Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1793 | 1 Private Files Project | 1 Private Files | 2022-06-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public | |||||
| CVE-2022-1792 | 1 Quick Subscribe Project | 1 Quick Subscribe | 2022-06-21 | 3.5 LOW | 5.4 MEDIUM |
| The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them | |||||
| CVE-2022-1605 | 1 Email Users Project | 1 Email Users | 2022-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users | |||||
| CVE-2022-1608 | 1 Byonepress | 1 Social Locker | 2022-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1612 | 1 Webriti | 1 Webriti Smtp Mail | 2022-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1624 | 1 Latest Tweets Widget Project | 1 Latest Tweets Widget | 2022-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1694 | 1 Useful Banner Manager Project | 1 Useful Banner Manager | 2022-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Useful Banner Manager WordPress plugin through 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form. | |||||
| CVE-2017-20020 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2022-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2021-44117 | 1 Thedaylightstudio | 1 Fuel Cms | 2022-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4. | |||||
| CVE-2022-22479 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2022-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 225887. | |||||
| CVE-2022-30898 | 1 Chshcms | 1 Cscms | 2022-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password. | |||||
| CVE-2022-1712 | 1 Livesync Project | 1 Livesync | 2022-06-15 | 4.3 MEDIUM | 4.3 MEDIUM |
| The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1695 | 1 Tipsandtricks-hq | 1 Wp Simple Adsense Insertion | 2022-06-15 | 4.3 MEDIUM | 4.3 MEDIUM |
| The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form. | |||||
| CVE-2022-1709 | 1 Gti | 1 Throws Spam Away | 2022-06-15 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attack | |||||
| CVE-2019-25064 | 1 Theaccessgroup | 1 Corehr Core Portal | 2022-06-15 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-1577 | 1 Deliciousbrains | 1 Database Backup | 2022-06-15 | 5.8 MEDIUM | 5.4 MEDIUM |
| The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule | |||||
| CVE-2022-1424 | 1 2code | 1 Ask Me | 2022-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site. | |||||
| CVE-2022-1422 | 1 2code | 1 Discy | 2022-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults. | |||||
| CVE-2022-1421 | 1 2code | 1 Discy | 2022-06-14 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack | |||||
| CVE-2020-36534 | 1 Easyiicms | 1 Easyiicms | 2022-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||