Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32125 | 1 Danielpowney | 1 Multi Rating | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.
|
|||||
| CVE-2023-32124 | 1 Arulprasadj | 1 Publish Confirm Message | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publish Confirm Message plugin <= 1.3.1 versions.
|
|||||
| CVE-2023-32123 | 1 Dream-theme | 1 The7 | 2024-11-21 | N/A | 7.1 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.This issue affects The7: from n/a through 11.7.3.
|
|||||
| CVE-2023-32104 | 1 Target-info | 1 Mycurator Content Curation | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurator Content Curation plugin <= 3.74 versions.
|
|||||
| CVE-2023-32093 | 1 Tpginc | 1 Tpg Redirect | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in Criss Swaim TPG Redirect plugin <= 1.0.7 versions.
|
|||||
| CVE-2023-32092 | 1 Peepso | 1 Peepso | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.9.0 versions.
|
|||||
| CVE-2023-32091 | 1 Poeditor | 1 Poeditor | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions.
|
|||||
| CVE-2023-31999 | 1 Fastify | 1 Oauth2 | 2024-11-21 | N/A | 8.8 HIGH |
|
All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to the user's session in some way that will allow the server to validate it.
v7.2.0 changes the default behavior to store the state in a cookie with the http-only and same-site=lax attributes set. The s ...
Show More |
|||||
| CVE-2023-31452 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | N/A | 8.8 HIGH |
|
A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
|||||
| CVE-2023-31235 | 1 Xnau | 1 Participants Database | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.9 versions.
|
|||||
| CVE-2023-31230 | 1 Baidu-tongji-generator Project | 1 Baidu-tongji-generator | 2024-11-21 | N/A | 7.1 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tongji generator allows Stored XSS.This issue affects Baidu Tongji generator: from n/a through 1.0.2.
|
|||||
| CVE-2023-31218 | 1 Pluginus | 1 Wolf - Wordpress Posts Bulk Editor And Products Manager Professional | 2024-11-21 | N/A | 7.1 HIGH |
|
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6 versions.
|
|||||
| CVE-2023-31216 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.
|
|||||
| CVE-2023-31200 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | N/A | 5.7 MEDIUM |
|
PTC Vuforia Studio does not require a token; this could allow an
attacker with local access to perform a cross-site request forgery
attack or a replay attack.
|
|||||
| CVE-2023-31174 | 1 Selinc | 1 Sel-5037 Sel Grid Configurator | 2024-11-21 | N/A | 7.4 HIGH |
|
A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device operator.
See Instruction Manual Appendix A and Appendix E dated 20230615 for more details.
This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.
|
|||||
| CVE-2023-31093 | 1 Chronosly-events-calendar Project | 1 Chronosly-events-calendar | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly Events Calendar plugin <= 2.6.2 versions.
|
|||||
| CVE-2023-31089 | 1 Webternsolutions | 1 Video Xml Sitemap Generator | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video XML Sitemap Generator.This issue affects Video XML Sitemap Generator: from n/a through 1.0.0.
|
|||||
| CVE-2023-31088 | 1 Floating Action Button Project | 1 Floating Action Button | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in Faraz Quazi Floating Action Button plugin <= 1.2.1 versions.
|
|||||
| CVE-2023-31087 | 1 Joomsky | 1 Js Job Manager | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions.
|
|||||
| CVE-2023-31086 | 1 Ibenic | 1 Simple Giveaways | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin <= 2.46.0 versions.
|
|||||
| CVE-2023-31078 | 1 Browserupdate | 1 Wp Browserupdate | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <= 4.4.1 versions.
|
|||||
| CVE-2023-31077 | 1 Myrecorp | 1 Export Wp Page To Static Html\/css | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin <= 2.1.9 versions.
|
|||||
| CVE-2023-31075 | 1 Ciphercoin | 1 Easy Hide Login | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Login.This issue affects Easy Hide Login: from n/a through 1.0.8.
|
|||||
| CVE-2023-30616 | 1 Epiph | 1 Form Block | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Form block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any website without a user noticing. Users are advised to upgrade to version 1.0.2. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-30607 | 1 Icinga | 1 Icinga Web Jira Integration | 2024-11-21 | N/A | 5.0 MEDIUM |
|
icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is fixed in version 1.3.2. There are no known workarounds.
|
|||||
| CVE-2023-30484 | 1 Upress | 1 Enable Accessibility | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Accessibility plugin <= 1.4 versions.
|
|||||
| CVE-2023-30478 | 1 Tribulant | 1 Newsletters | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions.
|
|||||
| CVE-2023-30474 | 1 Ultimate Noindex Nofollow Tool Ii Project | 1 Ultimate Noindex Nofollow Tool Ii | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Kilian Evang Ultimate Noindex Nofollow Tool II plugin <= 1.3 versions.
|
|||||
| CVE-2023-2830 | 1 Trustindex | 1 Wp Testimonials | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions.
|
|||||
| CVE-2023-2746 | 1 Rockwellautomation | 1 Enhanced Him | 2024-11-21 | N/A | 9.6 CRITICAL |
|
The Rockwell Automation Enhanced HIM software contains
an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF cou ...
Show More |
|||||
| CVE-2023-2736 | 1 Groundhogg | 1 Groundhogg | 2024-11-21 | N/A | 7.5 HIGH |
|
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajax_edit_contact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and then modify the assigned user to the auto login link to elevate verified user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on ...
Show More |
|||||
| CVE-2023-2717 | 1 Groundhogg | 1 Groundhogg | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enable_safe_mode' function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other plugins, via a forged request if they can successfully trick an administrator into performing an action such as clicking on a link. A warning message about safe mode is displayed to the admin, which can ...
Show More |
|||||
| CVE-2023-2631 | 1 Jenkins | 1 Code Dx | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
|
|||||
| CVE-2023-2608 | 1 Themeisle | 1 Multiple Page Generator | 2024-11-21 | N/A | 3.1 LOW |
|
The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projects_list function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing qu ...
Show More |
|||||
| CVE-2023-2552 | 1 Bumsys Project | 1 Bumsys | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1.
|
|||||
| CVE-2023-2549 | 1 Featherplugins | 1 Feather Login Page | 2024-11-21 | N/A | 8.8 HIGH |
|
The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the 'createTempAccountLink' function. This makes it possible for unauthenticated attackers to create a new user with administrator role via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. An attacker can leverage CVE-2023-2545 to get the log ...
Show More |
|||||
| CVE-2023-2528 | 1 Supsystic | 1 Contact Form | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2023-2508 | 2 Apple, Papercut | 2 Macos, Mobility Print Server | 2024-11-21 | N/A | 5.3 MEDIUM |
|
The `PaperCutNG Mobility Print` version 1.0.3512 application allows an
unauthenticated attacker to perform a CSRF attack on an instance
administrator to configure the clients host (in the "configure printer
discovery" section). This is possible because the application has no
protections against CSRF attacks, like Anti-CSRF tokens, header origin
validation, samesite cookies, etc.
|
|||||
| CVE-2023-2505 | 1 Birddog | 8 4k Quad, 4k Quad Firmware, A300 and 5 more | 2024-11-21 | N/A | 7.7 HIGH |
|
The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files.
|
|||||
| CVE-2023-2497 | 1 Userproplugin | 1 Userpro | 2024-11-21 | N/A | 8.8 HIGH |
|
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to the use of unserialize() on the user supplied parameter via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||