Total
5841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4090 | 1 Stock Management System Project | 1 Stock Management System | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214331. | |||||
| CVE-2022-4024 | 1 Genetechsolutions | 1 Pie Register | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts) | |||||
| CVE-2022-4021 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2023-11-07 | N/A | 4.3 MEDIUM |
| The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to change plugin settings including permalinks and site maps, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-4013 | 1 Hospital Management Center Project | 1 Hospital Management Center | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787. | |||||
| CVE-2022-47612 | 1 Xnau | 1 Participants Database | 2023-11-07 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update. | |||||
| CVE-2022-47443 | 1 Multi Rating Project | 1 Multi Rating | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions. | |||||
| CVE-2022-47440 | 1 My Tickets Project | 1 My Tickets | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Tickets plugin <= 1.9.10 versions. | |||||
| CVE-2022-47427 | 1 My Calendar Project | 1 My Calendar | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions. | |||||
| CVE-2022-47422 | 1 Hmplugin | 1 Accept Stripe Donation - Aidwp | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin <= 3.1.5 versions. | |||||
| CVE-2022-47395 | 1 Sewio | 1 Real-time Location System Studio | 2023-11-07 | N/A | 8.1 HIGH |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its monitor services. An attacker could take advantage of this vulnerability to execute arbitrary maintenance operations and cause a denial-of-service condition. | |||||
| CVE-2022-47179 | 1 Ujsoftware | 1 Owm Weather | 2023-11-07 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a draft. | |||||
| CVE-2022-47166 | 1 Voidcoders | 1 Void Contact Form 7 Widget For Elementor Page Builder | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.1.1 versions. | |||||
| CVE-2022-47163 | 1 Wp Csv To Database Project | 1 Wp Csv To Database | 2023-11-07 | N/A | 7.5 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database – Insert CSV file content into WordPress plugin <= 2.6 versions. | |||||
| CVE-2022-47162 | 1 Dh - Anti Adblocker Project | 1 Dh - Anti Adblocker | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdyawan DH – Anti AdBlocker plugin <= 36 versions. | |||||
| CVE-2022-47155 | 1 Supsystic | 1 Slider | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by Supsystic plugin <= 1.8.5 versions. | |||||
| CVE-2022-47154 | 1 Piwebsolution | 1 Css Js Manager\, Async Javascript\, Defer Render Blocking Css Supports Woocommerce | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin <= 2.4.49 versions. | |||||
| CVE-2022-47149 | 1 Upress | 1 Enable Accessibility | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 3.4.0 versions. | |||||
| CVE-2022-47148 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2023-11-07 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup dismiss. | |||||
| CVE-2022-47147 | 1 Kesz1 | 1 Ipblocklist | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Kesz1 Technologies ipBlockList plugin <= 1.0 versions. | |||||
| CVE-2022-47143 | 1 Themeisle | 1 Multiple Page Generator | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG plugin <= 3.3.9 versions. | |||||