CVE-2025-59541 Chamilo: CSRF Vulnerability in Project Deletion

Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery CSRF vulnerability allows an attacker to delete projects inside a course without the victim’s consent. The issue arises because sensitive actions such as project deletion do not implement anti-CSRF...

PT-2024-32871 · Unknown +3 · Openrefine +3

Name of the Vulnerable Software and Affected Versions: OpenRefine versions prior to 3.8.3 Description: The issue allows an attacker to lead a user to a malicious page that submits a form POST containing embedded JavaScript code. This code would then be included in the response, along with an...

Multiple Page Generator Plugin – MPG < 3.4.1 - Cross-Site Request Forgery

Description The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.0. This is due to missing or incorrect nonce validation on the deleteproject action. This makes it possible for unauthenticated attackers to...

Visma Public: Ability to delete projects from Archived companies (Read only version)

The researcher discovered that Projects can be deleted from Archived companies which have "read only version".It was assessed as Low impact...

U.S. Dept Of Defense: IDOR - Delete Users Saved Projects

Target Url https://█████/██████████/█████████=Targetid Summary: Hello, I found an IDOR bug in deleting users saved projects. Through changing the search id in the above url in a GET request, you can delete saved projects for any users. Step-by-step Reproduction Instructions 1. Navigate to your...