Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48744 | 1 Offshorewebmaster | 1 Availability Calendar | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery.This issue affects Availability Calendar: from n/a through 1.2.6. | |||||
| CVE-2023-48331 | 1 Stormhillmedia | 1 Mybook Table Bookstore | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore by Stormhill Media allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore by Stormhill Media: from n/a through 3.3.4. | |||||
| CVE-2023-48323 | 1 Getawesomesupport | 1 Awesome Support | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin allows Cross Site Request Forgery.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.4. | |||||
| CVE-2023-48283 | 1 Presstigers | 1 Simple Testimonials Showcase | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Testimonials Showcase allows Cross Site Request Forgery.This issue affects Simple Testimonials Showcase: from n/a through 1.1.5. | |||||
| CVE-2023-48334 | 1 Daext | 1 League Table | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table allows Cross Site Request Forgery.This issue affects League Table: from n/a through 1.13. | |||||
| CVE-2023-33333 | 1 Really-simple-plugins | 1 Complianz | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting (XSS).This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through 6.4.6.1. | |||||
| CVE-2023-48282 | 1 Andrealandonio | 1 Taxonomy Filter | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio Taxonomy filter allows Cross Site Request Forgery.This issue affects Taxonomy filter: from n/a through 2.2.9. | |||||
| CVE-2023-6137 | 1 Wpfrontier | 1 Frontier Post | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in finnj Frontier Post allows Cross Site Request Forgery.This issue affects Frontier Post: from n/a through 6.1. | |||||
| CVE-2023-38268 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-12-04 | N/A | 8.8 HIGH |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585. | |||||
| CVE-2023-2497 | 1 Userproplugin | 1 Userpro | 2023-12-04 | N/A | 8.8 HIGH |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to the use of unserialize() on the user supplied parameter via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-2440 | 1 Userproplugin | 1 Userpro | 2023-12-01 | N/A | 8.8 HIGH |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to modify the role of verified users to elevate verified user privileges to that of any user such as 'administrator' via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-2438 | 1 Userproplugin | 1 Userpro | 2023-12-01 | N/A | 6.1 MEDIUM |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-24415 | 1 Quantumcloud | 1 Chatbot | 2023-12-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions. | |||||
| CVE-2023-26542 | 1 Exeebit | 1 Phpinfo\(\) Wp | 2023-12-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Exeebit phpinfo() WP plugin <= 4.0 versions. | |||||
| CVE-2023-27458 | 1 Wpstream | 1 Wpstream | 2023-11-30 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream plugin <= 4.4.10 versions. | |||||
| CVE-2021-21652 | 1 Jenkins | 1 Xray - Test Management For Jira | 2023-11-30 | 5.8 MEDIUM | 7.1 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2021-21644 | 1 Jenkins | 1 Config File Provider | 2023-11-30 | 5.8 MEDIUM | 5.4 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID. | |||||
| CVE-2021-21641 | 1 Jenkins | 1 Promoted Builds | 2023-11-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds. | |||||
| CVE-2021-21638 | 1 Jenkins | 1 Team Foundation Server | 2023-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2021-21633 | 1 Jenkins | 1 Owasp Dependency-track | 2023-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | |||||