Total
5841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0623 | 1 Vektor-inc | 1 Vk Block Patterns | 2024-01-26 | N/A | 4.3 MEDIUM |
| The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-20961 | 1 Cisco | 1 Identity Services Engine | 2024-01-25 | N/A | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user. | |||||
| CVE-2023-47718 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2024-01-24 | N/A | 8.8 HIGH |
| IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843. | |||||
| CVE-2024-22715 | 1 Codelyfe | 1 Stupid Simple Cms | 2024-01-24 | N/A | 8.8 HIGH |
| Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php. | |||||
| CVE-2022-41990 | 1 Cardozatechnologies | 1 Cardoza-3d-tag-cloud | 2024-01-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8. | |||||
| CVE-2023-5006 | 1 Sarveshmrao | 1 Wp Discord Invite | 2024-01-24 | N/A | 6.5 MEDIUM |
| The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request. | |||||
| CVE-2022-3899 | 1 3dprint Project | 1 3dprint | 2024-01-24 | N/A | 8.1 HIGH |
| The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into submitting a form. | |||||
| CVE-2022-1618 | 1 Marcorulicke | 1 Coru Lfmember | 2024-01-24 | N/A | 6.1 MEDIUM |
| The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads | |||||
| CVE-2023-47350 | 1 Swiftyedit | 1 Swiftyedit | 2024-01-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality. | |||||
| CVE-2024-0555 | 1 Xantech | 2 Wic1200, Wic1200 Firmware | 2024-01-23 | N/A | 8.0 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token implementation. | |||||
| CVE-2022-1760 | 1 Dd32 | 1 Core Control | 2024-01-23 | N/A | 4.3 MEDIUM |
| The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1617 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-01-23 | N/A | 6.1 MEDIUM |
| The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them | |||||
| CVE-2016-10885 | 1 Benjaminrojas | 1 Wp Editor | 2024-01-23 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-editor plugin before 1.2.6 for WordPress has CSRF. | |||||
| CVE-2023-7125 | 1 Peepso | 1 Peepso | 2024-01-23 | N/A | 4.3 MEDIUM |
| The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in users perform such action via a CSRF attack | |||||
| CVE-2023-6292 | 1 Lightspeedhq | 1 Ecwid Ecommerce Shopping Cart | 2024-01-23 | N/A | 4.3 MEDIUM |
| The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | |||||
| CVE-2024-22819 | 1 Flycms Project | 1 Flycms | 2024-01-23 | N/A | 8.8 HIGH |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update. | |||||
| CVE-2024-22818 | 1 Flycms Project | 1 Flycms | 2024-01-23 | N/A | 8.8 HIGH |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save | |||||
| CVE-2024-22603 | 1 Flycms Project | 1 Flycms | 2024-01-23 | N/A | 8.8 HIGH |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link | |||||
| CVE-2024-22817 | 1 Flycms Project | 1 Flycms | 2024-01-23 | N/A | 8.8 HIGH |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte | |||||
| CVE-2024-22601 | 1 Flycms Project | 1 Flycms | 2024-01-23 | N/A | 8.8 HIGH |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save | |||||