Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2355 | 1 Easy Username Updater Project | 1 Easy Username Updater | 2022-08-12 | N/A | 6.5 MEDIUM |
| The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin | |||||
| CVE-2022-34158 | 1 Apache | 1 Jspwiki | 2022-08-10 | N/A | 8.8 HIGH |
| A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page. | |||||
| CVE-2022-28731 | 1 Apache | 1 Jspwiki | 2022-08-10 | N/A | 6.5 MEDIUM |
| A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page. | |||||
| CVE-2022-34937 | 1 Yuba | 1 U5cms | 2022-08-09 | N/A | 8.8 HIGH |
| Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code. | |||||
| CVE-2022-36968 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2022-08-09 | N/A | 4.3 MEDIUM |
| In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks. | |||||
| CVE-2022-33201 | 1 Mailerlite | 1 Mailerlite Signup Forms | 2022-08-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key. | |||||
| CVE-2021-36861 | 1 Starfish | 1 Rich Review | 2022-08-06 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Rich Reviews by Starfish plugin <= 1.9.14 at WordPress allows an attacker to delete reviews. | |||||
| CVE-2016-3098 | 1 Thoughtbot | 1 Administrate | 2022-08-06 | N/A | 5.4 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code. | |||||
| CVE-2020-35135 | 1 Infolific | 1 Ultimate Category Excluder | 2022-08-05 | 6.8 MEDIUM | 8.8 HIGH |
| The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF. | |||||
| CVE-2022-2245 | 1 Wow-company | 1 Counter Box | 2022-08-05 | N/A | 8.8 HIGH |
| The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks | |||||
| CVE-2022-2184 | 1 Wpwhitesecurity | 1 Captcha 4wp | 2022-08-05 | N/A | 8.8 HIGH |
| The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server. | |||||
| CVE-2022-34161 | 1 Ibm | 1 Cics Tx | 2022-08-05 | N/A | 8.8 HIGH |
| IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 229331. | |||||
| CVE-2022-2260 | 1 Givewp | 1 Givewp | 2022-08-05 | N/A | 6.5 MEDIUM |
| The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target's CPU. | |||||
| CVE-2022-2241 | 1 Fifu | 1 Featured Image From Url | 2022-08-05 | N/A | 6.1 MEDIUM |
| The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues | |||||
| CVE-2022-26309 | 1 Pandorafms | 1 Pandora Fms | 2022-08-05 | N/A | 8.8 HIGH |
| Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group. | |||||
| CVE-2022-2171 | 1 Crowdfavorite | 1 Progressive License | 2022-08-05 | N/A | 5.4 MEDIUM |
| The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well. | |||||
| CVE-2021-24836 | 1 Storeapps | 1 Temporary Login Without Password | 2022-08-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them | |||||
| CVE-2022-36920 | 1 Jenkins | 1 Coverity | 2022-08-03 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-36882 | 1 Jenkins | 1 Git | 2022-08-03 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. | |||||
| CVE-2022-36906 | 1 Jenkins | 1 Openshift Deployer | 2022-08-03 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | |||||