145 matches found
PT-2025-26332 · Indgeek · Indgeek Cliplink
Name of the Vulnerable Software and Affected Versions: indgeek ClipLink versions 1.1 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized requests. Recommendations: For indgeek ClipLink versions 1.1 and earlier, as a temporary workaround,...
CVE-2024-40603
An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request...
CVE-2023-38348
A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1...
CVE-2023-2495
The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtransajaxold AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF...
CVE-2020-36389
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF...
CVE-2018-20968
The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF...
CVE-2019-17642
An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery plugin...
CVE-2019-17431
An issue was discovered in fastadmin 1.0.0.20190705beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability...
CVE-2019-15238
The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field...
CVE-2019-10644
An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an administrator account...
CVE-2018-9856
Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request...
CVE-2018-14959
An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages=new URI...
CVE-2017-18512
The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF...
CVE-2015-9426
The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=miceditorwindow postId parameter...
PT-2025-21988 · Falang · Falang
Name of the Vulnerable Software and Affected Versions: Falang multilanguage versions 1.3.61 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user. Recommendations: For versions 1.3.61 and earlier,...
PT-2025-22049 · Checkbot · Checkbot
Name of the Vulnerable Software and Affected Versions: CheckBot versions 1.05 and earlier Description: A Cross-Site Request Forgery CSRF issue in Ref CheckBot allows for Stored XSS. This means an attacker can execute malicious scripts on the victim's browser, potentially leading to unauthorized...
CVE-2025-31915 WordPress Pixel Form BuilderPlugin & Autoresponder plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Cross Site Request Forgery.This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through = 1.0.3...
PT-2025-21154 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a CSRF problem. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was...
CVE-2025-47655 WordPress theMarketer plugin <= 1.4.7 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in themarketer2023 theMarketer allows Stored XSS. This issue affects theMarketer: from n/a through 1.4.7...
CVE-2025-47596 WordPress Beacon Lead Magnets and Lead Capture plugin <= 1.5.8 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Beacon Lead Magnets and Lead Capture beacon-by allows Cross Site Request Forgery.This issue affects Beacon Lead Magnets and Lead Capture: from n/a through = 1.5.8...