Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3017 | 1 Froxlor | 1 Froxlor | 2022-09-01 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38. | |||||
| CVE-2022-31773 | 1 Ibm | 1 Datapower Gateway | 2022-08-31 | N/A | 8.8 HIGH |
| IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357. | |||||
| CVE-2021-39394 | 1 Mm-wiki Project | 1 Mm-wiki | 2022-08-31 | N/A | 6.5 MEDIUM |
| mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information. | |||||
| CVE-2022-30287 | 1 Horde | 1 Groupware | 2022-08-31 | N/A | 8.0 HIGH |
| Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. | |||||
| CVE-2021-24884 | 1 Strategy11 | 1 Formidable Form Builder | 2022-08-30 | 6.8 MEDIUM | 9.6 CRITICAL |
| The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Link gets clicked, Javascript code can be executed. The vulnerability is due to insufficient sanitization of the "data-frmverify" tag for links in the web-based entry inspection page of affected systems. A successful exploitation incomibantion with CSRF could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These actions include stealing the users account by changing their password or allowing attackers to submit their own code through an authenticated user resulting in Remote Code Execution. If an authenticated user who is able to edit Wordpress PHP Code in any kind, clicks the malicious link, PHP code can be edited. | |||||
| CVE-2011-2522 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2022-08-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program. | |||||
| CVE-2022-36546 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2022-08-29 | N/A | 8.8 HIGH |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php. | |||||
| CVE-2018-14519 | 1 Getkirby | 1 Kirby | 2022-08-28 | N/A | 4.3 MEDIUM |
| An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page. | |||||
| CVE-2022-36358 | 1 Seoscout | 1 Seo Scout | 2022-08-26 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin <= 0.9.83 at WordPress allows attackers to trick users with administrative rights to unintentionally change the plugin settings. | |||||
| CVE-2022-36389 | 1 Wordplus | 1 Better Messages | 2022-08-25 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress. | |||||
| CVE-2022-36288 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2022-08-24 | N/A | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | |||||
| CVE-2022-36292 | 1 Wpchill | 1 Gallery Photoblocks | 2022-08-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress. | |||||
| CVE-2022-2389 | 1 Buildwoofunnels | 1 Autonami | 2022-08-24 | N/A | 4.3 MEDIUM |
| The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations | |||||
| CVE-2022-2388 | 1 Wow-company | 1 Wp Coder | 2022-08-24 | N/A | 6.5 MEDIUM |
| The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack | |||||
| CVE-2022-2382 | 1 Shapedplugin | 1 Product Slider For Woocommerce | 2022-08-24 | N/A | 4.3 MEDIUM |
| The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options. | |||||
| CVE-2022-2377 | 1 Wpwax | 1 Directorist | 2022-08-24 | N/A | 4.3 MEDIUM |
| The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog | |||||
| CVE-2022-2375 | 1 Okapitech | 1 Wp Sticky Button | 2022-08-24 | N/A | 5.4 MEDIUM |
| The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues | |||||
| CVE-2022-2312 | 1 Student Result Or Employee Database Project | 1 Student Result Or Employee Database | 2022-08-24 | N/A | 5.4 MEDIUM |
| The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting | |||||
| CVE-2022-2276 | 1 Wp Edit Menu Project | 1 Wp Edit Menu | 2022-08-24 | N/A | 4.3 MEDIUM |
| The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog | |||||
| CVE-2022-2275 | 1 Wp Edit Menu Project | 1 Wp Edit Menu | 2022-08-24 | N/A | 4.3 MEDIUM |
| The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack | |||||