Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9432 | 1 Thealpinepress | 1 Alpine-photo-tile-for-instagram | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter.
|
|||||
| CVE-2015-9431 | 1 Qtranslate X Project | 1 Qtranslate X | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter.
|
|||||
| CVE-2015-9429 | 1 Yithemes | 1 Yith Maintenance Mode | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter.
|
|||||
| CVE-2015-9428 | 1 Wplegalpages | 1 Wp Legal Pages | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters.
|
|||||
| CVE-2015-9427 | 1 Googmonify Project | 1 Googmonify | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter.
|
|||||
| CVE-2015-9425 | 1 Byonepress | 1 Social Locker | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter.
|
|||||
| CVE-2015-9424 | 1 Doc4design | 1 Multicons | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter.
|
|||||
| CVE-2015-9422 | 1 Simplysymphony | 1 Plugnedit | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters.
|
|||||
| CVE-2015-9421 | 1 Olevmedia | 1 Olevmedia Shortcodes | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter.
|
|||||
| CVE-2015-9418 | 1 Kibokolabs | 1 Watupro | 2024-11-21 | 5.8 MEDIUM | 4.3 MEDIUM |
|
The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes.
|
|||||
| CVE-2015-9417 | 1 Slidervilla | 1 Testimonial Slider | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS.
|
|||||
| CVE-2015-9413 | 1 Eshop Project | 1 Eshop | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter.
|
|||||
| CVE-2015-9409 | 1 Alo-easymail Project | 1 Alo-easymail | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php.
|
|||||
| CVE-2015-9408 | 1 Cyberseo | 1 Xpinner Lite | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.
|
|||||
| CVE-2015-9394 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.
|
|||||
| CVE-2015-9388 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.
|
|||||
| CVE-2015-9387 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF.
|
|||||
| CVE-2015-9380 | 1 10web | 1 Photo Gallery | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The photo-gallery plugin before 1.2.42 for WordPress has CSRF.
|
|||||
| CVE-2015-9343 | 1 Impress | 1 Wp Rollback | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The wp-rollback plugin before 1.2.3 for WordPress has CSRF.
|
|||||
| CVE-2015-9332 | 1 Wordpress Uninstall Project | 1 Wordpress Uninstall | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
|
The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI.
|
|||||
| CVE-2015-9322 | 1 Erident Custom Login And Dashboard Project | 1 Erident Custom Login And Dashboard | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF.
|
|||||
| CVE-2015-9292 | 1 6kbbs | 1 6kbbs | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter).
|
|||||
| CVE-2015-9284 | 1 Omniauth | 1 Omniauth | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.
|
|||||
| CVE-2015-8536 | 1 Lenovo | 1 Solution Center | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery.
|
|||||
| CVE-2015-7610 | 2 Synacor, Zimbra | 2 Zimbra Collaboration Suite, Zimbra Collaboration Suite | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.
|
|||||
| CVE-2015-5686 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session.
|
|||||
| CVE-2015-5595 | 1 Zenphoto | 1 Zenphoto | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption).
|
|||||
| CVE-2015-5483 | 1 Private Only Project | 1 Private Only | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via unspecified vectors, or (4) conduct cross-site scripting (XSS) attacks via the po_logo parameter in the privateonly.php page to wp-admin/options-general.php.
|
|||||
| CVE-2015-4630 | 1 Koha | 1 Koha | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) at ...
Show More |
|||||
| CVE-2015-4179 | 1 Codestyling Localization Project | 1 Codestyling Localization | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress.
|
|||||
| CVE-2015-3140 | 1 Synametrics | 3 Synaman, Syncrify, Syntail | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
|
|||||
| CVE-2015-2009 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. IBM X-Force ID: 103921.
|
|||||
| CVE-2015-20105 | 1 Cbads | 1 Clickbank Affiliate Ads | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
|
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues
|
|||||
| CVE-2015-1785 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.
|
|||||
| CVE-2015-1583 | 1 Atutor | 1 Atutor | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php.
|
|||||
| CVE-2015-1391 | 1 Hp | 1 Airwave | 2024-11-21 | N/A | 8.8 HIGH |
|
Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.
|
|||||
| CVE-2015-10125 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability.
|
|||||
| CVE-2015-10116 | 1 Realfavicongenerator | 1 Favicon By Realfavicongenerator | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. This affects the function install_new_favicon of the file admin/class-favicon-by-realfavicongenerator-admin.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.2.13 is able to address this issue. The identifier of the patch is 949a1ae7216216350458844f50a72f100b56d4e7. It is recommended to upgrade t ...
Show More |
|||||
| CVE-2015-10109 | 1 Cincopa | 1 Video And Media Plug-in | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file wp-media-cincopa.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.137 is able to address this issue. The name of the patch is ee28e91f4d5404905204c43b7b84a8ffecad932e. It is recommended to upgrade the affected component. The identifier of thi ...
Show More |
|||||
| CVE-2015-10108 | 1 Inline Google Spreadsheet Viewer Project | 1 Inline Google Spreadsheet Viewer | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The patch is identified as 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VD ...
Show More |
|||||