CVE-2024-1231

MEDIUM Year: 2024
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack

Related Vulnerabilities

CVE-2017-1000147

MEDIUM
CVSS:6.8(Medium)

Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. T...

CWE-3522017

CVE-2017-17982

MEDIUM
CVSS:6.8(Medium)

PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php.

CWE-3522017

CVE-2018-10223

MEDIUM
CVSS:6.8(Medium)

An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html.

CWE-3522018

CVE-2018-10224

MEDIUM
CVSS:6.8(Medium)

An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html.

CWE-3522018

CVE-2018-5073

MEDIUM
CVSS:6.8(Medium)

Online Ticket Booking has CSRF via admin/movieedit.php.

CWE-3522018