Total
8118 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31089 | 1 Webternsolutions | 1 Video Xml Sitemap Generator | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video XML Sitemap Generator.This issue affects Video XML Sitemap Generator: from n/a through 1.0.0. | ||||
| CVE-2023-31088 | 1 Floating Action Button Project | 1 Floating Action Button | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Faraz Quazi Floating Action Button plugin <= 1.2.1 versions. | ||||
| CVE-2023-31087 | 1 Joomsky | 1 Js Job Manager | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions. | ||||
| CVE-2023-31086 | 1 Ibenic | 1 Simple Giveaways | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin <= 2.46.0 versions. | ||||
| CVE-2023-31078 | 1 Browserupdate | 1 Wp Browserupdate | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <= 4.4.1 versions. | ||||
| CVE-2023-31077 | 1 Myrecorp | 1 Export Wp Page To Static Html\/css | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin <= 2.1.9 versions. | ||||
| CVE-2023-31075 | 1 Ciphercoin | 1 Easy Hide Login | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Login.This issue affects Easy Hide Login: from n/a through 1.0.8. | ||||
| CVE-2023-30607 | 1 Icinga | 1 Icinga Web Jira Integration | 2024-11-21 | 5 Medium |
| icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is fixed in version 1.3.2. There are no known workarounds. | ||||
| CVE-2023-30478 | 1 Tribulant | 1 Newsletters | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions. | ||||
| CVE-2023-2830 | 1 Trustindex | 1 Wp Testimonials | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions. | ||||
| CVE-2023-2746 | 1 Rockwellautomation | 1 Enhanced Him | 2024-11-21 | 9.6 Critical |
| The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products. | ||||
| CVE-2023-2508 | 2 Apple, Papercut | 2 Macos, Mobility Print Server | 2024-11-21 | 5.3 Medium |
| The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure printer discovery" section). This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc. | ||||
| CVE-2023-2497 | 1 Userproplugin | 1 Userpro | 2024-11-21 | 8.8 High |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to the use of unserialize() on the user supplied parameter via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-2474 | 1 Getrebuild | 1 Rebuild | 2024-11-21 | 4.3 Medium |
| A vulnerability has been found in Rebuild 3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-227866 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-2447 | 1 Userproplugin | 1 Userpro | 2024-11-21 | 6.1 Medium |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'export_users' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-2440 | 1 Userproplugin | 1 Userpro | 2024-11-21 | 8.8 High |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to modify the role of verified users to elevate verified user privileges to that of any user such as 'administrator' via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-2438 | 1 Userproplugin | 1 Userpro | 2024-11-21 | 6.1 Medium |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-2286 | 1 Wpwhitesecurity | 1 Wp Activity Log | 2024-11-21 | 4.3 Medium |
| The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-29440 | 1 Presstigers | 1 Simple Job Board | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board plugin <= 2.10.3 versions. | ||||
| CVE-2023-29426 | 1 Spreadshop | 1 Spreadshop | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd.Net AG) Spreadshop plugin <= 1.6.5 versions. | ||||