Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
request project request vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2018-18794
School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.
School Event Management System Project School Event Management System 1.0
1 EDB exploit
6.8
CVSSv2
CVE-2018-18797
School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php.
School Attendance Monitoring System Project School Attendance Monitoring System 1.0
1 EDB exploit
4.3
CVSSv2
CVE-2020-8425
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php.
Cups Easy (purchase & Inventory) Project Cups Easy (purchase & Inventory) 1.0
1 Github repository
6.8
CVSSv2
CVE-2014-9397
Cross-site request forgery (CSRF) vulnerability in the twimp-wp plugin for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the message_format parameter in the twimp-wp.php page...
Twimp-wp Project Twimp-wp
NA
CVE-2023-2601
The wpbrutalai WordPress plugin prior to 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF.
Wp Brutal Ai Project Wp Brutal Ai
5.8
CVSSv2
CVE-2018-11502
An issue exists in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF.
Moderator Log Notes Project Moderator Log Notes 1.1
1 EDB exploit
6.8
CVSSv2
CVE-2014-9099
Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options...
Whydowork Adsense Project Whydowork Adsense 1.2
1 EDB exploit
6.8
CVSSv2
CVE-2014-2559
Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin prior to 3.3.3 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that change unspecified plugin options via a request to wp-admin/o...
Twitget Project Twitget
1 EDB exploit
3.5
CVSSv2
CVE-2020-25955
SourceCodester Student Management System Project in PHP version 1.0 is vulnerable to stored a cross-site scripting (XSS) via the 'add subject' tab.
Student Management System Project In Php Project Student Management System Project In Php 1.0
6.8
CVSSv2
CVE-2014-9336
Multiple cross-site request forgery (CSRF) vulnerabilities in the iTwitter plugin 0.04 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) itex_t_t...
Itwitter Project Itwitter
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »