Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35089 | 1 Really-simple-plugins | 1 Recipe Maker For Your Food Blog From Zip Recipes | 2023-07-26 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.7 versions. | |||||
| CVE-2023-35096 | 1 Mycred | 1 Mycred | 2023-07-26 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions. | |||||
| CVE-2023-35880 | 1 Woocommerce | 1 Brands | 2023-07-26 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions. | |||||
| CVE-2023-34005 | 1 Etoilewebdesign | 1 Front End Users | 2023-07-26 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Front End Users plugin <= 3.2.24 versions. | |||||
| CVE-2022-36424 | 1 Easy Appointments Project | 1 Easy Appointments | 2023-07-26 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy Appointments plugin <= 3.11.9 versions. | |||||
| CVE-2022-38062 | 1 Metagauss | 1 Download Theme | 2023-07-26 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme plugin <= 1.0.9 versions. | |||||
| CVE-2022-47169 | 1 Staxwp | 1 Visibility Logic For Elementor | 2023-07-26 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in StaxWP Visibility Logic for Elementor plugin <= 2.3.4 versions. | |||||
| CVE-2023-25036 | 1 Social Media Icons Widget Project | 1 Social Media Icons Widget | 2023-07-26 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in akhlesh-nagar, a.Ankit Social Media Icons Widget plugin <= 1.6 versions. | |||||
| CVE-2023-37598 | 1 Issabel | 1 Pbx | 2023-07-25 | N/A | 4.5 MEDIUM |
| A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function. | |||||
| CVE-2023-37562 | 1 Elecom | 4 Wtc-c1167gc-b, Wtc-c1167gc-b Firmware, Wtc-c1167gc-w and 1 more | 2023-07-25 | N/A | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a user views a malicious page while logged in, unintended operations may be performed. | |||||
| CVE-2021-36908 | 1 Webfactoryltd | 1 Wp Reset Pro | 2023-07-24 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WebFactory Ltd. WP Reset PRO plugin <= 5.98 versions. | |||||
| CVE-2022-2276 | 1 Wp Edit Menu Project | 1 Wp Edit Menu | 2023-07-24 | N/A | 4.3 MEDIUM |
| The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog | |||||
| CVE-2022-3538 | 1 Webmaster Tools Verification Project | 1 Webmaster Tools Verification | 2023-07-21 | N/A | 6.5 MEDIUM |
| The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins | |||||
| CVE-2022-3489 | 1 Weberge | 1 Wp Hide | 2023-07-21 | N/A | 5.3 MEDIUM |
| The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request | |||||
| CVE-2022-3451 | 1 Addify | 1 Product Stock Manager | 2023-07-21 | N/A | 4.3 MEDIUM |
| The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options | |||||
| CVE-2022-2987 | 1 Ldap Wp Login \/ Active Directory Integration Project | 1 Ldap Wp Login \/ Active Directory Integration | 2023-07-20 | N/A | 7.5 HIGH |
| The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings (which are hooked to the init action), allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used to authenticated users, therefore bypassing the current authentication | |||||
| CVE-2023-37964 | 1 Jenkins | 1 Elasticbox Ci | 2023-07-20 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-37962 | 1 Jenkins | 1 Benchmark Evaluator | 2023-07-20 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system. | |||||
| CVE-2023-37961 | 1 Jenkins | 1 Assembla | 2023-07-20 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account. | |||||
| CVE-2023-37958 | 1 Jenkins | 1 Sumologic Publisher | 2023-07-20 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL. | |||||