ImageMapper <= 1.2.6 - Stored XSS via CSRF

Description The plugin does not have CSRF check in its imgmapsaveareatitle function, which could allow attackers to make logged in admins update arbitrary post titles with XSS payloads via a CSRF attack...

Elementor Addon Elements < 1.12.8 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Contact Forms by Cimatti < 1.6.1 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2023-5818

The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage function. This makes it possible for unauthenticated attackers to update the plugins setting...

F5 Networks BIG-IP : iControl SOAP vulnerability (K53854428)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4.1 / 14.1.4.2 / 15.1.3 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K53854428 advisory. BIG-IP and BIG-IQ arevulnerable to cross-site request forgery CSRF attacks through...

CVE-2023-45670

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the config/save and config/set endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server e.g. via...

Cross site request forgery (csrf)

Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request...

PT-2023-32951 · Php · Php

Name of the Vulnerable Software and Affected Versions: Base64 Encoder/Decoder WordPress plugin versions 0.9.2 and earlier PHP versions prior to 8.0.30 PHP versions prior to 8.1.22 PHP versions prior to 8.2.8 Description: The issue concerns a lack of CSRF check in the Base64 Encoder/Decoder...

Rocket Font <= 1.2.3 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2023-45141

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the...

Blog Manager Light <= 1.20 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-5531

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the delete functionality. This makes it possible for unauthenticated attackers to delete image...

Localize Remote Images <= 1.0.9 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Perelink Pro <= 2.1.4 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Smarty for WordPress <= 3.1.35 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Mobile Address Bar Changer <= 3.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Live News < 1.07 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Add Shortcodes Actions And Filters < 2.10 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Realbig <= 1.0.6 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings as well as clear logs and cache, which could allow attackers to make a logged in admin change them via a CSRF attack...

HTTP Auth < 1.0.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...