Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35773 | 1 Freehtmldesigns | 1 Site Offline | 2022-07-17 | 6.8 MEDIUM | 8.8 HIGH |
| The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF. | |||||
| CVE-2022-2123 | 1 Wp Opt-in Project | 1 Wp Opt-in | 2022-07-15 | 4.3 MEDIUM | 4.3 MEDIUM |
| The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails. | |||||
| CVE-2022-1957 | 1 Comment License Project | 1 Comment License | 2022-07-15 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Comment License WordPress plugin before 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1732 | 1 Rename Wp-login Project | 1 Rename Wp-login | 2022-07-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1626 | 1 Sharebar Project | 1 Sharebar | 2022-07-15 | 3.5 LOW | 5.4 MEDIUM |
| The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them | |||||
| CVE-2022-1576 | 1 Themeisle | 1 Wp Maintenance Mode \& Coming Soon | 2022-07-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack | |||||
| CVE-2022-1599 | 1 Admin Management Xtended Project | 1 Admin Management Xtended | 2022-07-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more. | |||||
| CVE-2015-1785 | 1 Imagely | 1 Nextgen Gallery | 2022-07-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. | |||||
| CVE-2021-31679 | 1 Pescms | 1 Pescms Team | 2022-07-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers. | |||||
| CVE-2021-31678 | 1 Pescms | 1 Pescms Team | 2022-07-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company. | |||||
| CVE-2021-31677 | 1 Pescms | 1 Pescms Team | 2022-07-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords. | |||||
| CVE-2021-23163 | 1 Jfrog | 1 Artifactory | 2022-07-13 | 6.8 MEDIUM | 8.8 HIGH |
| JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x. | |||||
| CVE-2022-1967 | 1 Wp-championship Project | 1 Wp-championship | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues | |||||
| CVE-2020-10181 | 1 Sumavision | 2 Enhanced Multimedia Router, Enhanced Multimedia Router Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request. | |||||
| CVE-2021-46366 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials. | |||||
| CVE-2021-25327 | 1 Skyworthdigital | 2 Rn510, Rn510 Firmware | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting (XSS). | |||||
| CVE-2022-34817 | 1 Jenkins | 1 Failed Job Deactivator | 2022-07-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. | |||||
| CVE-2022-34815 | 1 Jenkins | 1 Request Rename Or Delete | 2022-07-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. | |||||
| CVE-2022-34812 | 1 Jenkins | 1 Xpath Configuration Viewer | 2022-07-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. | |||||
| CVE-2022-34792 | 1 Jenkins | 1 Recipe | 2022-07-08 | 6.0 MEDIUM | 8.0 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. | |||||