CVE-2024-20486

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF...

CVE-2024-20486

CVE-2024-20486 concerns Cisco Identity Services Engine (ISE) – CSRF vulnerability in the web-based management interface. An unauthenticated, remote attacker can lure a logged-in user to follow a crafted link, potentially executing arbitrary actions on the device with the privileges of the targete...

CVE-2024-6508

The CVE-2024-6508 issue affects OpenShift Console (OAuth2) where insufficient entropy in the state parameter enables CSRF, potentially allowing login with a third-party account. Connected Red Hat advisories (RHSA) for OpenShift 4.x note this CVE is addressed by security updates in multiple releas...

CVE-2024-42584

A Cross-Site Request Forgery CSRF in the component deleteproduct.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges...

CVE-2024-6508

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s...

WordPress MapFig Studio 0.2.1 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

WordPress MapFig Studio plugin versions 0.2.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities. Exploit Title: MapFig Studio alert1" / alert1" / history.pushState'', '', '/'; document.forms0.submit;...

U.S. Dept Of Defense: CSRF Attack leads to delete album at

The CSRF vulnerability was discovered in the media gallery feature of the DoD asset www.████████. The vulnerability allowed an attacker to delete albums without CSRF verification, as the delete request was based on a GET request. This could have led to the deletion of users' albums...

FrogCms 安全漏洞

FrogCMS is a lightweight PHP content management system A cross-site request forgery vulnerability exists in FrogCms version v0.9.5, which stems from /admin/? /snippet/delete/3 does not adequately verify that the request is from a trusted user. The vulnerability can be exploited by an attacker to...

CVE-2024-5081

The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5081 WP eMember <= v10.7.0 - Stored XSS via CSRF

The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-6496 Light Poll <= 1.0.0 - Polls Deletion via CSRF

The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks when deleting polls, which could allow attackers to make logged in users perform such action via a CSRF attack...

PT-2024-37670 · WordPress · Light Poll Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Light Poll WordPress plugin versions through 1.0.0 Description: The issue concerns a lack of CSRF checks when deleting polls, which could allow attackers to make logged-in users perform such actions via a CSRF attack. Recommendations: For...

CVE-2024-6230

CVE-2024-6230 refers to the WordPress plugin Pardakht Delkhah, affected up to version 2.9.8. The connected documents confirm a lack of CSRF protection in the plugin’s form reset action, which could allow an attacker to cause a logged-in admin to execute a reset via a CSRF attack. The vulnerabilit...

PT-2024-37464 · WordPress · Send Email Only On Reply To My Comment

Name of the Vulnerable Software and Affected Versions: Send email only on Reply to My Comment WordPress plugin versions 1.0.0 through 1.0.6 Description: The issue concerns the lack of CSRF checks in certain areas and missing sanitization as well as escaping. This could allow attackers to make...

CVE-2024-5285 WP Affiliate Platform < 6.5.2 - Affiliate Deletion via CSRF

The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack...

CVE-2024-5033

The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5284 WP Affiliate Platform < 6.5.1 - Stored XSS via CSRF

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5280 WP Affiliate Platform < 6.5.1 - POST Reflected XSS

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF attack...

CVE-2024-5077 WP eMember < 10.6.6 - Stored XSS in Blacklist via CSRF

The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5077

The CVE-2024-5077 entry concerns the wp-eMember WordPress plugin prior to 10.6.6, which lacks CSRF checks in certain areas and is missing sanitisation and escaping. This could allow a logged-in admin to inject Stored XSS payloads via a CSRF attack. Affected software: wp-eMember