Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38093 | 1 Aioseo | 1 All In One Seo | 2023-02-11 | N/A | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in One SEO plugin <= 4.2.3.1 at WordPress. | |||||
| CVE-2021-24581 | 1 Blue-admin Project | 1 Blue-admin | 2023-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack. | |||||
| CVE-2023-0722 | 1 Wickedplugins | 1 Wicked Folders | 2023-02-09 | N/A | 4.3 MEDIUM |
| The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_state function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | |||||
| CVE-2023-0725 | 1 Wickedplugins | 1 Wicked Folders | 2023-02-09 | N/A | 4.3 MEDIUM |
| The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_clone_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | |||||
| CVE-2023-0724 | 1 Wickedplugins | 1 Wicked Folders | 2023-02-09 | N/A | 4.3 MEDIUM |
| The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_add_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | |||||
| CVE-2019-3718 | 1 Dell | 1 Supportassist | 2023-02-09 | 6.8 MEDIUM | 8.8 HIGH |
| Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems. | |||||
| CVE-2023-0726 | 1 Wickedplugins | 1 Wicked Folders | 2023-02-09 | N/A | 4.3 MEDIUM |
| The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_edit_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | |||||
| CVE-2023-0685 | 1 Wickedplugins | 1 Wicked Folders | 2023-02-09 | N/A | 4.3 MEDIUM |
| The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.. | |||||
| CVE-2021-36444 | 1 Txjia | 1 Imcat | 2023-02-09 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page. | |||||
| CVE-2021-36443 | 1 Txjia | 1 Imcat | 2023-02-09 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification. | |||||
| CVE-2022-36401 | 1 Standalonetech | 1 Terawallet | 2023-02-09 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet – For WooCommerce plugin <= 1.3.24 versions. | |||||
| CVE-2021-36570 | 1 Thedaylightstudio | 1 Fuel Cms | 2023-02-09 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---. | |||||
| CVE-2021-36569 | 1 Thedaylightstudio | 1 Fuel Cms | 2023-02-09 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2. | |||||
| CVE-2023-25015 | 2 Clockwork Web Project, Rubyonrails | 2 Clockwork Web, Rails | 2023-02-09 | N/A | 6.5 MEDIUM |
| Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | |||||
| CVE-2022-47132 | 1 Creativeitem | 1 Academy Lms | 2023-02-09 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users. | |||||
| CVE-2022-47131 | 1 Creativeitem | 1 Academy Lms | 2023-02-09 | N/A | 4.8 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page. | |||||
| CVE-2022-47130 | 1 Creativeitem | 1 Academy Lms | 2023-02-09 | N/A | 4.3 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page. | |||||
| CVE-2023-0728 | 1 Wickedplugins | 1 Wicked Folders | 2023-02-09 | N/A | 4.3 MEDIUM |
| The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | |||||
| CVE-2023-0727 | 1 Wickedplugins | 1 Wicked Folders | 2023-02-09 | N/A | 4.3 MEDIUM |
| The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_delete_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | |||||
| CVE-2023-0730 | 1 Wickedplugins | 1 Wicked Folders | 2023-02-09 | N/A | 4.3 MEDIUM |
| The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | |||||