Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 5731 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-23802 1 Hasthemes 1 Ht Easy Ga4 \(google Analytics 4\) 2023-06-22 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 versions.
CVE-2023-25449 1 Cformsii Project 1 Cformsii 2023-06-22 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bastian Germann cformsII plugin <= 15.0.4 versions.
CVE-2023-35030 1 Liferay 2 Dxp, Liferay Portal 2023-06-22 N/A 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.
CVE-2023-27634 1 Intrepidity Project 1 Intrepidity 2023-06-22 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions.
CVE-2022-42880 1 Auto Upload Images Project 1 Auto Upload Images 2023-06-20 N/A 6.1 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Ali Irani Auto Upload Images plugin <= 3.3 versions allows Stored Cross-Site Scripting (XSS).
CVE-2023-31200 1 Ptc 1 Vuforia Studio 2023-06-16 N/A 8.0 HIGH
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.
CVE-2023-33409 1 Minical 1 Minical 2023-06-09 N/A 6.5 MEDIUM
Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php.
CVE-2023-3075 1 Corebos 1 Corebos 2023-06-08 N/A 6.5 MEDIUM
Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8.
CVE-2018-20967 1 Smackcoders 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv 2023-06-06 6.8 MEDIUM 8.8 HIGH
The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.
CVE-2022-36250 1 Shopbeat 1 Shop Beat Media Player 2023-06-02 N/A 8.8 HIGH
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Cross Site Request Forgery (CSRF).
CVE-2023-33926 1 Supsystic 1 Easy Google Maps 2023-06-02 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps plugin <= 1.11.7 versions.
CVE-2023-33212 1 Crocoblock 1 Jetformbuilder 2023-06-02 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.0.6 versions.
CVE-2022-45372 1 Codeixer 1 Product Gallery Slider For Woocommerce 2023-06-02 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Gallery Slider for WooCommerce plugin <= 2.2.8 versions.
CVE-2022-33974 1 Smashballoon 1 Custom Twitter Feeds 2023-06-02 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) plugin <= 1.8.4 versions.
CVE-2023-33313 1 Themeinprogress 1 Wip Custom Login 2023-06-02 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in ThemeinProgress WIP Custom Login plugin <= 1.2.9 versions.
CVE-2023-33931 1 Getbutterfly 1 Youtube Playlist Player 2023-06-02 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <= 4.6.4 versions.
CVE-2023-33314 1 Pluginus 1 Bear - Woocommerce Bulk Editor And Products Manager Professional 2023-06-01 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1 versions.
CVE-2023-33315 1 Wandlesoftware 1 Smart App Banner 2023-06-01 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.2 versions.
CVE-2023-33316 1 Woocommerce 1 Automatewoo 2023-06-01 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions.
CVE-2022-36345 1 Metagauss 1 Download Plugin 2023-06-01 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Plugin <= 2.0.4 versions.