CSRF - CVE CyberSecurity Database News (Page 5)

Jan 31, 2025 CSRF Exploit JSON Web Token OAuth Google

CVE-2024-1211 - GitLab JWT OmniAuth CSRF Vulnerability Explored

If your organization uses GitLab for source control and has enabled JWT as an OmniAuth provider, you may be at risk of a newly disclosed

Jan 14, 2025 CSRF Exploit

CVE-2024-47100 - CSRF in Siemens SIMATIC S7-120/SIPLUS S7-120 PLCs — Changing CPU Mode with One Click

CVE-2024-47100 is a recently disclosed vulnerability affecting a wide range of Siemens SIMATIC S7-120 and SIPLUS S7-120 PLCs. The bug exists in their web interface,

Jan 2, 2025 CSRF XSS WordPress PHP

CVE-2023-46628 - Exploiting Missing Authorization in RedLettuce Plugins WP Word Count – A Deep Dive

CVE-2023-46628 reveals a critical missing authorization vulnerability found in the popular WP Word Count plugin by RedLettuce Plugins. This security issue is due to insufficiently

Jan 2, 2025 CSRF WordPress API Exploit PHP

CVE-2023-46605 - Exploiting Missing Authorization in Convertful – Your Ultimate On-Site Conversion Tool (<=2.5)

In late 2023, security researchers uncovered a critical Missing Authorization vulnerability in Convertful – Your Ultimate On-Site Conversion Tool WordPress plugin from Ruslan Suhar. Cataloged as

Jan 2, 2025 CSRF WordPress Exploit

CVE-2023-45002 - How Missing Authorization in WP User Frontend Plugin Lets Attackers Take Control

WordPress is one of the world’s favorite Content Management Systems, but its popularity also makes it a target for hackers. Vulnerabilities in WordPress plugins