CWE-352

Cross-Site Request Forgery (CSRF) vulnerability in kareemsultan Social Links social-links allows Stored XSS.This issue affects Social Links: from n/a through <= 1.0.11.

Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search fulltext-search allows Cross Site Request Forgery.This issue affects WP Fast Total Search: from n/a through <= 1.78.258.

Cross-Site Request Forgery (CSRF) vulnerability in Smartsupp Smartsupp – live chat, chatbots, AI and lead generation smartsupp-live-chat allows Cross Site Request Forgery.This issue affects Smartsupp – live chat, chatbots, AI and lead generation: from n/a through <= 3.6.

Cross-Site Request Forgery (CSRF) vulnerability in Posti Posti Shipping posti-shipping allows Cross Site Request Forgery.This issue affects Posti Shipping: from n/a through <= 3.10.3.

Cross-Site Request Forgery (CSRF) vulnerability in codehandling Youtube Video Grid youmax-channel-embeds-for-youtube-businesses allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Video Grid: from n/a through <= 1.9.

The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains a Relative Path Traversal vulnerability, allowing attackers to read arbitrary files on the user's system.

Cross-Site Request Forgery (CSRF) vulnerability in ilGhera Woocommerce Support System allows Cross Site Request Forgery.This issue affects Woocommerce Support System: from n/a through 1.2.2.

Cross-Site Request Forgery (CSRF) vulnerability in sumitsurai Featured Posts with Multiple Custom Groups (FPMCG) featured-posts-with-multiple-custom-groups-fpmcg allows Cross Site Request Forgery.This issue affects Featured Posts with Multiple Custom Groups (FPMCG): from n/a through <= 4.0.

Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.

Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application to which he is authenticated.

The AffiEasy plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to plugin improperly releasing the tagged and patched version of the plugin - the vulnerable version is used as the core files, while the patched version was included in a 'trunk' folder. This makes it possible for unauthenticated attackers to perform a variety of actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14.

Cross-Site Request Forgery (CSRF) vulnerability in Joshua Eldridge Easy CountDowner allows Stored XSS.This issue affects Easy CountDowner: from n/a through 1.0.8.

Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo Sangar Slider.This issue affects Sangar Slider: from n/a through 1.3.2.

Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple EnvíaloSimple.This issue affects EnvíaloSimple: from n/a through 2.2.

Cross-Site Request Forgery vulnerability in Movistar's 4G router affecting version ES_WLD71-T1_v2.0.201820. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application in which they are currently authenticated.

The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change the project id and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicator – WordPress Migration & Backup Plugin.This issue affects Duplicator – WordPress Migration & Backup Plugin: from n/a through 1.5.7.

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). This is due to missing or incorrect nonce validation on the save_virtual_event_settings function. This makes it possible for unauthenticated attackers to modify virtual event settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (for Pro) & 2.2.7 (for Free). This is due to missing or incorrect nonce validation on the evo_eventpost_update_meta function. This makes it possible for unauthenticated attackers to update arbitrary post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.