Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4349 | 1 Pwn Project | 1 Pwn | 2023-11-07 | N/A | 6.8 MEDIUM |
| A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability. | |||||
| CVE-2022-4148 | 1 Dash10 | 1 Oauth Server | 2023-11-07 | N/A | 4.3 MEDIUM |
| The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. | |||||
| CVE-2022-4125 | 1 Popup Manager Project | 1 Popup Manager | 2023-11-07 | N/A | 4.3 MEDIUM |
| The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well | |||||
| CVE-2022-4124 | 1 Popup Manager Project | 1 Popup Manager | 2023-11-07 | N/A | 4.3 MEDIUM |
| The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them | |||||
| CVE-2022-4103 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-11-07 | N/A | 4.3 MEDIUM |
| The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any post type) with an arbitrary title | |||||
| CVE-2022-4102 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-11-07 | N/A | 3.1 LOW |
| The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug. | |||||
| CVE-2022-4090 | 1 Stock Management System Project | 1 Stock Management System | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214331. | |||||
| CVE-2022-4024 | 1 Genetechsolutions | 1 Pie Register | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts) | |||||
| CVE-2022-4021 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2023-11-07 | N/A | 4.3 MEDIUM |
| The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to change plugin settings including permalinks and site maps, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-4013 | 1 Hospital Management Center Project | 1 Hospital Management Center | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787. | |||||
| CVE-2022-47612 | 1 Xnau | 1 Participants Database | 2023-11-07 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update. | |||||
| CVE-2022-47443 | 1 Multi Rating Project | 1 Multi Rating | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions. | |||||
| CVE-2022-47440 | 1 My Tickets Project | 1 My Tickets | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Tickets plugin <= 1.9.10 versions. | |||||
| CVE-2022-47427 | 1 My Calendar Project | 1 My Calendar | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions. | |||||
| CVE-2022-47422 | 1 Hmplugin | 1 Accept Stripe Donation - Aidwp | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin <= 3.1.5 versions. | |||||
| CVE-2022-47395 | 1 Sewio | 1 Real-time Location System Studio | 2023-11-07 | N/A | 8.1 HIGH |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its monitor services. An attacker could take advantage of this vulnerability to execute arbitrary maintenance operations and cause a denial-of-service condition. | |||||
| CVE-2022-47179 | 1 Ujsoftware | 1 Owm Weather | 2023-11-07 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a draft. | |||||
| CVE-2022-47166 | 1 Voidcoders | 1 Void Contact Form 7 Widget For Elementor Page Builder | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.1.1 versions. | |||||
| CVE-2022-47163 | 1 Wp Csv To Database Project | 1 Wp Csv To Database | 2023-11-07 | N/A | 7.5 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database – Insert CSV file content into WordPress plugin <= 2.6 versions. | |||||
| CVE-2022-47162 | 1 Dh - Anti Adblocker Project | 1 Dh - Anti Adblocker | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdyawan DH – Anti AdBlocker plugin <= 36 versions. | |||||