CVE-2022-4386

The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack...

Books Gallery < 4.4.9 - CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

SUSE CVE-2013-4562

The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery CSRF attacks via the state parameter...

SUSE CVE-2018-1000858

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery CSRF vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window...

SUSE CVE-2021-42097

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrftoken value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin e.g., for account takeover...

My Tickets < 1.9.11 - Bulk Emailing via CSRF

The plugin does not have CSRF check when bulk emailing, which could allow attackers to make logged in admins perform such action via a CSRF attack...

Cross site request forgery (csrf)

The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydlposts & lydlpoststimestamp DB tables...

CVE-2022-4553 FL3R FeelBox <= 8.1 - Moods Reset via CSRF

The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydlposts & lydlpoststimestamp DB tables...

Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF

The plugin lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack...

CVE-2022-4443

The BruteBank WordPress plugin before 1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

Cross site request forgery (csrf)

The BruteBank WordPress plugin before 1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

CVE-2022-4548 Optimize images ALT Text (alt tag) & names for SEO using AI < 2.0.8 - Settings Update via CSRF

The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

Pods < 2.9.11 - Pods Deletion via CSRF

The plugin does not have CSRF checks when deleting pods, which could allow attackers to make logged in admins perform such action via a CSRF attack...

CVE-2022-4549 Tickera < 3.5.1.0 - Plugin Data Deletion via CSRF

The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

Royal Elementor Addons < 1.3.60 - Menu Template Creation via CSRF

The plugin does not have CSRF check when creating menu templates, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

Cross site request forgery (csrf)

The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack...

PT-2023-14438 · WordPress · Mautic Integration For Woocommerce

Name of the Vulnerable Software and Affected Versions: Mautic Integration for WooCommerce WordPress plugin versions prior to 1.0.3 Description: The issue is related to a lack of proper CSRF check when updating settings, and the failure to ensure that the options to be updated belong to the plugin...

My Calendar < 3.3.25 - Event/Location Deletion via CSRF

The plugin does not have CSRF checks when deleting events and locations, which could allow attackers to make logged in admins perform such actions via CSRF attacks...

Cross-site Request Forgery (CSRF)

github.com/usememos/memos is vulnerable to cross site request forgery. The vulnerability exists in the NewServer function in server.go, which allows an attacker to manipulate the actions of authenticated users by tricking them into clicking on a malicious link or visiting a malicious website whil...

CSRF to change user language preferences

Description Cross-Site Request Forgery CSRF is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. CSRF attacks exploit the trust a Web application has in an authenticated user Proof of Concept 1 Go to...