Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4247 | 1 Givewp | 1 Givewp | 2024-01-17 | N/A | 5.4 MEDIUM |
| The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_disconnect function. This makes it possible for unauthenticated attackers to deactivate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-48258 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-01-16 | N/A | 8.1 HIGH |
| The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session. | |||||
| CVE-2023-45992 | 1 Commscope | 1 Ruckus Cloudpath Enrollment System | 2024-01-12 | N/A | 9.6 CRITICAL |
| A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system. | |||||
| CVE-2023-51539 | 1 Apollo13themes | 1 Apollo13 Framework Extensions | 2024-01-12 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.1. | |||||
| CVE-2023-52145 | 1 Mariosalexandrou | 1 Republish Old Posts | 2024-01-12 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.This issue affects Republish Old Posts: from n/a through 1.21. | |||||
| CVE-2023-6788 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2024-01-11 | N/A | 5.4 MEDIUM |
| The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it possible for unauthenticated attackers to update the options "mf_hubsopt_token", "mf_hubsopt_refresh_token", "mf_hubsopt_token_type", and "mf_hubsopt_expires_in" via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This would allow an attacker to connect their own Hubspot account to a victim site's metform to obtain leads and contacts. | |||||
| CVE-2023-52216 | 1 Yevhenkotelnytskyi | 1 Js \& Css Script Optimizer | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3. | |||||
| CVE-2023-52200 | 1 Reputeinfosystems | 1 Armember | 2024-01-11 | N/A | 9.8 CRITICAL |
| Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a. | |||||
| CVE-2023-52222 | 1 Woocommerce | 1 Woocommerce | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. | |||||
| CVE-2023-52122 | 1 Presstigers | 1 Simple Job Board | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6. | |||||
| CVE-2023-52121 | 1 Nitropack | 1 Nitropack | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a through 1.10.2. | |||||
| CVE-2023-52136 | 1 Smashballoon | 1 Custom Twitter Feeds | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds – A Tweets Widget or X Feed Widget: from n/a through 2.1.2. | |||||
| CVE-2023-52120 | 1 Basixonline | 1 Nex-forms | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2. | |||||
| CVE-2023-52119 | 1 Icegram | 1 Icegram Engage | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18. | |||||
| CVE-2023-52130 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31. | |||||
| CVE-2023-52129 | 1 Mtrv | 1 Teachpress | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4. | |||||
| CVE-2023-52128 | 1 Linksoftwarellc | 1 White Label | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard: from n/a through 2.9.0. | |||||
| CVE-2023-52184 | 1 Wpjobportal | 1 Wp Job Portal | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.6. | |||||
| CVE-2022-1918 | 1 Toolbar To Share Project | 1 Toolbar To Share | 2024-01-11 | 6.8 MEDIUM | 8.8 HIGH |
| The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-2540 | 1 Link Optimizer Lite Project | 1 Link Optimizer Lite | 2024-01-11 | N/A | 8.8 HIGH |
| The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the admin_page function found in the ~/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||