Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1630 | 1 Wp-email Project | 1 Wp-email | 2022-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack | |||||
| CVE-2022-1895 | 1 Underconstruction Project | 1 Underconstruction | 2022-06-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack | |||||
| CVE-2022-1832 | 1 Capa Protect Project | 1 Capa Protect | 2022-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable the applied protection. | |||||
| CVE-2022-1831 | 1 Wplite Project | 1 Wplite | 2022-06-28 | 3.5 LOW | 6.5 MEDIUM |
| The WPlite WordPress plugin through 1.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1830 | 1 Amazon Einzeltitellinks Project | 1 Amazon Einzeltitellinks | 2022-06-28 | 3.5 LOW | 6.5 MEDIUM |
| The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | |||||
| CVE-2022-1829 | 1 Inline Google Maps Project | 1 Inline Google Maps | 2022-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Inline Google Maps WordPress plugin through 5.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | |||||
| CVE-2022-1828 | 1 Pdf24 Articles To Pdf Project | 1 Pdf24 Articles To Pdf | 2022-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1827 | 1 Pdf24 Articles To Pdf Project | 1 Pdf24 Articles To Pdf | 2022-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2017-20053 | 1 Xyzscripts | 1 Contact Form Manager | 2022-06-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-30328 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2022-06-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface. | |||||
| CVE-2022-30327 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2022-06-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface's IP address is known. | |||||
| CVE-2017-20062 | 1 Elefantcms | 1 Elefant Cms | 2022-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-31294 | 1 Online Discussion Forum Site Project | 1 Online Discussion Forum Site | 2022-06-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts. | |||||
| CVE-2022-29453 | 1 Ayecode | 1 Api Key For Google Maps | 2022-06-27 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google Maps plugin <= 1.2.1 at WordPress leading to Google Maps API key update. | |||||
| CVE-2022-29441 | 1 Private Messages Project | 1 Private Messages | 2022-06-27 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin <= 2.1.10 at WordPress allows attackers to send messages. | |||||
| CVE-2022-29450 | 1 Admin Management Xtended Project | 1 Admin Management Xtended | 2022-06-24 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress. | |||||
| CVE-2021-36891 | 1 Supsystic | 1 Photo Gallery | 2022-06-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings. | |||||
| CVE-2022-29439 | 1 Nextcode | 1 Image Slider By Nextcode | 2022-06-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress allows deleting slides. | |||||
| CVE-2022-30931 | 1 Employee Leaves Management System Project | 1 Employee Leaves Management System | 2022-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF) via /myprofile.php. | |||||
| CVE-2022-29437 | 1 Nextcode | 1 Image Slider By Nextcode | 2022-06-23 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | |||||