Total
5841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47685 | 1 Nkb-bd | 1 Preloader Matrix | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through 2.0.1. | |||||
| CVE-2023-47519 | 1 Wcproducttable | 1 Woocommerce Product Table Lite | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table WooCommerce Product Table Lite.This issue affects WooCommerce Product Table Lite: from n/a through 2.6.2. | |||||
| CVE-2023-47531 | 1 Droitthemes | 1 Droit Dark Mode | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Dark Mode.This issue affects Droit Dark Mode: from n/a through 1.1.2. | |||||
| CVE-2023-47556 | 1 Jamesmehorter | 1 Device Theme Switcher | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in James Mehorter Device Theme Switcher.This issue affects Device Theme Switcher: from n/a through 3.0.2. | |||||
| CVE-2023-4824 | 1 Bdaia | 1 Woohoo Newspaper Magazine Theme | 2023-11-24 | N/A | 8.8 HIGH |
| The WooHoo Newspaper Magazine theme does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2023-47551 | 1 Rednao | 1 Donations Made Easy - Smart Donations | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. | |||||
| CVE-2023-47552 | 1 Webdevocean | 1 Image Hover Effects | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Image Hover Effects – WordPress Plugin.This issue affects Image Hover Effects – WordPress Plugin: from n/a through 5.5. | |||||
| CVE-2023-47553 | 1 Userlocal | 1 Userheat Plugin | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in User Local Inc UserHeat Plugin.This issue affects UserHeat Plugin: from n/a through 1.1.6. | |||||
| CVE-2023-47688 | 1 Alexufo | 1 Youtube Speedload | 2023-11-23 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Alexufo Youtube SpeedLoad plugin <= 0.6.3 versions. | |||||
| CVE-2022-20612 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2023-11-22 | 2.6 LOW | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set. | |||||
| CVE-2022-20613 | 2 Jenkins, Oracle | 2 Mailer, Communications Cloud Native Core Automated Test Suite | 2023-11-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | |||||
| CVE-2022-27198 | 1 Jenkins | 1 Cloudbees Aws Credentials | 2023-11-22 | 6.0 MEDIUM | 8.0 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. | |||||
| CVE-2021-21679 | 1 Jenkins | 1 Azure Ad | 2023-11-22 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | |||||
| CVE-2022-25212 | 1 Jenkins | 1 Swamp | 2023-11-22 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. | |||||
| CVE-2022-36911 | 1 Jenkins | 1 Openstack Heat | 2023-11-22 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL. | |||||
| CVE-2021-21678 | 1 Jenkins | 1 Saml | 2023-11-22 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | |||||
| CVE-2022-36882 | 1 Jenkins | 1 Git | 2023-11-22 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. | |||||
| CVE-2022-36886 | 1 Jenkins | 1 External Monitor Job Type | 2023-11-22 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job. | |||||
| CVE-2022-36887 | 1 Jenkins | 1 Job Configuration History | 2023-11-22 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations. | |||||
| CVE-2022-34812 | 1 Jenkins | 1 Xpath Configuration Viewer | 2023-11-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. | |||||