Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
csrf vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2017-5145
An issue exists in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration...
Carlosgavazzi Vmu-c Em Firmware -
Carlosgavazzi Vmu-c Pv Firmware -
9.9
CVSSv3
CVE-2015-7926
eWON devices with firmware prior to 10.1s0 omit RBAC for I/O server information and status requests, which allows remote malicious users to obtain sensitive information via an unspecified URL.
Ewon Ewon Firmware
9.8
CVSSv3
CVE-2023-52200
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restricti...
Reputeinfosystems Armember
9.8
CVSSv3
CVE-2023-51673
Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List – Price Table Builder & QR Code Restaurant Menu: from n/a up to and including 7.0.17.
Stylishpricelist Stylish Price List
9.8
CVSSv3
CVE-2023-5991
The Hotel Booking Lite WordPress plugin prior to 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server
Motopress Hotel Booking Lite
9.8
CVSSv3
CVE-2023-5652
The WP Hotel Booking WordPress plugin prior to 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections
Thimpress Wp Hotel Booking
9.8
CVSSv3
CVE-2023-2601
The wpbrutalai WordPress plugin prior to 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF.
Wp Brutal Ai Project Wp Brutal Ai
9.8
CVSSv3
CVE-2022-44739
Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin <= 1.5.4 versions.
Thingsforrestaurants Quick Restaurant Reservations
9.8
CVSSv3
CVE-2014-125057
A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument _token leads to incorrect comparison. It is possible to ini...
Robitailletheknot Project Robitailletheknot
9.8
CVSSv3
CVE-2022-2180
The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated malicious user to upload arbitrary files including php source files, leading to possible remote code execut...
Greyd Greyd.suite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »