CVE-2024-3824

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...

CVE-2024-3631

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack...

CVE-2024-3629

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-3406

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-3823 Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-3824

CVE-2024-3824 affects the WordPress plugin “Base64 Encoder/Decoder” up to version 0.9.2. The vulnerability arises from a missing CSRF check when resetting plugin settings, potentially allowing a logged-in attacker to trigger a CSRF reset on an admin. Public details consistently describe the issue...

CVE-2024-3631

CVE-2024-3631 affects the HL Twitter WordPress plugin (versions up to 2014.1.18). The issue is a missing CSRF check when unlinking Twitter accounts, enabling an attacker to cause logged-in admins to perform unlink actions via CSRF. This is the root cause and the primary impact stated in connected...

CVE-2024-3631 HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack...

CVE-2024-3629 HL Twitter <= 2014.1.18 - Settings Update via CSRF

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-3406

CVE-2024-3406 affects WP Prayer WordPress plugin up to version 2.0.9 and older, lacking CSRF protection when updating email settings. This enables a logged-in admin to change settings via CSRF. CVSSv3.1 base score 8.8 (HIGH). Remediation noted across sources as updating to a version that adds a C...

CVE-2024-3406 WP Prayer <= 2.0.9 - Email Settings Update via CSRF

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-3405

The CVE-2024-3405 entry concerns the WordPress plugin WP Prayer, affected in versions 2.0.9 and earlier, with a CSRF flaw in the settings update workflow that could allow an authenticated attacker to trigger changes in a logged-in admin’s settings. The available connected docs confirm the issue a...

PT-2024-27905 · WordPress · Base64 Encoder/Decoder

Name of the Vulnerable Software and Affected Versions: Base64 Encoder/Decoder WordPress plugin versions 0.9.2 and earlier Description: The issue concerns a lack of CSRF check when updating settings in the plugin, along with missing sanitization and escaping. This could allow attackers to make...

CVE-2024-3940

The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-3903 Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF

The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack...

CVE-2024-4597 Cross-Site Request Forgery (CSRF) in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF...

CVE-2024-4597

Removed by vendor...

GHSA-RCM2-22F3-PQV3 Firebase vulnerable to CRSF attack

This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed cal...

Firebase vulnerable to CRSF attack

This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed cal...

CVE-2024-4128

This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed cal...