CVE-2024-56310

REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and...

PT-2024-36782 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap versions 14.9.6 through 15.0.0 Description: The issue is related to a security flaw in the Notes section of calendar events in REDCap, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring...

CVE-2024-11607

CVE-2024-11607 affects the WordPress plugin “GTPayment Donations” (versions up to 1.0.0). The vulnerability arises from missing CSRF checks in some areas and insufficient sanitisation/escaping, which could allow a logged-in administrator to inject a Stored XSS payload via a CSRF attack. Several c...

CVE-2024-54424

CVE-2024-54424 is a stored XSS in the WordPress plugin “Like in Vk.com.” The vulnerability arises from Improper Neutralization of Input During Web Page Generation, enabling stored cross-site scripting. Affected: Like in Vk.com from unspecified earliest version up to 0.5.2. The CVSSv3.1 base score...

CVE-2024-10480

The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-10480

CVE-2024-10480 affects the 3DPrint Lite WordPress plugin prior to 2.1. The issue is a missing CSRF check when updating plugin settings, enabling a logged-in attacker to change settings via CSRF. The Red Hat/NVD entries describe the same flaw and patch in version 2.1 or later. Impact is limited to...

CVE-2024-10480 3DPrint Lite < 2.1 - Settings Update via CSRF

The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

PT-2024-16308 · WordPress · 3Dprint Lite

Name of the Vulnerable Software and Affected Versions: 3DPrint Lite WordPress plugin versions prior to 2.1 Description: The issue is related to a lack of CSRF check when updating settings in the 3DPrint Lite WordPress plugin. This could allow attackers to make a logged-in admin change settings vi...

CVE-2024-8157

The Alphabetical List WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-5029

The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5030

The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

CVE-2024-5030

The CVE-2024-5030 affects CM Table Of Contents – WordPress TOC Plugin up to version 1.2.3. It lacks CSRF protection when resetting settings, potentially allowing a logged-in attacker to perform a settings reset via CSRF. Red Hat and Patchstack confirm the issue and indicate the fix is in version ...

CVE-2024-51485

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change...

CVE-2024-51484

CVE-2024-51484 concerns Ampache, a web-based audio/video streaming app. The issue is in how the platform validates CSRF tokens during activation/deactivation of controllers: the token parsing/validation path does not properly secure these state-changing requests, enabling CSRF-style abuse to togg...

CVE-2024-51487 Insufficient Validation in Catalog (Activation/Deactivation) in Ampache

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change...

CVE-2024-51489

Ampache (web-based audio/video streaming app and file manager) is affected by an insufficient CSRF token validation in its messaging feature. The root cause is the current token parsing/validation logic not adequately validating CSRF tokens when users send messages to one another, enabling potent...

CVE-2019-20460

Affects Epson Expression Home XP255 20.08.FM10I8. Root cause: POST to RAW printer interface lacks CSRF validation, enabling CSRF attacks to send text to the RAW interface and potentially print unwanted content. Impact is described as high (C/H/I/A) per CVSS 3.1. Remediation available in connected...

CVE-2024-9689

The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack...

PT-2024-34156 · Webfeed · Webfeed

Name of the Vulnerable Software and Affected Versions: WebFeed versions prior to 0.9.2 Description: The issue concerns multiple HTML injection vulnerabilities that can lead to CSRF and UI spoofing attacks. A remote attacker can provide malicious RSS feeds, attracting the victim user to visit them...

Fortinet Fortigate ['CSRF'] (FG-IR-20-158)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-20-158 advisory. - An insufficient verification of data authenticity vulnerability CWE-345 in the user interface of FortiProxy verison 2.0.3 a...