Online Eyewear Shop 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Online Eyewear Shop v1.0 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0...

CVE-2024-8120 ImageRecycle pdf & image compression <= 3.1.14 - Cross-Site Request in Several AJAX Actions

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14. This is due to missing or incorrect nonce validation on several functions in the class/class-image-otimizer.php file. This makes it possible for...

Lost and Found Information System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Lost and Found Information System v1.0 v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...

Accounting Journal Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Accounting Journal Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

CVE-2024-34814

Cross-Site Request Forgery CSRF vulnerability in Unyson Unyson unyson.This issue affects Unyson: from n/a through = 2.7.29...

Easy Social Feed < 6.5.5 - Cross-Site Request Forgery

Description The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the esfinstasaveaccesstoken and...

CVE-2023-48328

Cross-Site Request Forgery CSRF vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37...

OATHAuth extension in MediaWiki is not implementing rate limit

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. For Wikis using OATHAuth on a farm/cluster such as via CentralAuth, rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across ma...

Online Banquet Booking System 1.0 Cross Site Request Forgery Vulnerability

Exploit Title: Online Banquet Booking System - 'change admin credentials' Cross-Site Request Forgery CSRF Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/online-banquet-booking-system-using-php-and-mysql/ Version: 1.0...

WordPress Flight Search Widget and Blocks plugin <= 1.1.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Flight Search Widget and Blocks plugin versions = 1.1.0. Solution No patched version available...

Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12

This affects the package com.softwaremill.akka-http-session:core2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core2.11; the package com.softwaremill.akka-http-session:core2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request...

Arunna 1.0.0 - &#039;Multiple&#039; Cross-Site Request Forgery (CSRF)

Exploit Title: Arunna 1.0.0 - 'Multiple' Cross-Site Request Forgery CSRF Date: November 29, 2021 Exploit Author: =LL= Detailed Bug Description: https://lyhinslab.org/index.php/2021/11/29/how-white-box-hacking-works-xss-csrf-in-arunna/ Vendor Homepage: https://github.com/arunna Software Link:...

WordPress Plugin Cross-Site Request Forgery Vulnerability (CNVD-2021-101474)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. cross-site request forgery vulnerability exists in...

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to change any role with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

CVE-2019-1003058

A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpldoLoginCheck method allows attackers to initiate a connection to an attacker-specified server...

MACCMS 10 - Cross-Site Request Forgery (Add User)

Exploit Title: MACCMSV10 CSRF vulnerability add admin account Date: 2018-06-11 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9168309.html Software Link: http://www.maccms.com/down.html Version: V10 CVE : CVE-2018-12114 I found a CSRF vulnerability in maccmsv10,this...

Telecom Charging Panel ADSL (IR) - CSRF Web Vulnerability

Document Title: =============== Telecom Charging Panel ADSL IR - CSRF Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1773 Release Date: ============= 2016-03-01 Vulnerability Laboratory ID VL-ID: ==================================== 17...

Cisco Unified MeetingPlace Server Multiple State Changing URL API Functionalities Cross-Site Request Forgery Vulnerability

A vulnerability in multiple-state-changing URL application programming interface API functionalities within the Cisco Unified MeetingPlace Server could allow an unauthenticated, remote attacker to perform cross-site request forgery CSRF attacks. The vulnerability is due to insufficient CSRF...

Beetel 450TC2 Router - Cross-Site Request Forgery (Admin Password)

​​ input type="submit" value="Submit f...

Question2Answer 1.5.3 CSRF / Brute Force

Hello list! These are Brute Force, Insufficient Anti-automation and Cross-Site Request Forgery vulnerabilities in Question2Answer. This is the first part of vulnerabilities in this web application. ------------------------- Affected products: ------------------------- Vulnerable are all versions ...