Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 5731 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-37957 1 Jenkins 1 Pipeline Restful Api 2023-07-20 N/A 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token.
CVE-2023-37952 1 Jenkins 1 Mabl 2023-07-20 N/A 6.5 MEDIUM
A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2023-37954 1 Jenkins 1 Rebuilder 2023-07-20 N/A 4.3 MEDIUM
A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build.
CVE-2023-37955 1 Jenkins 1 Test Results Aggregator 2023-07-20 N/A 6.5 MEDIUM
A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2023-37596 1 Issabel 1 Pbx 2023-07-18 N/A 8.1 HIGH
Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function.
CVE-2023-3627 1 Salesagility 1 Suitecrm 2023-07-18 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1.
CVE-2023-37597 1 Issabel 1 Pbx 2023-07-18 N/A 8.1 HIGH
Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function.
CVE-2023-2746 1 Rockwellautomation 1 Enhanced Him 2023-07-18 N/A 9.6 CRITICAL
The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products.
CVE-2023-36690 1 Vibethemes 1 Wordpress Learning Management System 2023-07-18 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions.
CVE-2023-36522 1 Wepupil 1 Quiz Expert - Easy Quiz Maker\, Exam And Test Manager 2023-07-18 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in WePupil Quiz Expert plugin <= 1.5.0 versions.
CVE-2023-35773 1 Template Debugger Project 1 Template Debugger 2023-07-18 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Danny Hearnah - ChubbyNinjaa Template Debugger plugin <= 3.1.2 versions.
CVE-2023-35091 1 Storeapps 1 Stock Manager For Woocommerce 2023-07-18 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Manager for WooCommerce plugin <= 2.10.0 versions.
CVE-2023-35044 1 Securimage-wp-fixed Project 1 Securimage-wp-fixed 2023-07-18 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Drew Phillips Securimage-WP plugin <= 3.6.16 versions.
CVE-2023-34029 1 Disable Wordpress Update Notifications And Auto-update Email Notifications Project 1 Disable Wordpress Update Notifications And Auto-update Email Notifications 2023-07-18 N/A 6.5 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin <= 2.3.3 versions.
CVE-2023-32104 1 Mycurator Content Curation Project 1 Mycurator Content Curation 2023-07-18 N/A 6.5 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurator Content Curation plugin <= 3.74 versions.
CVE-2023-25706 1 Pagup 1 Better Robots.txt 2023-07-18 N/A 6.5 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Robots.Txt optimization plugin <= 1.4.5 versions.
CVE-2023-25443 1 Wow-company 1 Button Generator 2023-07-18 N/A 6.5 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.5 versions.
CVE-2023-24417 1 Tiggerswelt 1 Worthy 2023-07-18 N/A 6.5 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Worthy plugin <= 1.6.5-6497609 versions.
CVE-2023-35780 1 Galleria Project 1 Galleria 2023-07-18 N/A 6.5 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Andy Whalen Galleria plugin <= 1.0.3 versions.
CVE-2023-35778 1 Recent Posts Slider Project 1 Recent Posts Slider 2023-07-18 N/A 6.5 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions.