Total
7649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0154 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a Cross-Site Request Forgery attack that allows a malicious user to have their GitHub project imported on another GitLab user account. | |||||
| CVE-2022-0141 | 1 Vfbpro | 1 Visual Form Builder | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks | |||||
| CVE-2022-0134 | 1 Bologer | 1 Anycomment | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack | |||||
| CVE-2022-0088 | 1 Yourls | 1 Yourls | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3. | |||||
| CVE-2021-4425 | 1 Wpmudev | 1 Defender Security | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to verify a one time login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4418 | 1 Wpfactory | 1 Custom Css\, Js \& Php | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4398 | 1 Amministrazione Trasparente Project | 1 Amministrazione Trasparente | 2024-11-21 | N/A | 8.8 HIGH |
| The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the at_save_aturl_meta() function. This makes it possible for unauthenticated attackers to update meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4389 | 1 Wensolutions | 1 Wp Travel | 2024-11-21 | N/A | 4.3 MEDIUM |
| The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4373 | 1 Webberzone | 1 Better Search | 2024-11-21 | N/A | 8.8 HIGH |
| The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4349 | 1 Coolplugins | 1 Process Steps Template Designer | 2024-11-21 | N/A | 8.8 HIGH |
| The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to conduct unspecified attacks via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4275 | 1 Pyambic-pentameter Project | 1 Pyambic-pentameter | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in katlings pyambic-pentameter. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 974f21aa1b2527ef39c8afe1a5060548217deca8. It is recommended to apply a patch to fix this issue. VDB-216498 is the identifier assigned to this vulnerability. | |||||
| CVE-2021-4268 | 1 Phpredisadmin Project | 1 Phpredisadmin | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in phpRedisAdmin up to 1.17.3. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.18.0 is able to address this issue. The name of the patch is b9039adbb264c81333328faa9575ecf8e0d2be94. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216471. | |||||
| CVE-2021-4168 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-4164 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-4162 | 1 Archivy Project | 1 Archivy | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| archivy is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-4131 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-4130 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-4123 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-4096 | 1 Radykal | 1 Fancy Product Designer | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5. | |||||
| CVE-2021-4092 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) | |||||