Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48334 | 1 Daext | 1 League Table | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table allows Cross Site Request Forgery.This issue affects League Table: from n/a through 1.13. | |||||
| CVE-2023-48331 | 1 Stormhillmedia | 1 Mybook Table Bookstore | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore by Stormhill Media allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore by Stormhill Media: from n/a through 3.3.4. | |||||
| CVE-2023-48330 | 1 Supremo | 1 Bulk Comment Remove | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Mike Strand Bulk Comment Remove allows Cross Site Request Forgery.This issue affects Bulk Comment Remove: from n/a through 2. | |||||
| CVE-2023-48323 | 1 Getawesomesupport | 1 Awesome Support | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin allows Cross Site Request Forgery.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.4. | |||||
| CVE-2023-48284 | 1 Webtoffee | 1 Decorator | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator – WooCommerce Email Customizer allows Cross Site Request Forgery.This issue affects Decorator – WooCommerce Email Customizer: from n/a through 1.2.7. | |||||
| CVE-2023-48283 | 1 Presstigers | 1 Simple Testimonials Showcase | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Testimonials Showcase allows Cross Site Request Forgery.This issue affects Simple Testimonials Showcase: from n/a through 1.1.5. | |||||
| CVE-2023-48282 | 1 Andrealandonio | 1 Taxonomy Filter | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio Taxonomy filter allows Cross Site Request Forgery.This issue affects Taxonomy filter: from n/a through 2.2.9. | |||||
| CVE-2023-33333 | 1 Really-simple-plugins | 1 Complianz | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting (XSS).This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through 6.4.6.1. | |||||
| CVE-2023-6137 | 1 Wpfrontier | 1 Frontier Post | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in finnj Frontier Post allows Cross Site Request Forgery.This issue affects Frontier Post: from n/a through 6.1. | |||||
| CVE-2023-38268 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-12-04 | N/A | 8.8 HIGH |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585. | |||||
| CVE-2023-2497 | 1 Userproplugin | 1 Userpro | 2023-12-04 | N/A | 8.8 HIGH |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to the use of unserialize() on the user supplied parameter via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-2440 | 1 Userproplugin | 1 Userpro | 2023-12-01 | N/A | 8.8 HIGH |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to modify the role of verified users to elevate verified user privileges to that of any user such as 'administrator' via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-2438 | 1 Userproplugin | 1 Userpro | 2023-12-01 | N/A | 6.1 MEDIUM |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-24415 | 1 Quantumcloud | 1 Chatbot | 2023-12-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions. | |||||
| CVE-2023-28747 | 1 Codeboxr | 1 Cbx Currency Converter | 2023-12-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Currency Converter plugin <= 3.0.3 versions. | |||||
| CVE-2023-26542 | 1 Exeebit | 1 Phpinfo\(\) Wp | 2023-12-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Exeebit phpinfo() WP plugin <= 4.0 versions. | |||||
| CVE-2023-6251 | 1 Tribe29 | 1 Checkmk | 2023-11-30 | N/A | 3.5 LOW |
| Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. | |||||
| CVE-2023-27453 | 1 Lws | 1 Lws Tools | 2023-11-30 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.3.1 versions. | |||||
| CVE-2023-27457 | 1 Passionatebrains | 1 Add Expires Headers \& Optimized Minify | 2023-11-30 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains Add Expires Headers & Optimized Minify plugin <= 2.7 versions. | |||||
| CVE-2023-27458 | 1 Wpstream | 1 Wpstream | 2023-11-30 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream plugin <= 4.4.10 versions. | |||||