Search
Total
3999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45992 | 1 Commscope | 1 Ruckus Cloudpath Enrollment System | 2024-01-12 | N/A | 9.6 CRITICAL |
| A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system. | |||||
| CVE-2023-51539 | 1 Apollo13themes | 1 Apollo13 Framework Extensions | 2024-01-12 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.1. | |||||
| CVE-2023-52145 | 1 Mariosalexandrou | 1 Republish Old Posts | 2024-01-12 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.This issue affects Republish Old Posts: from n/a through 1.21. | |||||
| CVE-2023-6788 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2024-01-11 | N/A | 5.4 MEDIUM |
| The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it possible for unauthenticated attackers to update the options "mf_hubsopt_token", "mf_hubsopt_refresh_token", "mf_hubsopt_token_type", and "mf_hubsopt_expires_in" via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This would allow an attacker to connect their own Hubspot account to a victim site's metform to obtain leads and contacts. | |||||
| CVE-2023-52073 | 1 Flycms Project | 1 Flycms | 2024-01-11 | N/A | 8.8 HIGH |
| FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte. | |||||
| CVE-2023-52072 | 1 Flycms Project | 1 Flycms | 2024-01-11 | N/A | 8.8 HIGH |
| FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte. | |||||
| CVE-2023-52074 | 1 Flycms Project | 1 Flycms | 2024-01-11 | N/A | 8.8 HIGH |
| FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte. | |||||
| CVE-2023-6532 | 1 Wp-blogs-planetarium Project | 1 Wp-blogs-planetarium | 2024-01-11 | N/A | 8.8 HIGH |
| The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2023-6529 | 1 Coderex | 1 Wp Vr | 2024-01-11 | N/A | 6.1 MEDIUM |
| The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities. | |||||
| CVE-2023-6845 | 1 Theresehansen | 1 Commenttweets | 2024-01-11 | N/A | 8.8 HIGH |
| The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | |||||
| CVE-2023-52216 | 1 Yevhenkotelnytskyi | 1 Js \& Css Script Optimizer | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3. | |||||
| CVE-2023-52200 | 1 Reputeinfosystems | 1 Armember | 2024-01-11 | N/A | 9.8 CRITICAL |
| Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a. | |||||
| CVE-2023-52222 | 1 Woocommerce | 1 Woocommerce | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. | |||||
| CVE-2023-52122 | 1 Presstigers | 1 Simple Job Board | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6. | |||||
| CVE-2023-52121 | 1 Nitropack | 1 Nitropack | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a through 1.10.2. | |||||
| CVE-2023-52136 | 1 Smashballoon | 1 Custom Twitter Feeds | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds – A Tweets Widget or X Feed Widget: from n/a through 2.1.2. | |||||
| CVE-2023-52120 | 1 Basixonline | 1 Nex-forms | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2. | |||||
| CVE-2023-52119 | 1 Icegram | 1 Icegram Engage | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18. | |||||
| CVE-2023-52130 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31. | |||||
| CVE-2023-52129 | 1 Mtrv | 1 Teachpress | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4. | |||||
| CVE-2023-52128 | 1 Linksoftwarellc | 1 White Label | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard: from n/a through 2.9.0. | |||||
| CVE-2023-52123 | 1 Machothemes | 1 Strong Testimonials | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10. | |||||
| CVE-2023-52184 | 1 Wpjobportal | 1 Wp Job Portal | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.6. | |||||
| CVE-2022-2540 | 1 Link Optimizer Lite Project | 1 Link Optimizer Lite | 2024-01-11 | N/A | 8.8 HIGH |
| The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the admin_page function found in the ~/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-1918 | 1 Toolbar To Share Project | 1 Toolbar To Share | 2024-01-11 | 6.8 MEDIUM | 8.8 HIGH |
| The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-52150 | 1 Ovation | 1 Dynamic Content For Elementor | 2024-01-10 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor.This issue affects Dynamic Content for Elementor: from n/a before 2.12.5. | |||||
| CVE-2023-52127 | 1 Wpclever | 1 Wpc Product Bundles For Woocommerce | 2024-01-10 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce.This issue affects WPC Product Bundles for WooCommerce: from n/a through 7.3.1. | |||||
| CVE-2016-10962 | 1 Icegram | 1 Icegram Engage | 2024-01-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter. | |||||
