Total
7682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40210 | 1 Sean-barton | 1 Sb Child List | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions. | |||||
| CVE-2023-40202 | 1 Codemiq | 1 Wp Html Mail | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <= 3.4.1 versions. | |||||
| CVE-2023-40201 | 1 Futuriowp | 1 Futurio Extra | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin. | |||||
| CVE-2023-40199 | 1 Crudlab | 1 Wp Like Button | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions. | |||||
| CVE-2023-40198 | 1 Antsanchez | 1 Easy Cookie Law | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <= 3.1 versions. | |||||
| CVE-2023-40172 | 1 Fobybus | 1 Social-media-skeleton | 2024-11-21 | N/A | 6.5 MEDIUM |
| Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. A Cross-site request forgery (CSRF) attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do. This can be done by sending the victim a malicious link or by exploiting a vulnerability in the website. Prior to version 1.0.5 Social media skeleton did not properly restrict CSRF attacks. This has been addressed in version 1.0.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-40048 | 1 Progress | 1 Ws Ftp Server | 2024-11-21 | N/A | 6.8 MEDIUM |
| In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function. | |||||
| CVE-2023-40009 | 1 Thimpress | 1 Wp Pipes | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions. | |||||
| CVE-2023-40008 | 1 Webtechforce | 1 Simple Org Chart | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions. | |||||
| CVE-2023-3841 | 1 Nxfilter | 1 Nxfilter | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in NxFilter 4.3.2.5 and classified as problematic. This vulnerability affects unknown code of the file user.jsp. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235192. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3627 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1. | |||||
| CVE-2023-3589 | 1 3ds | 1 Teamwork Cloud No Magic Release | 2024-11-21 | N/A | 6.8 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server. | |||||
| CVE-2023-3579 | 1 Hadsky | 1 Hadsky | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in HadSky 7.11.8. Affected by this issue is some unknown functionality of the component User Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233372. | |||||
| CVE-2023-3414 | 1 Jenkins | 1 Servicenow Devops | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform. | |||||
| CVE-2023-3356 | 1 Kreci | 1 Subscribers Text Counter | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | |||||
| CVE-2023-3254 | 1 Trustedindex | 1 Widgets For Google Reviews | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setup_no_reg_header.php. This makes it possible for unauthenticated attackers to reset plugin settings and remove reviews via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-3203 | 1 Inspireui | 1 Mstore Api | 2024-11-21 | N/A | 4.3 MEDIUM |
| The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-3075 | 1 Corebos | 1 Corebos | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8. | |||||
| CVE-2023-3055 | 1 Azexo | 1 Page Builder With Image Map By Azexo | 2024-11-21 | N/A | 6.1 MEDIUM |
| The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_save' function. This makes it possible for unauthenticated attackers to update the post content and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-3052 | 1 Azexo | 1 Page Builder With Image Map By Azexo | 2024-11-21 | N/A | 6.3 MEDIUM |
| The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_add_post', 'azh_duplicate_post', 'azh_update_post' and 'azh_remove_post' functions. This makes it possible for unauthenticated attackers to create, modify, and delete a post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||