Security Vulnerabilities, CVEs, (CSRF)
Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7.
Max CVSS
N/A
EPSS Score
N/A
Published
2024-03-29
Updated
2024-03-29
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS – WooCommerce Currency Switcher.This issue affects WOOCS – WooCommerce Currency Switcher: from n/a through 1.4.1.7.
Max CVSS
4.3
EPSS Score
N/A
Published
2024-03-29
Updated
2024-03-29
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.1.
Max CVSS
4.3
EPSS Score
N/A
Published
2024-03-29
Updated
2024-03-29
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WPCS.This issue affects WPCS: from n/a through 1.2.0.1.
Max CVSS
4.3
EPSS Score
N/A
Published
2024-03-29
Updated
2024-03-29
Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through 4.5.5.
Max CVSS
7.1
EPSS Score
0.04%
Published
2024-03-27
Updated
2024-03-27
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-26
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-22
Updated
2024-03-22
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-22
Updated
2024-03-22
Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.3.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-03-19
Updated
2024-03-19
Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. In versions 0.1.2 and prior, a lenient CORS policy allows attackers to make a cross origin request, reading privileged information. This can be used to leak the admin password. Commit 9215d9ba0f29d62201d3feea9e77dcd274581624 fixes this issue.
Max CVSS
8.2
EPSS Score
0.06%
Published
2024-03-20
Updated
2024-03-21
ESPHome is a system to control microcontrollers remotely through Home Automation systems. API endpoints in dashboard component of ESPHome version 2023.12.9 (command line installation) are vulnerable to Cross-Site Request Forgery (CSRF) allowing remote attackers to carry out attacks against a logged user of the dashboard to perform operations on configuration files (create, edit, delete). It is possible for a malicious actor to create a specifically crafted web page that triggers a cross site request against ESPHome, this allows bypassing the authentication for API calls on the platform. This vulnerability allows bypassing authentication on API calls accessing configuration file operations on the behalf of a logged user. In order to trigger the vulnerability, the victim must visit a weaponized page. In addition to this, it is possible to chain this vulnerability with GHSA-9p43-hj5j-96h5/ CVE-2024-27287 to obtain a complete takeover of the user account. Version 2024.3.0 contains a patch for this issue.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
Cross-site request forgery (CSRF) vulnerability in easy-popup-show all versions allows a remote unauthenticated attacker to hijack the authentication of the administrator and to perform unintended operations if the administrator views a malicious page while logged in.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-25
Updated
2024-03-25
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/module_main.php
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_edit.php
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/stepselect_main.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
6188 vulnerabilities found
1
2
3
4
5
6 ......
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248