Total
5841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3883 | 1 Stopbadbots Project | 1 Stopbadbots | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
| CVE-2022-3882 | 1 Wp-memory Project | 1 Wp-memory | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
| CVE-2022-3881 | 1 Wptools Project | 1 Wptools | 2023-11-07 | N/A | 5.7 MEDIUM |
| The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
| CVE-2022-3880 | 1 Antihacker Project | 1 Antihacker | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
| CVE-2022-3879 | 1 Car Dealer Project | 1 Car Dealer | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
| CVE-2022-3853 | 1 Supra-csv-parser Project | 1 Supra-csv-parser | 2023-11-07 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. | |||||
| CVE-2022-3750 | 1 Inkthemes | 1 Ask Me | 2023-11-07 | N/A | 4.7 MEDIUM |
| The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation. | |||||
| CVE-2022-3747 | 1 Muffingroup | 1 Becustom | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like betheme_url_slug, replaced_theme_author, and betheme_label to name a few, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-3568 | 1 Orangelab | 1 Imagemagick Engine | 2023-11-07 | N/A | 8.8 HIGH |
| The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. | |||||
| CVE-2022-3240 | 1 Follow Me Plugin Project | 1 Follow Me Plugin | 2023-11-07 | N/A | 8.8 HIGH |
| The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMedia_options_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-3082 | 1 Miniorange | 1 Discord Integration | 2023-11-07 | N/A | 6.5 MEDIUM |
| The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example | |||||
| CVE-2022-38660 | 1 Hcltech | 1 Domino | 2023-11-07 | N/A | 8.8 HIGH |
| HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. | |||||
| CVE-2022-38468 | 1 Imagely | 1 Nextgen Gallery | 2023-11-07 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration. | |||||
| CVE-2022-38139 | 1 Rdstation | 1 Rd Station | 2023-11-07 | N/A | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.2.0 at WordPress. | |||||
| CVE-2022-38093 | 1 Aioseo | 1 All In One Seo | 2023-11-07 | N/A | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in One SEO plugin <= 4.2.3.1 at WordPress. | |||||
| CVE-2022-38077 | 1 Essentialplugin | 1 Popup Anything | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions. | |||||
| CVE-2022-38063 | 1 Social Login Wp Project | 1 Social Login Wp | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plugin <= 5.0.0.0 versions. | |||||
| CVE-2022-36404 | 1 Coleds | 1 Simple Seo | 2023-11-07 | N/A | 5.4 MEDIUM |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions. | |||||
| CVE-2022-36401 | 1 Standalonetech | 1 Terawallet | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet – For WooCommerce plugin <= 1.3.24 versions. | |||||
| CVE-2022-36379 | 1 Yookassa | 1 Yukassa For Woocommerce | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. | |||||