Total
5841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34815 | 1 Jenkins | 1 Request Rename Or Delete | 2023-11-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. | |||||
| CVE-2022-34817 | 1 Jenkins | 1 Failed Job Deactivator | 2023-11-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. | |||||
| CVE-2022-34797 | 1 Jenkins | 1 Deployment Dashboard | 2023-11-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials. | |||||
| CVE-2023-47686 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2023-11-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.2.2 versions. | |||||
| CVE-2023-47687 | 1 Vjinfotech | 1 Woo Custom And Sequential Order Number | 2023-11-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in VJInfotech Woo Custom and Sequential Order Number plugin <= 2.6.0 versions. | |||||
| CVE-2023-38130 | 1 Cubecart | 1 Cubecart | 2023-11-22 | N/A | 8.1 HIGH |
| Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. | |||||
| CVE-2023-43275 | 1 Dedecms | 1 Dedecms | 2023-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form. | |||||
| CVE-2023-4689 | 1 Webtechstreet | 1 Elementor Addon Elements | 2023-11-21 | N/A | 4.3 MEDIUM |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_elements function. This makes it possible for unauthenticated attackers to enable/disable elementor addon elements via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-4690 | 1 Webtechstreet | 1 Elementor Addon Elements | 2023-11-21 | N/A | 4.3 MEDIUM |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_config function. This makes it possible for unauthenticated attackers to change configuration settings for the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-8976 | 1 Zigor | 2 Zgr Tps200 Ng, Zgr Tps200 Ng Firmware | 2023-11-20 | N/A | 8.8 HIGH |
| The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request. | |||||
| CVE-2023-48021 | 1 Iteachyou | 1 Dreamer Cms | 2023-11-18 | N/A | 8.8 HIGH |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update. | |||||
| CVE-2023-35041 | 1 Webpushr | 1 Web Push Notifications | 2023-11-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Local File Inclusion (LF) in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin <= 4.34.0 versions. | |||||
| CVE-2023-48020 | 1 Iteachyou | 1 Dreamer Cms | 2023-11-17 | N/A | 8.8 HIGH |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus. | |||||
| CVE-2023-27418 | 1 Wow-company | 1 Side Menu Lite | 2023-11-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite – add sticky fixed buttons plugin <= 4.0 versions. | |||||
| CVE-2023-27417 | 1 Ifeelweb | 1 Affiliate Super Assistent | 2023-11-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Timo Reith Affiliate Super Assistent plugin <= 1.5.1 versions. | |||||
| CVE-2023-27431 | 1 Themehunk | 1 Big Store | 2023-11-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk Big Store theme <= 1.9.3 versions. | |||||
| CVE-2023-27611 | 1 Jeanbaptisteaudras | 1 Reusable Blocks Extended | 2023-11-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in audrasjb Reusable Blocks Extended plugin <= 0.9 versions. | |||||
| CVE-2023-27623 | 1 Jenst | 1 Wp Page Numbers | 2023-11-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Jens Törnell WP Page Numbers plugin <= 0.5 versions. | |||||
| CVE-2023-27632 | 1 Daily Prayer Time Project | 1 Daily Prayer Time | 2023-11-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.03.08 versions. | |||||
| CVE-2023-28172 | 1 Flippercode | 1 Wp Google Map | 2023-11-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions. | |||||