Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-352
Total 4240 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-47162 1 Dh - Anti Adblocker Project 1 Dh - Anti Adblocker 2023-03-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdyawan DH – Anti AdBlocker plugin <= 36 versions.
CVE-2022-47155 1 Supsystic 1 Slider 2023-03-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by Supsystic plugin <= 1.8.5 versions.
CVE-2022-47147 1 Kesz1 1 Ipblocklist 2023-03-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Kesz1 Technologies ipBlockList plugin <= 1.0 versions.
CVE-2022-47143 1 Themeisle 1 Multiple Page Generator 2023-03-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG plugin <= 3.3.9 versions.
CVE-2022-47141 1 Seerox 1 Wp Dynamic Keywords Injector 2023-03-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dynamic Keywords Injector plugin <= 2.3.15 versions.
CVE-2022-47443 1 Multi Rating Project 1 Multi Rating 2023-03-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions.
CVE-2023-25991 1 Metagauss 1 Registrationmagic 2023-03-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic plugin <= 5.1.9.2 versions.
CVE-2023-25973 1 Autoaffiliatelinks 1 Auto Affiliate Links 2023-03-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3.0.2 versions.
CVE-2023-27490 1 Nextauth.js 1 Next-auth 2023-03-16 N/A 8.8 HIGH
NextAuth.js is an open source authentication solution for Next.js applications. `next-auth` applications using OAuth provider versions before `v4.20.1` have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to **log in as the victim**, bypassing the CSRF protection. This is due to a partial failure during a compromised OAuth session where a session code is erroneously generated. This issue has been addressed in version 4.20.1. Users are advised to upgrade. Users unable to upgrade may using Advanced Initialization, manually check the callback request for state, pkce, and nonce against the provider configuration to prevent this issue. See the linked GHSA for details.
CVE-2022-47166 1 Voidcoders 1 Void Contact Form 7 Widget For Elementor Page Builder 2023-03-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.1.1 versions.
CVE-2022-47440 1 My Tickets Project 1 My Tickets 2023-03-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Tickets plugin <= 1.9.10 versions.
CVE-2023-22700 1 Pixelyoursite 1 Pixelyoursite 2023-03-16 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager plugin <= 9.3.0 versions.
CVE-2023-23711 1 A2hosting 1 A2 Optimized 2023-03-16 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optimized WP plugin <= 3.0.4 versions.
CVE-2023-1346 1 Rapidload 1 Power-up For Autoptimize 2023-03-15 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-1345 1 Rapidload 1 Power-up For Autoptimize 2023-03-15 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-1344 1 Rapidload 1 Power-up For Autoptimize 2023-03-15 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-1343 1 Rapidload 1 Power-up For Autoptimize 2023-03-15 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-1342 1 Rapidload 1 Power-up For Autoptimize 2023-03-15 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for unauthenticated attackers to connect the site to a new license key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-1341 1 Rapidload 1 Power-up For Autoptimize 2023-03-15 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate function. This makes it possible for unauthenticated attackers to turn off caching via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-1340 1 Rapidload 1 Power-up For Autoptimize 2023-03-15 N/A 4.3 MEDIUM
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_uucss_logs function. This makes it possible for unauthenticated attackers to clear plugin logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.