Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34789 | 1 Jenkins | 1 Matrix Reloaded | 2022-07-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds. | |||||
| CVE-2022-34780 | 1 Jenkins | 1 Xebialabs Xl Release | 2022-07-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-31886 | 1 Marvalglobal | 1 Marval Msm | 2022-07-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form. | |||||
| CVE-2022-34797 | 1 Jenkins | 1 Deployment Dashboard | 2022-07-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials. | |||||
| CVE-2017-20120 | 1 Trueconf | 1 Server | 2022-07-07 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-1653 | 1 Supsystic | 1 Social Share Buttons | 2022-07-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks. | |||||
| CVE-2022-1627 | 1 Zatzlabs | 1 My Private Site | 2022-07-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| The My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1625 | 1 Wpexperts | 1 New User Approve | 2022-07-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites. | |||||
| CVE-2022-1573 | 1 Html2wp Project | 1 Html2wp | 2022-07-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them | |||||
| CVE-2022-0875 | 1 Miniorange | 1 Google Authenticator | 2022-07-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks | |||||
| CVE-2022-34134 | 1 Jorani Project | 1 Jorani | 2022-07-06 | 6.8 MEDIUM | 8.8 HIGH |
| Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php. | |||||
| CVE-2022-1844 | 1 Wp-sentry Project | 1 Wp-sentry | 2022-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well | |||||
| CVE-2022-1843 | 1 Mailpress Project | 1 Mailpress | 2022-07-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks | |||||
| CVE-2022-1842 | 1 Openbook Book Data Project | 1 Openbook Book Data | 2022-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well | |||||
| CVE-2022-1885 | 1 Cimy Header Image Rotator Project | 1 Cimy Header Image Rotator | 2022-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1847 | 1 Rotating Posts Project | 1 Rotating Posts | 2022-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1846 | 1 Tiny Contact Form Project | 1 Tiny Contact Form | 2022-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1845 | 1 Wp Post Styling Project | 1 Wp Post Styling | 2022-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks | |||||
| CVE-2022-1913 | 1 Add Post Url Project | 1 Add Post Url | 2022-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | |||||
| CVE-2022-1960 | 1 Mycss Project | 1 Mycss | 2022-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| The MyCSS WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||