Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2474 | 1 Getrebuild | 1 Rebuild | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability has been found in Rebuild 3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-227866 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-2447 | 1 Userproplugin | 1 Userpro | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'export_users' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2023-2444 | 1 Rockwellautomation | 1 Factorytalk Vantagepoint | 2024-11-21 | N/A | 7.1 HIGH |
|
A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, the attacker could impersonate the legitimate user and send requests to the affected product. Additionally, if an attacker sends an untrusted link to a computer that is not on the same domain as the ser ...
Show More |
|||||
| CVE-2023-2440 | 1 Userproplugin | 1 Userpro | 2024-11-21 | N/A | 8.8 HIGH |
|
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to modify the role of verified users to elevate verified user privileges to that of any user such as 'administrator' via a forged request granted they can trick a site administrator into performing an actio ...
Show More |
|||||
| CVE-2023-2438 | 1 Userproplugin | 1 Userpro | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2023-2407 | 1 Vcita | 2 Event Registration Calendar By Vcita, Online Payments - Get Paid With Paypal\, Square \& Stripe | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the ls_parse_vcita_callback() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an act ...
Show More |
|||||
| CVE-2023-2405 | 1 Vcita | 1 Crm And Lead Management By Vcita | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2023-2307 | 1 Builder | 1 Qwik | 2024-11-21 | N/A | 4.7 MEDIUM |
|
Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.
|
|||||
| CVE-2023-2303 | 1 Vcita | 1 Contact Form And Calls To Action By Vcita | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2023-2301 | 1 Vcita | 1 Contact Form Builder By Vcita | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2023-2286 | 1 Wpwhitesecurity | 1 Wp Activity Log | 2024-11-21 | N/A | 4.3 MEDIUM |
|
The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2023-2228 | 1 Modoboa | 1 Modoboa | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0.
|
|||||
| CVE-2023-2195 | 1 Jenkins | 1 Code Dx | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL.
|
|||||
| CVE-2023-29440 | 1 Presstigers | 1 Simple Job Board | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board plugin <= 2.10.3 versions.
|
|||||
| CVE-2023-29426 | 1 Spreadshop | 1 Spreadshop | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd.Net AG) Spreadshop plugin <= 1.6.5 versions.
|
|||||
| CVE-2023-29425 | 1 Plainware | 1 Shiftcontroller | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions.
|
|||||
| CVE-2023-29238 | 1 Whydonate | 1 Wp Whydonate | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Whydonate Whydonate – FREE Donate button – Crowdfunding – Fundraising plugin <= 3.12.15 versions.
|
|||||
| CVE-2023-29235 | 1 Fugu | 1 Maintenance Switch | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions.
|
|||||
| CVE-2023-29213 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.0 CRITICAL |
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of `org.xwiki.platform:xwiki-platform-logging-ui` it is possible to trick a user with programming rights into visiting a constructed url where e.g., by embedding an image with this URL in a document that is viewed by a user with programming rights which will evaluate an expression in the constructed url and execute it. This issue has been addressed in versions 13.10.11, 1 ...
Show More |
|||||
| CVE-2023-29020 | 1 Fastify | 1 Passport | 2024-11-21 | N/A | 6.5 MEDIUM |
|
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger) protection enforced by the `@fastify/csrf-protection` library, when combined with `@fastify/passport` in affected versions, can be bypassed by network and same-site attackers. `fastify/csrf-protection` implements the synchronizer token pattern (using plugins `@fastify/session` and `@fastify/secure-session`) by storing a random value used for CSRF token generation in the ...
Show More |
|||||
| CVE-2023-29008 | 1 Svelte | 1 Sveltekit | 2024-11-21 | N/A | 8.8 HIGH |
|
The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing endpoint handlers for different HTTP methods.
SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. The protection is implemented at `kit/src/runtime/server/respond.js`. While the implementation does a sufficient job of mitigating common CSRF attacks, the protection can be bypassed in versions prior to 1.15.2 by simply sp ...
Show More |
|||||
| CVE-2023-29003 | 1 Svelte | 1 Sveltekit | 2024-11-21 | N/A | 8.8 HIGH |
|
SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing endpoint handlers for different HTTP methods.
SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. While the implementation does a sufficient job in mitigating common CSRF attacks, prior to version 1.15.1, the protection can be bypassed by simply specifying a different `Content-T ...
Show More |
|||||
| CVE-2023-28995 | 1 Configurable Tag Cloud Project | 1 Configurable Tag Cloud | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Configurable Tag Cloud (CTC) plugin <= 5.2 versions.
|
|||||
| CVE-2023-28989 | 1 Wedevs | 1 Happy Addons For Elementor | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons for Elementor plugin <= 3.8.2 versions.
|
|||||
| CVE-2023-28987 | 1 Wpmet | 1 Wp Ultimate Review | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions.
|
|||||
| CVE-2023-28986 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin <= 2.9.20 versions.
|
|||||
| CVE-2023-28949 | 1 Ibm | 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.
|
|||||
| CVE-2023-28930 | 1 Robinphillips | 1 Mobile Banner | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Robin Phillips Mobile Banner plugin <= 1.5 versions.
|
|||||
| CVE-2023-28848 | 1 Nextcloud | 1 User Oidc | 2024-11-21 | N/A | 4.8 MEDIUM |
|
user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available.
|
|||||
| CVE-2023-28791 | 1 Webtechforce | 1 Simple Org Chart | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.
|
|||||
| CVE-2023-28780 | 1 Yoast | 1 Yoast Local Seo | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through 14.8.
|
|||||
| CVE-2023-28747 | 1 Codeboxr | 1 Cbx Currency Converter | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Currency Converter plugin <= 3.0.3 versions.
|
|||||
| CVE-2023-28718 | 1 Propumpservice | 2 Osprey Pump Controller, Osprey Pump Controller Firmware | 2024-11-21 | N/A | 7.1 HIGH |
|
Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. This may allow an attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website.
|
|||||
| CVE-2023-28696 | 1 Themeist | 1 I Recommend This | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend This allows Cross Site Request Forgery.This issue affects I Recommend This: from n/a through 3.9.0.
|
|||||
| CVE-2023-28694 | 1 Wbcomdesigns | 1 Buddypress Activity Social Share | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin <= 3.5.0 versions.
|
|||||
| CVE-2023-28618 | 1 Infolific | 1 Enhanced Plugin Admin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin <= 1.16 versions.
|
|||||
| CVE-2023-28498 | 1 Motopress | 1 Hotel Booking Lite | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in MotoPress Hotel Booking Lite plugin <= 4.6.0 versions.
|
|||||
| CVE-2023-28497 | 1 Tribulant | 1 Slideshow Gallery | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions.
|
|||||
| CVE-2023-28495 | 1 Mythemeshop | 1 Wp Shortcode | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop WP Shortcode by MyThemeShop plugin <= 1.4.16 versions.
|
|||||
| CVE-2023-28420 | 1 Leocaseiro | 1 Custom Options Plus | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Leo Caseiro Custom Options Plus plugin <= 1.8.1 versions.
|
|||||