PT-2026-24179

The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack...

CVE-2026-1128

The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack...

CVE-2023-4824

The WooHoo Newspaper Magazine theme does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

EUVD-2025-203181

OpenPLCV3 is vulnerable to a cross-site request forgery CSRF attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC settin...

EUVD-2025-34191

A cross-site request forgery security issue exists in the product and version listed. The vulnerability stems from missing CSRF checks on the impacted form. This allows for unintended configuration modification if an attacker can convince a logged in admin to visit a crafted link...

EUVD-2021-11734

Malware in sbrugna...

EUVD-2021-11647

Malware in sbrugna...

EUVD-2023-44167

Malicious code in bioql PyPI...

EUVD-2025-24668

Malicious code in bioql PyPI...

EUVD-2023-59376

Malicious code in bioql PyPI...

EUVD-2022-24901

Malicious code in bioql PyPI...

CVE-2025-6790

The Quiz and Survey Master QSM WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2025-6790 QSM < 10.2.3 - Template Creation via CSRF

The Quiz and Survey Master QSM WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2025-6790

The CVE concerns WordPress plugin Quiz and Survey Master (QSM) versions before 10.2.3. The root cause is lack of CSRF protection when updating plugin settings, which could allow a logged-in admin to have settings modified via CSRF. The vulnerability is identified across multiple sources with a CV...

CVE-2025-7965

The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2025-7965 CBX Restaurant Booking <= 1.2.1 - Plugin Reset via CSRF

The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-4382

The CB legacy WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks...

CVE-2024-4969

The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack...

CVE-2024-6271

The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack...

CVE-2024-7862

The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...