Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40131 | 1 A3rev | 1 Page View Count | 2022-11-04 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings. | |||||
| CVE-2022-42751 | 1 Auieo | 1 Candidats | 2022-11-04 | N/A | 8.8 HIGH |
| CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions. | |||||
| CVE-2022-25952 | 1 Keywordrush | 1 Content Egg | 2022-11-04 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress. | |||||
| CVE-2022-30608 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2022-11-04 | N/A | 8.8 HIGH |
| "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295. | |||||
| CVE-2022-44627 | 1 Coleds | 1 Simple Seo | 2022-11-04 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemaps. | |||||
| CVE-2021-29823 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-11-03 | N/A | 6.5 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465. | |||||
| CVE-2021-20468 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-11-03 | N/A | 6.5 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825. | |||||
| CVE-2020-4301 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-11-03 | N/A | 6.5 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609. | |||||
| CVE-2022-1956 | 1 Shortcut Macros Project | 1 Shortcut Macros | 2022-11-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them. | |||||
| CVE-2022-40488 | 1 Processwire | 1 Processwire | 2022-11-01 | N/A | 6.5 MEDIUM |
| ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF). | |||||
| CVE-2022-3419 | 1 Addify | 1 Automatic User Roles Switcher | 2022-11-01 | N/A | 6.5 MEDIUM |
| The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator | |||||
| CVE-2022-41996 | 1 Theme-fusion | 1 Avada | 2022-11-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation. | |||||
| CVE-2022-43340 | 1 Dzzoffice | 1 Dzzoffice | 2022-10-31 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users. | |||||
| CVE-2020-18151 | 1 Thinkcmf | 1 Thinkcmf | 2022-10-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account. | |||||
| CVE-2021-24761 | 1 Bestwebsoft | 1 Error Log Viewer | 2022-10-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server. | |||||
| CVE-2020-23376 | 1 5none | 1 Nonecms | 2022-10-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack. | |||||
| CVE-2022-1757 | 1 Pagebar Project | 1 Pagebar | 2022-10-26 | 3.5 LOW | 5.4 MEDIUM |
| The pagebar WordPress plugin before 2.70 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation in some of them, it could also lead to Stored XSS issues | |||||
| CVE-2022-2762 | 1 Adminpad Project | 1 Adminpad | 2022-10-26 | N/A | 6.5 MEDIUM |
| The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack | |||||
| CVE-2021-29624 | 1 Fastify | 1 Fastify-csrf | 2022-10-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service. Version 3.1.0 of the fastify-csrf fixes it. the vulnerability. The user of the module would need to supply a `userInfo` when generating the CSRF token to fully implement the protection on their end. This is needed only for applications hosted on different subdomains. | |||||
| CVE-2021-24583 | 1 Motopress | 1 Timetable And Event Schedule | 2022-10-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability (contributor+) to delete arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be performed via CSRF against a logged in with such capability | |||||