Export limit exceeded: 10172 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10172 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32445 | 1 Saleswonder | 1 Webinarignition | 2026-04-23 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition.This issue affects WebinarIgnition: from n/a through <= 3.05.8. | ||||
| CVE-2024-32435 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in perrinalexandre05 AffiEasy affieasy.This issue affects AffiEasy: from n/a through <= 1.1.4. | ||||
| CVE-2024-32433 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Themefic BEAF beaf-before-and-after-gallery.This issue affects BEAF: from n/a through <= 4.5.4. | ||||
| CVE-2024-32141 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in libsyn Libsyn Publisher Hub libsyn-podcasting.This issue affects Libsyn Publisher Hub: from n/a through <= 1.4.4. | ||||
| CVE-2024-31942 | 2026-04-23 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.This issue affects Calendarista Basic Edition: from n/a through <= 3.0.2. | ||||
| CVE-2024-31924 | 2026-04-23 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in nosilver4u EWWW Image Optimizer ewww-image-optimizer.This issue affects EWWW Image Optimizer: from n/a through <= 7.2.3. | ||||
| CVE-2024-31433 | 2026-04-23 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in StellarWP The Events Calendar the-events-calendar.This issue affects The Events Calendar: from n/a through <= 6.3.0. | ||||
| CVE-2024-31424 | 1 Idehweb | 1 Login With Phone Number | 2026-04-23 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.6.93. | ||||
| CVE-2024-30493 | 2 Church Admin Project, Wordpress | 2 Church Admin, Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.7. | ||||
| CVE-2024-29093 | 2026-04-23 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias Builder for WooCommerce reviews shortcodes – ReviewShort woo-product-reviews-shortcode.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through <= 1.01.3. | ||||
| CVE-2024-27195 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in sverde1 Watermark RELOADED watermark-reloaded allows Cross Site Request Forgery.This issue affects Watermark RELOADED: from n/a through <= 1.3.5. | ||||
| CVE-2024-25932 | 1 Youngtechleads | 1 Change Table Prefix | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Manish Kumar Agarwal Change Table Prefix change-table-prefix allows Cross Site Request Forgery.This issue affects Change Table Prefix: from n/a through <= 2.0. | ||||
| CVE-2026-4121 | 2 Ksolves, Wordpress | 2 Kcaptcha, Wordpress | 2026-04-23 | 4.3 Medium |
| The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler (admin/setting.php). The settings form does not include a wp_nonce_field() and the form processing code does not call wp_verify_nonce() or check_admin_referer() before saving settings to the database via $wpdb->update(). This makes it possible for unauthenticated attackers to modify the plugin's CAPTCHA settings (enabling or disabling CAPTCHA on login, registration, lost password, and comment forms) via a forged request, granted they can trick a site administrator into performing an action such as clicking a link. | ||||
| CVE-2026-4133 | 2 Textp2p, Wordpress | 2 Textp2p Texting Widget, Wordpress | 2026-04-23 | 4.3 Medium |
| The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.7. This is due to missing nonce validation in the imTextP2POptionPage() function which processes settings updates. The form at line 314 does not include a wp_nonce_field(), and the POST handler at line 7 does not call check_admin_referer() or wp_verify_nonce() before processing settings changes. This makes it possible for unauthenticated attackers to update all plugin settings including chat widget titles, messages, API credentials, colors, and reCAPTCHA configuration via a forged request, granted they can trick a site administrator into performing an action such as clicking a link. | ||||
| CVE-2008-3736 | 2 Spacetag, System Consultants | 2 Lacoodast, La Cooda Wiz | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (a) change passwords or (b) change configurations. | ||||
| CVE-2008-3080 | 1 Mywebland | 1 Mybloggie | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899. | ||||
| CVE-2008-2071 | 1 Cpanel | 1 Cpanel | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors. | ||||
| CVE-2008-2002 | 1 Motorola | 1 Surfboard | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a denial of service (device reboot) via the "Restart Cable Modem" value in the BUTTON_INPUT parameter to configdata.html, and (2) cause a denial of service (hard reset) via the "Reset All Defaults" value in the BUTTON_INPUT parameter to configdata.html. | ||||
| CVE-2008-1719 | 1 Truzone | 1 Nuke Et | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET 3.2 and 3.4 allow remote attackers to perform actions as administrators, as demonstrated by inserting an XSS sequence into a document. | ||||
| CVE-2008-1654 | 2 Adobe, Redhat | 2 Flash Player, Rhel Extras | 2026-04-23 | N/A |
| Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server. | ||||