CVE-2024-9689

MEDIUM Year: 2024
CVSS v3 Score
4.1
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack

Related Vulnerabilities

CVE-2022-22348

MEDIUM
CVSS:4.0(Medium)

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administra...

CWE-3522022

CVE-2024-4328

MEDIUM
CVSS:4.0(Medium)

A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear...

CWE-3522024

CVE-2024-31205

MEDIUM
CVSS:4.2(Medium)

Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) val...

CWE-3522024

CVE-2024-41597

MEDIUM
CVSS:4.2(Medium)

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality.

CWE-3522024

CVE-2024-7501

MEDIUM
CVSS:4.2(Medium)

The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7. This is due to missing or incorrect ...

CWE-3522024

CVE-2024-41811

LOW
CVSS:3.9(Low)

ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected pr...

CWE-3522024