Total
7680 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32589 | 1 Pingonline | 1 Dyslexiefont Free | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <= 1.0.0 versions. | |||||
| CVE-2023-32502 | 1 Cyberwire | 1 Pro Mime Types | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro Mime Types – Manage file media types plugin <= 1.0.7 versions. | |||||
| CVE-2023-32124 | 1 Arulprasadj | 1 Publish Confirm Message | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publish Confirm Message plugin <= 1.3.1 versions. | |||||
| CVE-2023-32123 | 1 Dream-theme | 1 The7 | 2024-11-21 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.This issue affects The7: from n/a through 11.7.3. | |||||
| CVE-2023-32104 | 1 Target-info | 1 Mycurator Content Curation | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurator Content Curation plugin <= 3.74 versions. | |||||
| CVE-2023-32091 | 1 Poeditor | 1 Poeditor | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions. | |||||
| CVE-2023-31999 | 1 Fastify | 1 Oauth2 | 2024-11-21 | N/A | 8.8 HIGH |
| All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to the user's session in some way that will allow the server to validate it. v7.2.0 changes the default behavior to store the state in a cookie with the http-only and same-site=lax attributes set. The state is now by default generated for every user. Note that this contains a breaking change in the checkStateFunction function, which now accepts the full Request object. | |||||
| CVE-2023-31452 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | |||||
| CVE-2023-31230 | 1 Baidu-tongji-generator Project | 1 Baidu-tongji-generator | 2024-11-21 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tongji generator allows Stored XSS.This issue affects Baidu Tongji generator: from n/a through 1.0.2. | |||||
| CVE-2023-31218 | 1 Pluginus | 1 Wolf - Wordpress Posts Bulk Editor And Products Manager Professional | 2024-11-21 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6 versions. | |||||
| CVE-2023-31216 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions. | |||||
| CVE-2023-31200 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | N/A | 5.7 MEDIUM |
| PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. | |||||
| CVE-2023-31174 | 1 Selinc | 1 Sel-5037 Sel Grid Configurator | 2024-11-21 | N/A | 7.4 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | |||||
| CVE-2023-31089 | 1 Webternsolutions | 1 Video Xml Sitemap Generator | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video XML Sitemap Generator.This issue affects Video XML Sitemap Generator: from n/a through 1.0.0. | |||||
| CVE-2023-30901 | 1 Siemens | 2 Q200, Q200 Firmware | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. | |||||
| CVE-2023-30616 | 1 Epiph | 1 Form Block | 2024-11-21 | N/A | 6.5 MEDIUM |
| Form block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any website without a user noticing. Users are advised to upgrade to version 1.0.2. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-30607 | 1 Icinga | 1 Icinga Web Jira Integration | 2024-11-21 | N/A | 5.0 MEDIUM |
| icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is fixed in version 1.3.2. There are no known workarounds. | |||||
| CVE-2023-30484 | 1 Upress | 1 Enable Accessibility | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Accessibility plugin <= 1.4 versions. | |||||
| CVE-2023-30474 | 1 Ultimate Noindex Nofollow Tool Ii Project | 1 Ultimate Noindex Nofollow Tool Ii | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Kilian Evang Ultimate Noindex Nofollow Tool II plugin <= 1.3 versions. | |||||
| CVE-2023-2830 | 1 Trustindex | 1 Wp Testimonials | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions. | |||||