Total
7649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0427 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.8 MEDIUM | 7.7 HIGH |
| Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover | |||||
| CVE-2022-0398 | 1 Caseproof | 1 Thirstyaffiliates Affiliate Link Manager | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
| The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website | |||||
| CVE-2022-0363 | 1 Mycred | 1 Mycred | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts. | |||||
| CVE-2022-0345 | 1 Madewithfuel | 1 Customize Wordpress Emails And Alerts | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.). | |||||
| CVE-2022-0335 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk. | |||||
| CVE-2022-0328 | 1 Simple-membership-plugin | 1 Simple Membership | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack | |||||
| CVE-2022-0313 | 1 Wow-estore | 1 Float Menu | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack | |||||
| CVE-2022-0269 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0. | |||||
| CVE-2022-0245 | 1 Livehelperchat | 1 Livehelperchat | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0. | |||||
| CVE-2022-0238 | 2 Fedoraproject, Phoronix-media | 2 Fedora, Phoronix Test Suite | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2022-0231 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2022-0229 | 1 Miniorange | 1 Google Authenticator | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable. | |||||
| CVE-2022-0226 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2022-0215 | 1 Xootix | 3 Login\/signup Popup, Side Cart Woocommerce, Waitlist Woocommerce | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it possible for attackers to update arbitrary options on a site that can be used to create an administrative user account and grant full privileged access to a compromised site. This affects versions <= 2.2 in Login/Signup Popup, versions <= 2.5.1 in Waitlist Woocommerce ( Back in stock notifier ), and versions <= 2.0 in Side Cart Woocommerce (Ajax). | |||||
| CVE-2022-0199 | 1 Wpdevart | 1 Coming Soon And Maintenance Mode | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack | |||||
| CVE-2022-0197 | 2 Fedoraproject, Phoronix-media | 2 Fedora, Phoronix Test Suite | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2022-0196 | 2 Fedoraproject, Phoronix-media | 2 Fedora, Phoronix Test Suite | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2022-0191 | 1 Acnam | 1 Ad Invalid Click Protector | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans | |||||
| CVE-2022-0180 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page. | |||||
| CVE-2022-0164 | 1 Wpdevart | 1 Coming Soon And Maintenance Mode | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users | |||||