CVE-2024-4532

MEDIUM Year: 2024
CVSS v3 Score
6.4
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF attacks

Related Vulnerabilities

CVE-2024-1211

MEDIUM
CVSS:6.4(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-si...

CWE-3522024

CVE-2024-35475

MEDIUM
CVSS:6.4(Medium)

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to ...

CWE-3522024

CVE-2004-1995

MEDIUM
CVSS:6.5(Medium)

Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm.

CWE-3522004

CVE-2005-1674

MEDIUM
CVSS:6.5(Medium)

Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php.

CWE-3522005

CVE-2005-2059

MEDIUM
CVSS:6.5(Medium)

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow r...

CWE-3522005

CVE-2009-3022

MEDIUM
CVSS:6.5(Medium)

Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change conten...

CWE-3522009