CVE-2024-41744

IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2024-39744

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2024-39681

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users...

CVE-2024-39678

Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerable to Cross-Site Request Forgery CSRF in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing...

CVE-2024-39679

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users...

CVE-2024-39680

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users...

CVE-2023-49799

nuxt-api-party is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression ^https?://, however this regular expression can be bypassed by ...

CVE-2023-49159

Server-Side Request Forgery SSRF vulnerability in Elegant Digital Solutions CommentLuv.This issue affects CommentLuv: from n/a through 3.0.4...

CVE-2023-31218

Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin = 1.0.6 versions...

CVE-2023-4276

The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abprprofileShortcode' function. This makes it possible for unauthenticated attackers to change user email and password via a...

CVE-2023-40017

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint /proxy/?url= does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and...

CVE-2023-40335

Cross-Site Request Forgery CSRF vulnerability in Jeremy O'Connell Cleverwise Daily Quotes allows Stored XSS.This issue affects Cleverwise Daily Quotes: from n/a through 3.2...

CVE-2021-22224

A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim...

CVE-2025-23805

Cross-Site Request Forgery CSRF vulnerability in itamarg SEOReseller Partner sr-partner allows Cross Site Request Forgery.This issue affects SEOReseller Partner: from n/a through = 1.3.15...

CVE-2025-23690

Cross-Site Request Forgery CSRF vulnerability in ArtkanMedia Book a Place book-a-place allows Stored XSS.This issue affects Book a Place: from n/a through = 0.7.1...

CVE-2025-23456

Cross-Site Request Forgery CSRF vulnerability in Oddthinking EmailShroud emailshroud allows Reflected XSS.This issue affects EmailShroud: from n/a through = 2.2.1...

CVE-2025-23618

Cross-Site Request Forgery CSRF vulnerability in starise Twitter Shortcode twitter-shortcode allows Stored XSS.This issue affects Twitter Shortcode: from n/a through = 0.9...

CVE-2025-23537

Cross-Site Request Forgery CSRF vulnerability in קידום ובניית אתרים add custom google tag manager add-custom-google-tag-manager allows Stored XSS.This issue affects add custom google tag manager: from n/a through = 1.0.3...

CVE-2025-23654

Cross-Site Request Forgery CSRF vulnerability in krolow Twitter Post twitterpost allows Stored XSS.This issue affects Twitter Post: from n/a through = 0.1...

CVE-2025-23573

Cross-Site Request Forgery CSRF vulnerability in sammyb WP Background Tile wp-background-tile allows Stored XSS.This issue affects WP Background Tile: from n/a through = 1.0...