CVE-2024-9281

A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. This issue affects some unknown processing of the file post-edit.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and...

CVE-2024-31363

Cross-Site Request Forgery CSRF vulnerability in LifterLMS.This issue affects LifterLMS: from n/a through 7.5.0...

CVE-2024-48234

An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in Server-side request forgery SSRF vulnerability that can read server file...

CVE-2024-40334

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/serverFiledeal.php?mudi=upFileDel=3...

CVE-2023-46777

Cross-Site Request Forgery CSRF vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin = 1.1.3 versions...

CVE-2023-39313

Server-Side Request Forgery SSRF vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1...

CVE-2022-45668

Tenda i22 V1.0.0.34687 is vulnerable to Cross Site Request Forgery CSRF via function fromSysToolReboot...

Siemens SiPass integrated AC5102和Siemens SiPass integrated ACC-AP 数据伪造问题漏洞

The Siemens SiPass integrated AC5102 and Siemens SiPass integrated ACC-AP are both products of Siemens AG, Germany.The Siemens SiPass integrated AC5102 is an advanced centralized controller.The Siemens SiPass integrated ACC-AP is an access control controller. The Siemens SiPass integrated ACC-AP ...

CVE-2022-3121

A vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addemployee.php. The manipulation leads to cross-site request forgery. The attack can be...

CVE-2022-28090

Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery SSRF via /cmscp/ext/collect/fetchurl.do?url=...

CVE-2022-45371

Cross-Site Request Forgery CSRF vulnerability in Wpmet ShopEngine plugin = 4.1.1 versions...

CVE-2021-25976

In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery CSRF when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known...

CVE-2021-43449

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery SSRF. The document editor service can be abused to read and serve arbitrary URLs as a document...

CVE-2021-25327

Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery CSRF vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting XSS...

CVE-2025-48344 WordPress Rootspersona <= 3.7.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in ed4becky Rootspersona allows Cross Site Request Forgery. This issue affects Rootspersona: from n/a through 3.7.5...

The vulnerability of the MouseTooltipTranslator extension in the Google Chrome browser allows a hacker to perform an SSRF attack.

The vulnerability of the MouseTooltipTranslator extension in the Google Chrome browser is related to insufficient validation of requests on the server side. Exploiting this vulnerability can allow a malicious actor to perform an SSRF attack remotely...

CVE-2025-45250

MrDoc v0.95 and before is vulnerable to Server-Side Request Forgery SSRF in the validateurl function of the appdoc/utils.py file...

CVE-2025-47664 WordPress WP Pipes <= 1.4.2 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in ThimPress WP Pipes allows Server Side Request Forgery. This issue affects WP Pipes: from n/a through 1.4.2...

CVE-2025-47594 WordPress Soccer Live Scores <= 1.0.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in DAEXT Soccer Live Scores allows Cross Site Request Forgery. This issue affects Soccer Live Scores: from n/a through 1.0.5...

WordPress TrueBooker plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by haudayroi in WordPress Plugin TrueBooker versions = 1.0.7...