3 matches found
WordPress Asgaros Forum plugin <= 3.2.1 - Cross-Site Request Forgery to Subscription Settings Update vulnerability
Cross-Site Request Forgery to Subscription Settings Update vulnerability discovered by Brian Mungai in WordPress Plugin Asgaros Forum versions = 3.2.1...
CVE-2025-48055
Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse brick in the user portal, a cross-site scripting attack can occur. This is fixed in versions 3.2.2 and 3.3.0...
Cross site request forgery (csrf)
MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery CSRF vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvgsave that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be...