55977 matches found
CVE-2023-4455
Cross-Site Request Forgery CSRF in GitHub repository wallabag/wallabag prior to 2.6.3...
CVE-2023-4869
A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file update.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been...
CVE-2023-4878
Server-Side Request Forgery SSRF in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4629
The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the saveconfig function in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to update the 'ladipageconfig' option via a forged request granted they...
CVE-2023-40556
Cross-Site Request Forgery CSRF vulnerability in Greg Ross Schedule Posts Calendar plugin = 5.2 versions...
CVE-2023-40008
Cross-Site Request Forgery CSRF vulnerability in Gangesh Matta Simple Org Chart plugin = 2.3.4 versions...
CVE-2023-40558
Cross-Site Request Forgery CSRF vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin = 3.3.5 versions...
CVE-2023-40172
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. A Cross-site request forgery CSRF attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do...
CVE-2023-40198
Cross-Site Request Forgery CSRF vulnerability in Antsanchez Easy Cookie Law plugin = 3.1 versions...
CVE-2023-40671
Cross-Site Request Forgery CSRF vulnerability in 大侠wp DX-auto-save-images plugin = 1.4.0 versions...
CVE-2023-40199
Cross-Site Request Forgery CSRF vulnerability in CRUDLab WP Like Button plugin = 1.7.0 versions...
CVE-2023-40559
Cross-Site Request Forgery CSRF vulnerability in theDotstore Dynamic Pricing and Discount Rules for WooCommerce plugin = 2.4.0 versions...
CVE-2023-40201
Cross-Site Request Forgery CSRF vulnerability in FuturioWP Futurio Extra plugin = 1.8.4 versions leads to activation of arbitrary plugin...
CVE-2025-23996
Cross-Site Request Forgery CSRF vulnerability in AnyRoad AnyRoad anyguide allows Cross Site Request Forgery.This issue affects AnyRoad: from n/a through = 1.3.2...
CVE-2025-23985
Cross-Site Request Forgery CSRF vulnerability in brainvireinfo Dynamic URL SEO dynamic-url-seo allows Cross Site Request Forgery.This issue affects Dynamic URL SEO: from n/a through = 1.0...
CVE-2025-23411
mySCADA myPRO Manager is vulnerable to cross-site request forgery CSRF, which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website...
CVE-2025-58441
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact o...
CVE-2025-13990
The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to create, update, or delete...
CVE-2025-13520
The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugi...
CVE-2025-13519
The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on multiple AJAX actions including 'savedata', 'deletedata', and 'addpopup'. This makes it possible for...