Total
5841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9062 | 1 Phpscriptsmall | 1 Online Food Ordering Script | 2023-11-09 | 6.0 MEDIUM | 8.0 HIGH |
| PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account.php. | |||||
| CVE-2023-5893 | 1 Sfu | 1 Pkp Web Application Library | 2023-11-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||||
| CVE-2023-5897 | 1 Sfu | 1 Customlocale | 2023-11-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1. | |||||
| CVE-2023-5519 | 1 Metagauss | 1 Eventprime | 2023-11-08 | N/A | 4.3 MEDIUM |
| The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. | |||||
| CVE-2023-43295 | 1 Clickstudios | 1 Passwordstate | 2023-11-08 | N/A | 3.5 LOW |
| Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request. | |||||
| CVE-2023-4251 | 1 Metagauss | 1 Eventprime | 2023-11-08 | N/A | 4.3 MEDIUM |
| The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. | |||||
| CVE-2023-5899 | 1 Pkp | 1 Pkp Web Application Library | 2023-11-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||||
| CVE-2023-5898 | 1 Pkp | 1 Pkp Web Application Library | 2023-11-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||||
| CVE-2023-42323 | 1 Mnbvcxz131421 | 1 Douhaocms | 2023-11-07 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 allows a remote attacker to execute arbitrary code via the adminAction.class.php file. | |||||
| CVE-2023-5820 | 1 I13websolution | 1 Thumbnail Slider With Lightbox | 2023-11-07 | N/A | 8.8 HIGH |
| The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-45317 | 1 Sielco | 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more | 2023-11-07 | N/A | 8.8 HIGH |
| The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. | |||||
| CVE-2023-5602 | 1 Ultimatelysocial | 1 Social Media Share Buttons \& Social Sharing Icons | 2023-11-07 | N/A | 8.8 HIGH |
| The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-5534 | 1 Quantumcloud | 1 Ai Chatbot | 2023-11-07 | N/A | 5.4 MEDIUM |
| The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-5531 | 1 I13websolution | 1 Thumbnail Slider With Lightbox | 2023-11-07 | N/A | 4.3 MEDIUM |
| The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the delete functionality. This makes it possible for unauthenticated attackers to delete image lightboxes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-4975 | 1 Seedprod | 1 Website Builder By Seedprod | 2023-11-07 | N/A | 4.3 MEDIUM |
| The Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.13.1. This is due to missing or incorrect nonce validation on functionality in the builder.php file. This makes it possible for unauthenticated attackers to change the stripe connect token via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-4959 | 1 Redhat | 1 Quay | 2023-11-07 | N/A | 6.5 MEDIUM |
| A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victim’s browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges). | |||||
| CVE-2023-4942 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2023-11-07 | N/A | 4.3 MEDIUM |
| The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-4940 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2023-11-07 | N/A | 4.3 MEDIUM |
| The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-4937 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2023-11-07 | N/A | 4.3 MEDIUM |
| The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-4935 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2023-11-07 | N/A | 4.3 MEDIUM |
| The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||