CVE-2024-3481

MEDIUM Year: 2024
CVSS v3 Score
5.2
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

The Counter Box WordPress plugin before 1.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks

Related Vulnerabilities

CVE-2018-21096

MEDIUM
CVSS:5.2(Medium)

Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11...

CWE-3522018

CVE-2018-21120

MEDIUM
CVSS:5.2(Medium)

Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11...

CWE-3522018

CVE-2024-23734

MEDIUM
CVSS:5.2(Medium)

Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP ...

CWE-3522024

CVE-2013-6365

MEDIUM
CVSS:5.3(Medium)

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions

CWE-3522013

CVE-2018-10099

MEDIUM
CVSS:5.3(Medium)

Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns...

CWE-3522018

CVE-2018-19334

MEDIUM
CVSS:5.3(Medium)

Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axi...

CWE-3522018