Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38063 | 1 Social Login Wp Project | 1 Social Login Wp | 2023-03-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plugin <= 5.0.0.0 versions. | |||||
| CVE-2022-4148 | 2023-03-21 | N/A | N/A | ||
| The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. | |||||
| CVE-2022-3894 | 2023-03-21 | N/A | N/A | ||
| The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack. | |||||
| CVE-2023-27234 | 1 Jizhicms | 1 Jizhicms | 2023-03-20 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application. | |||||
| CVE-2023-23721 | 2023-03-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin Log plugin <= 1.50 versions. | |||||
| CVE-2023-22681 | 2023-03-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Aarvanshinfotech Online Exam Software: eExamhall plugin <= 4.0 versions. | |||||
| CVE-2023-22678 | 2023-03-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rafael Dery Superior FAQ plugin <= 1.0.2 versions. | |||||
| CVE-2022-46854 | 2023-03-19 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes Launchpad – Coming Soon & Maintenance Mode plugin <= 1.0.13 versions. | |||||
| CVE-2022-46867 | 2023-03-19 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Chasil Universal Star Rating plugin <= 2.1.0 version. | |||||
| CVE-2023-25968 | 1 Cozmoslabs | 1 Client Portal | 2023-03-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin Ungureanu, Antohe Cristian Client Portal – Private user pages and login plugin <= 1.1.8 versions. | |||||
| CVE-2023-25709 | 1 Plainware | 1 Locatoraid | 2023-03-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.11 versions. | |||||
| CVE-2023-25708 | 1 Coderex | 1 Wp Vr | 2023-03-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin <= 8.2.7 versions. | |||||
| CVE-2022-47427 | 1 My Calendar Project | 1 My Calendar | 2023-03-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions. | |||||
| CVE-2023-1472 | 2023-03-17 | N/A | N/A | ||
| The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. Actions include resetting the API key, accessing or deleting log files, and deleting cache among others. | |||||
| CVE-2020-36669 | 1 Jetbackup | 1 Jetbackup | 2023-03-17 | N/A | 8.8 HIGH |
| The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-24705 | 1 Basixonline | 1 Nex-forms | 2023-03-17 | 3.5 LOW | 4.8 MEDIUM |
| The NEX-Forms WordPress plugin before 8.3.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site Scripting payloads in them | |||||
| CVE-2022-47422 | 1 Hmplugin | 1 Accept Stripe Donation - Aidwp | 2023-03-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin <= 3.1.5 versions. | |||||
| CVE-2022-47154 | 1 Piwebsolution | 1 Css Js Manager\, Async Javascript\, Defer Render Blocking Css Supports Woocommerce | 2023-03-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin <= 2.4.49 versions. | |||||
| CVE-2023-27073 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-03-16 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request. | |||||
| CVE-2022-47163 | 1 Wp Csv To Database Project | 1 Wp Csv To Database | 2023-03-16 | N/A | 7.5 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database – Insert CSV file content into WordPress plugin <= 2.6 versions. | |||||