Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0642 | 1 Squidex.io | 1 Squidex | 2023-02-09 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0. | |||||
| CVE-2023-0723 | 1 Wickedplugins | 1 Wicked Folders | 2023-02-09 | N/A | 4.3 MEDIUM |
| The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_move_object function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | |||||
| CVE-2022-44585 | 1 Magneticlab | 1 Homepage Pop-up | 2023-02-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions. | |||||
| CVE-2022-40692 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2023-02-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions. | |||||
| CVE-2022-45067 | 1 Devscred | 1 Exclusive Addons For Elementor | 2023-02-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions. | |||||
| CVE-2022-46842 | 1 Wiselyhub | 1 Js Help Desk | 2023-02-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions. | |||||
| CVE-2022-46815 | 1 Wptrio | 1 Conditional Shipping For Woocommerce | 2023-02-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions. | |||||
| CVE-2022-45807 | 1 Wpvibes | 1 Wp Mail Log | 2023-02-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions. | |||||
| CVE-2023-23750 | 1 Joomla | 1 Joomla\! | 2023-02-08 | N/A | 6.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. | |||||
| CVE-2023-20856 | 1 Vmware | 1 Vrealize Operations | 2023-02-07 | N/A | 8.8 HIGH |
| VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. | |||||
| CVE-2021-21395 | 1 Openmage | 1 Magento | 2023-02-07 | N/A | 4.3 MEDIUM |
| Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is clicked and user submits new password. This issue is patched in versions 19.4.22 and 20.0.19. There are no workarounds. | |||||
| CVE-2022-32516 | 1 Schneider-electric | 2 Conext Combox, Conext Combox Firmware | 2023-02-07 | N/A | 6.5 MEDIUM |
| A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All Versions) | |||||
| CVE-2022-4872 | 1 Chained Products Project | 1 Chained Products | 2023-02-06 | N/A | 4.3 MEDIUM |
| The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no' | |||||
| CVE-2022-4553 | 1 Fl3r Feelbox Project | 1 Fl3r Feelbox | 2023-02-06 | N/A | 4.3 MEDIUM |
| The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydl_posts & lydl_poststimestamp DB tables | |||||
| CVE-2022-4552 | 1 Fl3r Feelbox Project | 1 Fl3r Feelbox | 2023-02-06 | N/A | 6.1 MEDIUM |
| The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | |||||
| CVE-2023-0554 | 1 Thingsforrestaurants | 1 Quick Restaurant Menu | 2023-02-06 | N/A | 4.3 MEDIUM |
| The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-24905 | 1 Vsourz | 1 Advanced Cf7 Db | 2023-02-06 | 6.0 MEDIUM | 8.0 HIGH |
| The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users. | |||||
| CVE-2023-24428 | 1 Jenkins | 1 Bitbucket Oauth | 2023-02-03 | N/A | 5.7 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account. | |||||
| CVE-2019-17675 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-02-03 | 6.8 MEDIUM | 8.8 HIGH |
| WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. | |||||
| CVE-2020-36389 | 1 Civicrm | 1 Civicrm | 2023-02-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF. | |||||