Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1205 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-03-15 | N/A | 8.8 HIGH |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections. | |||||
| CVE-2021-4333 | 1 Veronalabs | 1 Wp Statistics | 2023-03-14 | N/A | 6.5 MEDIUM |
| The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-25170 | 2023-03-13 | N/A | N/A | ||
| PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enable same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. The problem is fixed in version 8.0.1. | |||||
| CVE-2021-23227 | 1 Php Everywhere Project | 1 Php Everywhere | 2023-03-13 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP Everywhere plugin <= 2.0.2 versions. | |||||
| CVE-2022-4265 | 1 Gopostmatic | 1 Replyable | 2023-03-10 | N/A | 8.8 HIGH |
| The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could also be done via a CSRF vector against any authenticated user | |||||
| CVE-2022-47179 | 1 Ujsoftware | 1 Owm Weather | 2023-03-09 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a draft. | |||||
| CVE-2023-24419 | 1 Strategy11 | 1 Formidable Form Builder | 2023-03-09 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions. | |||||
| CVE-2023-23992 | 1 Automatorwp | 1 Automatorwp | 2023-03-09 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin <= 2.5.0 leads to object delete. | |||||
| CVE-2022-43459 | 1 Captainform | 1 Captainform | 2023-03-09 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainForm – Form Builder for WordPress plugin <= 2.5.3 versions. | |||||
| CVE-2023-23983 | 1 Wpdevart | 1 Responsive Vertical Icon Menu | 2023-03-09 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 can lead to theme deletion. | |||||
| CVE-2023-23865 | 1 Checkoutplugins | 1 Stripe Payments For Woocommerce | 2023-03-09 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin <= 1.4.10 leads to settings change. | |||||
| CVE-2022-48309 | 1 Sophos | 1 Connect | 2023-03-08 | N/A | 4.3 MEDIUM |
| A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. | |||||
| CVE-2022-47148 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2023-03-08 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup dismiss. | |||||
| CVE-2022-46798 | 1 Hasthemes | 1 Woolentor - Woocommerce Elementor Addons \+ Builder | 2023-03-08 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.5.1 leading to plugin settings change. | |||||
| CVE-2022-46805 | 1 Wptrio | 1 Conditional Shipping For Woocommerce | 2023-03-08 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 leading to activation/deactivation of plugin rulesets. | |||||
| CVE-2022-46806 | 1 Villatheme | 1 Cart All In One For Woocommerce | 2023-03-08 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All In One For WooCommerce plugin <= 1.1.10 leading to cart modification. | |||||
| CVE-2022-46797 | 1 Tatvic | 1 Conversios.io | 2023-03-08 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin <= 5.2.3 leads to plugin settings change. | |||||
| CVE-2022-45804 | 1 Robogallery | 1 Robo Gallery | 2023-03-08 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.9 leading to galleries hierarchy change, included plugin deactivate & activate. | |||||
| CVE-2022-40198 | 1 Standalonetech | 1 Terawallet | 2023-03-08 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech TeraWallet – For WooCommerce plugin <= 1.3.24 leading to plugin settings change. | |||||
| CVE-2022-45068 | 1 Mercadopago | 1 Mercado Pago Payments For Woocommerce | 2023-03-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin <= 6.3.1. | |||||