Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11557 | 1 Web-dorado | 1 Wp Form Builder | 2023-02-27 | 6.8 MEDIUM | 8.8 HIGH |
| The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | |||||
| CVE-2019-11591 | 1 Web-dorado | 1 Contact Form | 2023-02-27 | 6.8 MEDIUM | 8.8 HIGH |
| The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | |||||
| CVE-2016-10874 | 1 Wpseeds | 1 Wp Database Backup | 2023-02-24 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-database-backup plugin before 4.3.3 for WordPress has CSRF. | |||||
| CVE-2019-14683 | 1 Codection | 1 Import Users From Csv With Meta | 2023-02-24 | 4.9 MEDIUM | 5.7 MEDIUM |
| The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. | |||||
| CVE-2019-14680 | 1 Mijnpress | 1 Admin-renamer-extended | 2023-02-24 | 3.5 LOW | 5.7 MEDIUM |
| The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF. | |||||
| CVE-2019-12239 | 1 Wpbookingsystem | 1 Wp Booking System | 2023-02-24 | 6.5 MEDIUM | 7.2 HIGH |
| The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access. | |||||
| CVE-2023-23465 | 1 Mediacp | 1 Media Control Panel | 2023-02-24 | N/A | 8.8 HIGH |
| Media CP Media Control Panel latest version. CSRF possible through unspecified endpoint. | |||||
| CVE-2021-43137 | 1 Hostel Management System Project | 1 Hostel Management System | 2023-02-24 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover. | |||||
| CVE-2023-25767 | 1 Jenkins | 1 Azure Credentials | 2023-02-24 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server. | |||||
| CVE-2016-10945 | 1 Pagelines | 1 Pagelines | 2023-02-23 | 6.8 MEDIUM | 8.8 HIGH |
| The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF. | |||||
| CVE-2022-29557 | 1 Relx | 1 Firco Compliance Link | 2023-02-23 | N/A | 8.8 HIGH |
| LexisNexis Firco Compliance Link 3.7 allows CSRF. | |||||
| CVE-2023-22942 | 1 Splunk | 1 Splunk | 2023-02-23 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG [App Key Value Store (KV store)](https://docs.splunk.com/Documentation/Splunk/latest/Admin/AboutKVstore) collections using an HTTP GET request. SSG is a Splunk-built app that comes with Splunk Enterprise. The vulnerability affects instances with SSG and Splunk Web enabled. | |||||
| CVE-2021-33396 | 1 Baijiacms Project | 1 Baijiacms | 2023-02-22 | N/A | 6.5 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php. | |||||
| CVE-2023-23847 | 1 Jenkins | 1 Synopsys Coverity | 2023-02-22 | N/A | 3.5 LOW |
| A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-4745 | 1 Wp-customerarea | 1 Wp Customer Area | 2023-02-22 | N/A | 7.1 HIGH |
| The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example. | |||||
| CVE-2019-10408 | 1 Jenkins | 1 Project Inheritance | 2023-02-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates. | |||||
| CVE-2020-9388 | 1 Squaredup | 1 Squaredup | 2023-02-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard. | |||||
| CVE-2023-22375 | 1 Planex | 2 Cs-wmv02g, Cs-wmv02g Firmware | 2023-02-22 | N/A | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability only affects products that are no longer supported by the developer. | |||||
| CVE-2022-46862 | 1 Expresstech | 1 Quiz And Survey Master | 2023-02-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions. | |||||
| CVE-2023-24377 | 1 Lightspeedhq | 1 Ecwid Ecommerce Shopping Cart | 2023-02-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions. | |||||