| CVE-2023-6493 | 1 Averta | 1 Depicter Slider | 2024-01-10 | N/A | 4.3 MEDIUM |
| The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-51491 appears to be a duplicate of this issue. | |||||
| CVE-2023-51678 | 1 Doofinder | 1 Doofinder | 2024-01-10 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.0.33. | |||||
| CVE-2023-6984 | 1 Ideabox | 1 Powerpack Addons For Elementor | 2024-01-09 | N/A | 4.3 MEDIUM |
| The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.13. This is due to missing or incorrect nonce validation in the powerpack-lite-for-elementor/classes/class-pp-admin-settings.php file. This makes it possible for unauthenticated attackers to modify and reset plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-52149 | 1 Wow-company | 1 Floating Button | 2024-01-09 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0. | |||||
| CVE-2023-51535 | 1 Cleantalk | 1 Spam Protection\, Antispam\, Firewall | 2024-01-09 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in ?leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20. | |||||
| CVE-2023-51538 | 1 Getawesomesupport | 1 Awesome Support | 2024-01-09 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.5. | |||||
| CVE-2023-51668 | 1 Wpzone | 1 Inline Image Upload For Bbpress | 2024-01-09 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress.This issue affects Inline Image Upload for BBPress: from n/a through 1.1.18. | |||||
| CVE-2023-30901 | 1 Siemens | 2 Q200, Q200 Firmware | 2024-01-09 | N/A | 8.8 HIGH |
| A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. | |||||
| CVE-2020-2268 | 1 Jenkins | 1 Mongodb | 2024-01-09 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. | |||||
| CVE-2018-25096 | 1 Petrk94 | 1 Ownhealthrecord | 2024-01-08 | N/A | 8.8 HIGH |
| A vulnerability was found in MdAlAmin-aol Own Health Record 0.1-alpha/0.2-alpha/0.3-alpha/0.3.1-alpha. It has been rated as problematic. This issue affects some unknown processing of the file includes/logout.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 0.4-alpha is able to address this issue. The patch is named 58b413aa40820b49070782c786c526850ab7748f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249191. | |||||
| CVE-2023-7092 | 1 Uniwayinfo | 2 Uw-302vp, Uw-302vp Firmware | 2024-01-05 | N/A | 4.3 MEDIUM |
| A vulnerability was found in Uniway UW-302VP 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /boaform/wlan_basic_set.cgi of the component Admin Web Interface. The manipulation of the argument wlanssid/password leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248939. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-51402 | 1 Brainstormforce | 1 Ultimate Addons For Wpbakery Page Builder | 2024-01-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.17. | |||||
| CVE-2023-51545 | 1 Themehigh | 1 Job Manager \& Career | 2024-01-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4. | |||||
| CVE-2023-50858 | 1 Billminozzi | 1 Anit Hacker | 2024-01-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34. | |||||
| CVE-2023-50878 | 1 Inspireui | 1 Mstore Api | 2024-01-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1. | |||||
| CVE-2023-51354 | 1 Webba-booking | 1 Webba Booking | 2024-01-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appointment & Event Booking Calendar Plugin – Webba Booking.This issue affects Appointment & Event Booking Calendar Plugin – Webba Booking: from n/a through 4.5.33. | |||||
| CVE-2023-50902 | 1 Wpexperts | 1 New User Approve | 2024-01-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve.This issue affects New User Approve: from n/a through 2.5.1. | |||||
| CVE-2023-51378 | 1 Eaglevisionit | 1 Rise Blocks | 2024-01-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Blocks – A Complete Gutenberg Page Builder.This issue affects Rise Blocks – A Complete Gutenberg Page Builder: from n/a through 3.1. | |||||
| CVE-2023-51358 | 1 Brightplugins | 1 Block Ips For Gravity Forms | 2024-01-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms.This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1. | |||||
| CVE-2023-50873 | 1 Infolific | 1 Add Any Extension To Pages | 2024-01-04 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Add Any Extension to Pages.This issue affects Add Any Extension to Pages: from n/a through 1.4. | |||||
| CVE-2023-46699 | 1 Weseek | 1 Growi | 2024-01-04 | N/A | 4.3 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention. | |||||
| CVE-2022-2389 | 1 Funnelkit | 1 Funnelkit Automations | 2024-01-04 | N/A | 4.3 MEDIUM |
| The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations | |||||