. | 6.1 |
| 2024-10-17 | CVE-2024-9351 | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. | 4.3 |
| 2024-10-17 | CVE-2024-9352 | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. | 4.3 |
| 2024-10-16 | CVE-2024-20421 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. | 6.5 |
| 2024-10-16 | CVE-2024-45693 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Cloudstack Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. | 8.8 |
| 2024-10-16 | CVE-2020-36839 | The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. | 8.3 |
| 2024-10-16 | CVE-2024-8507 | Cross-Site Request Forgery (CSRF) vulnerability in Filemanagerpro File Manager The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. | 8.8 |
| 2024-10-16 | CVE-2024-9649 | The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. | 4.3 |
| 2024-10-16 | CVE-2024-49340 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Watson Studio Local 1.2.3 IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2024-10-14 | CVE-2024-45737 | Cross-Site Request Forgery (CSRF) vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF). | 3.5 |