Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2522 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2022-08-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program. | |||||
| CVE-2022-36546 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2022-08-29 | N/A | 8.8 HIGH |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php. | |||||
| CVE-2018-14519 | 1 Getkirby | 1 Kirby | 2022-08-29 | N/A | 4.3 MEDIUM |
| An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page. | |||||
| CVE-2022-36358 | 1 Seoscout | 1 Seo Scout | 2022-08-27 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin <= 0.9.83 at WordPress allows attackers to trick users with administrative rights to unintentionally change the plugin settings. | |||||
| CVE-2022-36389 | 1 Wordplus | 1 Better Messages | 2022-08-25 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress. | |||||
| CVE-2022-36288 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2022-08-25 | N/A | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | |||||
| CVE-2022-36292 | 1 Wpchill | 1 Gallery Photoblocks | 2022-08-25 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress. | |||||
| CVE-2022-2388 | 1 Wow-company | 1 Wp Coder | 2022-08-25 | N/A | 6.5 MEDIUM |
| The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack | |||||
| CVE-2022-2375 | 1 Okapitech | 1 Wp Sticky Button | 2022-08-25 | N/A | 5.4 MEDIUM |
| The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues | |||||
| CVE-2022-2275 | 1 Wp Edit Menu Project | 1 Wp Edit Menu | 2022-08-25 | N/A | 4.3 MEDIUM |
| The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack | |||||
| CVE-2022-2172 | 1 Linkworth | 1 Linkworth | 2022-08-25 | N/A | 4.3 MEDIUM |
| The LinkWorth WordPress plugin before 3.3.4 does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack. | |||||
| CVE-2021-24912 | 1 Transposh | 1 Transposh Wordpress Translation | 2022-08-25 | N/A | 5.4 MEDIUM |
| The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scripting issue which will be executed in the context of a logged in admin | |||||
| CVE-2022-29468 | 1 Wwbn | 1 Avideo | 2022-08-24 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. | |||||
| CVE-2022-2555 | 1 Yotpo Reviews For Woocommerce Project | 1 Yotpo Reviews For Woocommerce | 2022-08-23 | N/A | 6.5 MEDIUM |
| The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack. | |||||
| CVE-2022-1251 | 1 Inkthemes | 1 Ask Me | 2022-08-23 | N/A | 4.3 MEDIUM |
| The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request. | |||||
| CVE-2022-34347 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2022-08-23 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | |||||
| CVE-2022-36346 | 1 Maxfoundry | 1 Maxbuttons | 2022-08-23 | N/A | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress. | |||||
| CVE-2021-36852 | 1 Thimpress | 1 Wp Hotel Booking | 2022-08-23 | N/A | 8.0 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress. | |||||
| CVE-2022-35656 | 1 Pega | 1 Pega Platform | 2022-08-23 | N/A | 4.5 MEDIUM |
| Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. | |||||
| CVE-2022-36225 | 1 Eyoucms | 1 Eyoucms | 2022-08-22 | N/A | 8.8 HIGH |
| EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add. | |||||