Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 8157 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-39155 1 Idccms 1 Idccms 2025-04-15 N/A 6.8 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add.
CVE-2024-39156 1 Idccms 1 Idccms 2025-04-15 N/A 3.8 LOW
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.
CVE-2024-39157 1 Idccms 1 Idccms 2025-04-15 N/A 3.8 LOW
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.
CVE-2024-39158 1 Idccms 1 Idccms 2025-04-15 N/A 8.8 HIGH
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet.
CVE-2024-40035 1 Idccms 1 Idccms 2025-04-15 N/A 5.9 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.
CVE-2024-40038 1 Idccms 1 Idccms 2025-04-15 N/A 5.3 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev
CVE-2024-40328 1 Idccms 1 Idccms 2025-04-15 N/A 6.3 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6
CVE-2024-40329 1 Idccms 1 Idccms 2025-04-15 N/A 8.8 HIGH
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup
CVE-2024-40331 1 Idccms 1 Idccms 2025-04-15 N/A 8.8 HIGH
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup
CVE-2024-33829 1 Idccms 1 Idccms 2025-04-15 N/A 5.4 MEDIUM
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.
CVE-2024-35010 1 Idccms 1 Idccms 2025-04-15 N/A 8.8 HIGH
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6.
CVE-2024-35009 1 Idccms 1 Idccms 2025-04-15 N/A 8.8 HIGH
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.
CVE-2024-33830 1 Idccms 1 Idccms 2025-04-15 N/A 8.1 HIGH
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache.
CVE-2022-2846 1 Dwbooster 1 Calendar Event Multi View 2025-04-15 N/A 4.3 MEDIUM
A vulnerability classified as problematic was found in Calendar Event Multi View Plugin. This vulnerability affects unknown code of the file /wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-206488.
CVE-2022-46853 1 Radiustheme 1 The Post Grid 2025-04-15 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 5.0.4 versions.
CVE-2022-4124 1 Popup Manager Project 1 Popup Manager 2025-04-14 N/A 4.3 MEDIUM
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them
CVE-2022-4107 1 Cedcommerce 1 Smsa Shipping For Woocommerce 2025-04-14 N/A 6.5 MEDIUM
The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server
CVE-2024-54357 1 Theme-fusion 1 Avada 2025-04-14 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.10.
CVE-2024-2429 1 Salonbookingsystem 1 Salon Booking System 2025-04-14 N/A 4.3 MEDIUM
The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-4266 2025-04-14 N/A 6.5 MEDIUM
The Bulk Delete Users by Email WordPress plugin through 1.2 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete non admin users by knowing their email via a CSRF attack