Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41669 | 1 Daext | 1 Live News | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plugin <= 1.06 versions.
|
|||||
| CVE-2023-41668 | 1 Leadster | 1 Leadster | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions.
|
|||||
| CVE-2023-41667 | 1 Ulfbenjaminsson | 1 Wp-dtree | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions.
|
|||||
| CVE-2023-41660 | 1 Wpsynchro | 1 Wp Synchro | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchro plugin <= 1.9.1 versions.
|
|||||
| CVE-2023-41659 | 1 Bdwm | 1 Responsive Gallery Grid | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <= 2.3.10 versions.
|
|||||
| CVE-2023-41654 | 1 Heigl | 1 Authldap | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <= 2.5.8 versions.
|
|||||
| CVE-2023-41650 | 1 Remove\/hide Author\, Date\, Category Like Entry-meta Project | 1 Remove\/hide Author\, Date\, Category Like Entry-meta | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <= 2.1 versions.
|
|||||
| CVE-2023-41452 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.
|
|||||
| CVE-2023-41244 | 1 Buildfail | 1 Localize Remote Images | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions.
|
|||||
| CVE-2023-41131 | 1 Followingmedarling | 1 Spotify Play Button | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.10 versions.
|
|||||
| CVE-2023-41129 | 1 Patreon | 1 Patreon Wordpress | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6.
|
|||||
| CVE-2023-41086 | 1 Furunosystems | 24 Acera 1010, Acera 1010 Firmware, Acera 1020 and 21 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. If a user views a malicious page while logged in, unintended operations may be performed. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earl ...
Show More |
|||||
| CVE-2023-40953 | 1 Idreamsoft | 1 Icms | 2024-11-21 | N/A | 8.8 HIGH |
|
icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).
|
|||||
| CVE-2023-40868 | 1 Moosocial | 1 Moosocial | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions.
|
|||||
| CVE-2023-40671 | 1 Daxiawp | 1 Dx-auto-save-images | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in 大侠wp DX-auto-save-images plugin <= 1.4.0 versions.
|
|||||
| CVE-2023-40607 | 1 Cluevo | 1 Learning Management System | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <= 1.10.0 versions.
|
|||||
| CVE-2023-40572 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.0 CRITICAL |
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vuln ...
Show More |
|||||
| CVE-2023-40561 | 1 Multidots | 1 Enhanced Ecommerce Google Analytics For Woocommerce | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhanced Ecommerce Google Analytics for WooCommerce plugin <= 3.7.1 versions.
|
|||||
| CVE-2023-40559 | 1 Multidots | 1 Dynamic Pricing And Discount Rules For Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic Pricing and Discount Rules for WooCommerce plugin <= 2.4.0 versions.
|
|||||
| CVE-2023-40558 | 1 Emarketdesign | 1 Youtube Video Gallery | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5 versions.
|
|||||
| CVE-2023-40556 | 1 Toolstack | 1 Schedule Posts Calendar | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions.
|
|||||
| CVE-2023-40351 | 1 Jenkins | 1 Favorite View | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar.
|
|||||
| CVE-2023-40341 | 1 Jenkins | 1 Blue Ocean | 2024-11-21 | N/A | 8.8 HIGH |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.
|
|||||
| CVE-2023-40337 | 1 Jenkins | 1 Folders | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder.
|
|||||
| CVE-2023-40336 | 1 Jenkins | 1 Folders | 2024-11-21 | N/A | 8.8 HIGH |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders.
|
|||||
| CVE-2023-40335 | 1 Cyberws | 1 Cleverwise Daily Quotes | 2024-11-21 | N/A | 7.1 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in Jeremy O'Connell Cleverwise Daily Quotes allows Stored XSS.This issue affects Cleverwise Daily Quotes: from n/a through 3.2.
|
|||||
| CVE-2023-40212 | 1 Multidots | 1 Product Attachment For Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <= 2.1.8 versions.
|
|||||
| CVE-2023-40210 | 1 Sean-barton | 1 Sb Child List | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions.
|
|||||
| CVE-2023-40202 | 1 Codemiq | 1 Wp Html Mail | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <= 3.4.1 versions.
|
|||||
| CVE-2023-40201 | 1 Futuriowp | 1 Futurio Extra | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin.
|
|||||
| CVE-2023-40199 | 1 Crudlab | 1 Wp Like Button | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions.
|
|||||
| CVE-2023-40198 | 1 Antsanchez | 1 Easy Cookie Law | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <= 3.1 versions.
|
|||||
| CVE-2023-40172 | 1 Fobybus | 1 Social-media-skeleton | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. A Cross-site request forgery (CSRF) attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do. This can be done by sending the victim a malicious link or by exploiting a vulnerability in the website. Prior to version 1.0.5 Social media skeleton did not properly restrict CSRF attacks. This has ...
Show More |
|||||
| CVE-2023-40048 | 1 Progress | 1 Ws Ftp Server | 2024-11-21 | N/A | 6.8 MEDIUM |
|
In WS_FTP Server version prior to 8.8.2,
the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function.
|
|||||
| CVE-2023-40009 | 1 Thimpress | 1 Wp Pipes | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions.
|
|||||
| CVE-2023-40008 | 1 Webtechforce | 1 Simple Org Chart | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.
|
|||||
| CVE-2023-3841 | 1 Nxfilter | 1 Nxfilter | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability has been found in NxFilter 4.3.2.5 and classified as problematic. This vulnerability affects unknown code of the file user.jsp. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235192. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-3627 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1.
|
|||||
| CVE-2023-3589 | 1 3ds | 1 Teamwork Cloud No Magic Release | 2024-11-21 | N/A | 6.8 MEDIUM |
|
A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server.
|
|||||
| CVE-2023-3579 | 1 Hadsky | 1 Hadsky | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in HadSky 7.11.8. Affected by this issue is some unknown functionality of the component User Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233372.
|
|||||