Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28419 | 1 Strangerstudios | 1 Force Display Name | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Stranger Studios Force First and Last Name as Display Name plugin <= 1.2 versions.
|
|||||
| CVE-2023-28335 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 8.8 HIGH |
|
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.
|
|||||
| CVE-2023-28173 | 1 Digitalinspiration | 1 Google Xml Sitemap For Images | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Images plugin <= 2.1.3 versions.
|
|||||
| CVE-2023-28167 | 1 Vsourz | 1 Cf7 Invisible Recaptcha | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital CF7 Invisible reCAPTCHA plugin <= 1.3.3 versions.
|
|||||
| CVE-2023-28023 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | N/A | 4.9 MEDIUM |
|
A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).
|
|||||
| CVE-2023-27634 | 1 Intrepidity Project | 1 Intrepidity | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions.
|
|||||
| CVE-2023-27633 | 1 Pixelgrade | 1 Customify | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin <= 2.10.4 versions.
|
|||||
| CVE-2023-27632 | 1 Mmrs151 | 1 Daily Prayer Time | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.03.08 versions.
|
|||||
| CVE-2023-27623 | 1 Jenst | 1 Wp Page Numbers | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Jens Törnell WP Page Numbers plugin <= 0.5 versions.
|
|||||
| CVE-2023-27615 | 1 Dipakgajjar | 1 Wp Super Minify | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP Super Minify plugin <= 1.5.1 versions.
|
|||||
| CVE-2023-27611 | 1 Jeanbaptisteaudras | 1 Reusable Blocks Extended | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in audrasjb Reusable Blocks Extended plugin <= 0.9 versions.
|
|||||
| CVE-2023-27606 | 1 Wp Reroute Email Project | 1 Wp Reroute Email | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP Reroute Email plugin <= 1.4.6 versions.
|
|||||
| CVE-2023-27495 | 1 Fastify | 1 Csrf-protection | 2024-11-21 | N/A | 5.3 MEDIUM |
|
@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions. @fastify/csrf-protection supports an optional userInfo parameter that binds the CSRF token to the user. This parameter has been introduced to prevent cookie-tossing attacks as a fix for CVE-2021-29624. Whenever userInfo p ...
Show More |
|||||
| CVE-2023-27490 | 1 Nextauth.js | 1 Next-auth | 2024-11-21 | N/A | 8.1 HIGH |
|
NextAuth.js is an open source authentication solution for Next.js applications. `next-auth` applications using OAuth provider versions before `v4.20.1` have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to **log in as the victim**, bypassing the CSRF protection. This is due to a partial failure ...
Show More |
|||||
| CVE-2023-27461 | 1 Yoohooplugins | 1 When Last Login | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <= 1.2.1 versions.
|
|||||
| CVE-2023-27458 | 1 Wpstream | 1 Wpstream | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream plugin <= 4.4.10 versions.
|
|||||
| CVE-2023-27457 | 1 Passionatebrains | 1 Add Expires Headers \& Optimized Minify | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains Add Expires Headers & Optimized Minify plugin <= 2.7 versions.
|
|||||
| CVE-2023-27453 | 1 Lws | 1 Lws Tools | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.3.1 versions.
|
|||||
| CVE-2023-27448 | 1 Makestories | 1 Makestories \(for Google Web Stories\) | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <= 2.8.0 versions.
|
|||||
| CVE-2023-27446 | 1 Fluenx | 1 Deepl Pro Api Translation | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.1.4 versions.
|
|||||
| CVE-2023-27445 | 1 Meril | 1 Blog Floating Button | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc. Blog Floating Button plugin <= 1.4.12 versions.
|
|||||
| CVE-2023-27444 | 1 Perfops | 1 Decalog | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin <= 3.7.0 versions.
|
|||||
| CVE-2023-27442 | 1 Techsoupeurope | 1 Leyka | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions.
|
|||||
| CVE-2023-27441 | 1 New Adman Project | 1 New Adman | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions.
|
|||||
| CVE-2023-27438 | 1 Yur4enko | 1 Wp Translitera | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Evgen Yurchenko WP Translitera plugin <= p1.2.5 versions.
|
|||||
| CVE-2023-27436 | 1 Breakdance | 1 Elegant Custom Fonts | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Louis Reingold Elegant Custom Fonts plugin <= 1.0 versions.
|
|||||
| CVE-2023-27435 | 1 Yasglobal | 1 Http Auth | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin <= 0.3.2 versions.
|
|||||
| CVE-2023-27434 | 1 Wpgrim | 1 Classic Editor And Classic Widgets | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Classic Editor and Classic Widgets plugin <= 1.2.5 versions.
|
|||||
| CVE-2023-27433 | 1 Yasglobal | 1 Make Paths Relative | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Make Paths Relative allows Cross Site Request Forgery.This issue affects Make Paths Relative: from n/a through 1.3.0.
|
|||||
| CVE-2023-27431 | 1 Themehunk | 1 Big Store | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk Big Store theme <= 1.9.3 versions.
|
|||||
| CVE-2023-27430 | 1 Mijnpress | 1 Mass Delete Unused Tags | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass Delete Unused Tags plugin <= 2.0.0 versions.
|
|||||
| CVE-2023-27424 | 1 Inactive User Deleter Project | 1 Inactive User Deleter | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <= 1.59 versions.
|
|||||
| CVE-2023-27423 | 1 Mijnpress | 1 Auto Prune Posts | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto Prune Posts plugin <= 1.8.0 versions.
|
|||||
| CVE-2023-27418 | 1 Wow-company | 1 Side Menu Lite | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite – add sticky fixed buttons plugin <= 4.0 versions.
|
|||||
| CVE-2023-27417 | 1 Ifeelweb | 1 Affiliate Super Assistent | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Timo Reith Affiliate Super Assistent plugin <= 1.5.1 versions.
|
|||||
| CVE-2023-27387 | 2 Especmic, Tandd | 20 Rs-12n, Rs-12n Firmware, Rt-12n and 17 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products ...
Show More |
|||||
| CVE-2023-26543 | 1 Wp-meteor | 1 Wp Meteor | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Guidrevitch WP Meteor Website Speed Optimization Addon plugin <= 3.1.4 versions.
|
|||||
| CVE-2023-26535 | 1 Wppool | 1 Sheets To Wp Table Live Sync | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets To WP Table Live Sync plugin <= 2.12.15 versions.
|
|||||
| CVE-2023-26532 | 1 Accesspressthemes | 1 Social Auto Poster | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions.
|
|||||
| CVE-2023-26531 | 1 Wbolt | 1 All-in-one Search Automatic Push Management | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in 闪电博 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 allows Cross Site Request Forgery.This issue affects 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条: from n/a through 4.2.7.
|
|||||