Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 5731 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-28618 1 Infolific 1 Enhanced Plugin Admin 2023-11-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin <= 1.16 versions.
CVE-2023-28694 1 Wbcomdesigns 1 Buddypress Activity Social Share 2023-11-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin <= 3.5.0 versions.
CVE-2023-28696 1 Themeist 1 I Recommend This 2023-11-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend Tplugin <= 3.9.0 versions.
CVE-2023-47669 1 Cozmoslabs 1 Profile Builder 2023-11-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.10.3 versions.
CVE-2023-28930 1 Robinphillips 1 Mobile Banner 2023-11-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Robin Phillips Mobile Banner plugin <= 1.5 versions.
CVE-2023-28987 1 Wpmet 1 Wp Ultimate Review 2023-11-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions.
CVE-2023-29238 1 Whydonate 1 Wp Whydonate 2023-11-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Whydonate Whydonate – FREE Donate button – Crowdfunding – Fundraising plugin <= 3.12.15 versions.
CVE-2023-29425 1 Plainware 1 Shiftcontroller 2023-11-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions.
CVE-2023-45857 1 Axios 1 Axios 2023-11-16 N/A 6.5 MEDIUM
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
CVE-2023-48063 1 Dreamer Cms Project 1 Dreamer Cms 2023-11-16 N/A 4.3 MEDIUM
An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete.
CVE-2023-48060 1 Dreamer Cms Project 1 Dreamer Cms 2023-11-16 N/A 8.8 HIGH
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add
CVE-2023-48058 1 Dreamer Cms Project 1 Dreamer Cms 2023-11-16 N/A 8.8 HIGH
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run
CVE-2020-7332 1 Mcafee 1 Endpoint Security 2023-11-16 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.
CVE-2020-7336 1 Mcafee 1 Network Security Management 2023-11-16 4.3 MEDIUM 6.5 MEDIUM
Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request.
CVE-2023-46777 1 Featherplugins 1 Custom Login Page \| Temporary Users \| Rebrand Login \| Login Captcha 2023-11-15 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin <= 1.1.3 versions.
CVE-2023-27445 1 Meril 1 Blog Floating Button 2023-11-15 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc. Blog Floating Button plugin <= 1.4.12 versions.
CVE-2023-27441 1 New Adman Project 1 New Adman 2023-11-15 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions.
CVE-2023-27438 1 Yur4enko 1 Wp Translitera 2023-11-15 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Evgen Yurchenko WP Translitera plugin <= p1.2.5 versions.
CVE-2023-27436 1 Breakdance 1 Elegant Custom Fonts 2023-11-15 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Louis Reingold Elegant Custom Fonts plugin <= 1.0 versions.
CVE-2023-28498 1 Motopress 1 Hotel Booking Lite 2023-11-15 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in MotoPress Hotel Booking Lite plugin <= 4.6.0 versions.