CVE-2024-3971

The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...

CVE-2024-4751

CVE-2024-4751 relates to the WP Prayer II WordPress plugin (

CVE-2024-3971 Similarity <= 3.0 - Plugin Reset via CSRF

The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...

CVE-2024-3972

CVE-2024-3972 concerns the WordPress “Similarity” plugin (through version 3.0). The connected sources confirm: (1) lack of CSRF protection in several places, (2) missing sanitisation and escaping, enabling a logged-in admin to store XSS payloads via CSRF. This is described as Stored XSS via CSRF ...

CVE-2024-3971

The CVE CVE-2024-3971 concerns the Similarity WordPress plugin (

CVE-2024-3972 Similarity <= 3.0 - Stored XSS via CSRF

The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-3965

CVE-2024-3965 affects the Pray For Me WordPress plugin (&lt;= 1.0.4). Public details confirm the issue is a CSRF gap when updating plugin settings, which could allow a logged-in admin to change settings via a CSRF attack. The CVE entry notes no public exploit details beyond this description, and ...

RHEL 5 : firefox (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Mozilla: Malicious Extension could obtain auth codes from OAuth login flows CVE-2020-6823 - Mozilla Firef...

WP Logs Book <= 1.0.1 - Log Clearing via CSRF

Description The plugin does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack PoC Make an admin open an HTML file containing: Note: The 404 Error Logs can also be cleared by modifying the PoC...

Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF

Description The plugin does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack PoC This PoC disables the User Registration widget. To do so, make a logged in admin open an HTML file containing:...

CVE-2024-4534

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-4534 KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-4534

CVE-2024-4534 affects KKProgressbar2 Free WordPress plugin (versions

PT-2024-31575 · WordPress · Kkprogressbar2 Free

Name of the Vulnerable Software and Affected Versions: KKProgressbar2 Free WordPress plugin versions 1.1.4.2 and earlier Description: The issue concerns the lack of CSRF checks in certain areas and missing sanitization as well as escaping. This could allow attackers to make logged-in admins add...

BIT-GITLAB-2024-4597 Cross-Site Request Forgery (CSRF) in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF...

WP Prayer II <= 2.4.7 - Email Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Have an admin open an HTML file containing:...

PT-2024-4184 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.11 through 16.10.5 GitLab CE/EE versions 16.11 through 16.11.2 GitLab CE/EE versions 17.0 through 17.0.0 Description: A CSRF vulnerability exists within GitLab CE/EE. By leveraging this vulnerability, an attacker coul...

PT-2024-26540 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is related to a Cross-Site Request Forgery CSRF in the component /admin/infoWeb deal.php. The mudi, dataType, and dataTypeCN parameters are involved. This allows for unauthorized actions to be...

CVE-2024-3643

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack...

CVE-2024-3642

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack...