Total
7680 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4564 | 1 Ucf | 1 Materia | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.1-alpha1 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability. | |||||
| CVE-2022-4397 | 1 Zend-blog-2 Project | 1 Zend-blog-2 | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 36b2d4abe20a6245e4f8df7a4b14e130b24d429d. It is recommended to apply a patch to fix this issue. VDB-215250 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4349 | 1 Pwn Project | 1 Pwn | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability. | |||||
| CVE-2022-4125 | 1 Popup Manager Project | 1 Popup Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well | |||||
| CVE-2022-4090 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214331. | |||||
| CVE-2022-4021 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2024-11-21 | N/A | 8.8 HIGH |
| The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to change plugin settings including permalinks and site maps, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-4014 | 1 Feehi | 1 Feehicms | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this vulnerability is VDB-213788. | |||||
| CVE-2022-4013 | 1 Hospital Management Center Project | 1 Hospital Management Center | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787. | |||||
| CVE-2022-48320 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk <= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an attacker to add new visual elements to multiple pages. | |||||
| CVE-2022-47612 | 1 Xnau | 1 Participants Database | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update. | |||||
| CVE-2022-47611 | 1 Hover Image Project | 1 Hover Image | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m Hover Image plugin <= 1.4.1 versions. | |||||
| CVE-2022-47609 | 1 Nicearma | 1 Dnui-delete-not-used-image | 2024-11-21 | N/A | 6.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugin <= 2.8.1 versions. | |||||
| CVE-2022-47559 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2024-11-21 | N/A | 8.6 HIGH |
| Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity. | |||||
| CVE-2022-47448 | 1 Xiligroup | 1 Xili-tidy-tags | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in dev.Xiligroup.Com - MS plugin <= 1.12.03 versions. | |||||
| CVE-2022-47447 | 1 Internet-formation | 1 Wp-advanced-search | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin <= 3.3.8 versions. | |||||
| CVE-2022-47446 | 1 Viadat | 1 Store Locator For Wordpress With Google Maps | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations Store Locator for WordPress with Google Maps – LotsOfLocales plugin <= 3.98.7 versions. | |||||
| CVE-2022-47443 | 1 Multi Rating Project | 1 Multi Rating | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions. | |||||
| CVE-2022-47440 | 1 My Tickets Project | 1 My Tickets | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Tickets plugin <= 1.9.10 versions. | |||||
| CVE-2022-47427 | 1 My Calendar Project | 1 My Calendar | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions. | |||||
| CVE-2022-47422 | 1 Hmplugin | 1 Accept Stripe Donation - Aidwp | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin <= 3.1.5 versions. | |||||