CVE-2024-3632

MEDIUM Year: 2024
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

The Smart Image Gallery WordPress plugin before 1.0.19 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Related Vulnerabilities

CVE-2017-1000147

MEDIUM
CVSS:6.8(Medium)

Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. T...

CWE-3522017

CVE-2017-17982

MEDIUM
CVSS:6.8(Medium)

PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php.

CWE-3522017

CVE-2018-10223

MEDIUM
CVSS:6.8(Medium)

An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html.

CWE-3522018

CVE-2018-10224

MEDIUM
CVSS:6.8(Medium)

An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html.

CWE-3522018

CVE-2018-5073

MEDIUM
CVSS:6.8(Medium)

Online Ticket Booking has CSRF via admin/movieedit.php.

CWE-3522018