Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 7682 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-47350 1 Swiftyedit 1 Swiftyedit 2024-11-21 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality.
CVE-2023-47326 1 Silverpeas 1 Silverpeas 2024-11-21 N/A 8.8 HIGH
Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.
CVE-2023-47322 1 Silverpeas 1 Silverpeas 2024-11-21 N/A 8.8 HIGH
The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.
CVE-2023-47230 1 Cimatti 1 Wordpress Contact Forms 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.6.0 versions.
CVE-2023-47186 1 Kadencewp 1 Kadence Woocommerce Email Designer 2024-11-21 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin <= 1.5.11 versions.
CVE-2023-47182 1 Nazmulhossainnihal 1 Login Screen Manager 2024-11-21 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin <= 3.5.2 versions.
CVE-2023-47014 1 Remyandrade 1 Sticky Notes App 2024-11-21 N/A 6.5 MEDIUM
A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php.
CVE-2023-46781 1 Rolandmurg 1 Current Menu Item For Custom Post Types 2024-11-21 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin <= 1.5 versions.
CVE-2023-46780 1 Altersoftware 1 Alter 2024-11-21 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin <= 1.0 versions.
CVE-2023-46779 1 Easyrecipe Project 1 Easyrecipe 2024-11-21 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin <= 3.5.3251 versions.
CVE-2023-46778 1 Thefreewindows 1 Auto Limit Posts Reloaded 2024-11-21 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in TheFreeWindows Auto Limit Posts Reloaded plugin <= 2.5 versions.
CVE-2023-46777 1 Featherplugins 1 Custom Login Page \| Temporary Users \| Rebrand Login \| Login Captcha 2024-11-21 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin <= 1.1.3 versions.
CVE-2023-46776 1 Josie 1 Auto Excerpt Everywhere 2024-11-21 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin <= 1.5 versions.
CVE-2023-46775 1 Zixn 1 Original Texts Yandex Webmaster 2024-11-21 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin <= 1.18 versions.
CVE-2023-46699 1 Weseek 1 Growi 2024-11-21 N/A 4.3 MEDIUM
Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention.
CVE-2023-46617 1 Wpfoxly 1 Adfoxly 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5.
CVE-2023-46375 1 Zentao 1 Biz 2024-11-21 N/A 8.8 HIGH
ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF).
CVE-2023-46242 1 Xwiki 1 Xwiki 2024-11-21 N/A 9.6 CRITICAL
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to execute a content with the right of any user via a crafted URL. A user must have `programming` privileges in order to exploit this vulnerability. This issue has been patched in XWiki 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for for this vulnerability.
CVE-2023-46212 1 Wpvnteam 1 Wp Extra 2024-11-21 N/A 6.3 MEDIUM
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2.
CVE-2023-46204 1 Mullerdigital 1 Duplicate Theme 2024-11-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. Duplicate Theme plugin <= 0.1.6 versions.