PT-2025-41330

Name of the Vulnerable Software and Affected Versions WP Go Maps plugin for WordPress versions prior to 9.0.46 Description The WP Go Maps plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. The plugin exposes state-changing REST actions through an AJAX bridge without appropria...

PT-2025-28016 · Mediawiki · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: Mediawiki - SecurePoll extension versions 1.39.X through 1.39.12 Mediawiki - SecurePoll extension versions 1.42.X through 1.42.6 Mediawiki - SecurePoll extension versions 1.43.X through 1.43.1 Description: The issue affects the Mediawiki -...

PT-2025-27238 · Unknown · Phpgurukul Medical Card Generation System

Name of the Vulnerable Software and Affected Versions: Phpgurukul Medical Card Generation System version 1.0 Description: A Cross-Site Request Forgery CSRF issue exists in the Inquiry Management functionality, specifically at the "/mcgs/admin/readenq.php" endpoint. This allows an authenticated...

PT-2025-24262 · Unknown · Atelier Create Cv

Name of the Vulnerable Software and Affected Versions: Atelier Create CV versions 1.1.2 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. This means an attacker can trick a user into performing unintended actions on the...

CVE-2021-30114

Web-School ERP V 5.0 contains a cross-site request forgery CSRF vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege...

PT-2025-20151 · Iqonic Design · Iqonic Design Graphina

Name of the Vulnerable Software and Affected Versions: Iqonic Design Graphina versions 3.0.4 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows PHP Local File Inclusion. This means an attacker could potentially trick a user into performing unintended...

CVE-2025-32354

In Zimbra Collaboration ZCS 9.0 through 10.1, a Cross-Site Request Forgery CSRF vulnerability exists in the GraphQL endpoint /service/extension/graphql of Zimbra webmail due to a lack of CSRF token validation. This allows attackers to perform unauthorized GraphQL operations, such as modifying...

PT-2025-17805 · Zalo · Zalo Official Live Chat

Name of the Vulnerable Software and Affected Versions: Zalo Official Live Chat versions 1.0.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows for Cross Site Request Forgery. This means an attacker can trick a user into performing unintended...

PT-2025-16616 · Unknown · Ever Accounting

Name of the Vulnerable Software and Affected Versions: Ever Accounting versions n/a through 2.1.5 Description: A Cross-Site Request Forgery CSRF issue affects Ever Accounting, allowing unauthorized actions to be performed on behalf of a user. Recommendations: For versions n/a through 2.1.5, updat...

PT-2025-15733 · Unknown · Abozain Albanna Customize Login Page

Name of the Vulnerable Software and Affected Versions: AboZain Albanna Customize Login Page versions 1.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross Site Request Forgery. This means an attacker can trick a user into performing unintended...

PT-2025-14911 · Unknown · Libro De Reclamaciones Y Quejas

Name of the Vulnerable Software and Affected Versions: Libro de Reclamaciones y Quejas versions 0.9 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. Recommendations: For versions 0.9 and earlier, consider implementing...

CVE-2024-0392 Cross-Site Request Forgery (CSRF) in WSO2 Enterprise Integrator 6.6.0 Management Console Due to Missing CSRF Token Validation

A Cross-Site Request Forgery CSRF vulnerability exists in the management console of WSO2 Enterprise Integrator 6.6.0 due to the absence of CSRF token validation. This flaw allows attackers to craft malicious requests that can trigger state-changing operations on behalf of an authenticated user,...

CVE-2022-24879

Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery CSRF token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7....

PT-2023-23144 · Unknown · Faraz Quazi Floating Action Button

Name of the Vulnerable Software and Affected Versions: Faraz Quazi Floating Action Button plugin versions 1.2.1 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintende...

PT-2023-24649 · WordPress · Malinky Ajax Pagination/Infinite Scroll

Name of the Vulnerable Software and Affected Versions: Malinky Ajax Pagination and Infinite Scroll plugin versions = 2.0.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application tha...

PT-2023-26399 · Anshul · Anshul Labs Mobile Address Bar Changer

Name of the Vulnerable Software and Affected Versions: Anshul Labs Mobile Address Bar Changer plugin versions = 3.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

PT-2023-11606 · Duxcms · Duxcms

Name of the Vulnerable Software and Affected Versions: DuxCMS version 2.1 Description: A Cross Site Request Forgery CSRF issue in the admin.php file of DuxCMS allows remote attackers to modify application data via the "article/admin/content/add" endpoint. This can be exploited by tricking...

PT-2023-19898 · Unknown · Denishua Comment Reply Notification

Name of the Vulnerable Software and Affected Versions: Denishua Comment Reply Notification plugin versions = 1.4 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions o...

PT-2023-20092 · Unknown · Csaba Kissi About Me 3000 Widget Plugin

Name of the Vulnerable Software and Affected Versions: Csaba Kissi About Me 3000 widget plugin versions = 2.2.6 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on...

PT-2023-15225 · WordPress · Stylistwp Extra Block Design

Name of the Vulnerable Software and Affected Versions: StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin versions 0.2.6 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended...