10 matches found
CVE-2026-6932
The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings update handler in edit-weight.php. This makes it possible for unauthenticated attackers to modify t...
CVE-2026-6932
The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings update handler in edit-weight.php. This makes it possible for unauthenticated attackers to modify t...
EUVD-2013-7290
Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password,...
CVE-2018-25186
Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can craft HTML forms targeting the /kim/profile endpoint with hidden fields containing malicious user...
CVE-2018-25190 Easyndexer 1.0 Cross-Site Request Forgery via createuser.php
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that submit POST requests to createuser.php with parameters including username,...
CVE-2018-25190
Easyndexer 1.0 is affected by a CSRF in createuser.php that enables unauthenticated attackers to create administrative accounts by submitting forged POSTs with username, password, name, surname, and privileges=1. CVSS v3.1: 5.3 (NETWORK, LOW CA/PR, NONE UI) with I/L; CVSS v4.0: 6.9 (NETWORK, LOW ...
CVE-2018-25186
Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can craft HTML forms targeting the /kim/profile endpoint with hidden fields containing malicious user...
CVE-2018-25186 Tina4 Stack 1.0.3 Cross-Site Request Forgery via profile
Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can craft HTML forms targeting the /kim/profile endpoint with hidden fields containing malicious user...
Authentication Bypass Using an Alternate Path or Channel
Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the Telegram webhook endpoint when webhook mode is enabled without a configured secret. An attacker can...
PT-2025-52492
Name of the Vulnerable Software and Affected Versions Galette versions prior to 1.2.0 Description Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, it was possible to gain higher privileges by updating an existing account using a self-forged...