Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5897 | 1 Sfu | 1 Customlocale | 2023-11-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1. | |||||
| CVE-2023-43295 | 1 Clickstudios | 1 Passwordstate | 2023-11-08 | N/A | 3.5 LOW |
| Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request. | |||||
| CVE-2023-5898 | 1 Pkp | 1 Pkp Web Application Library | 2023-11-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||||
| CVE-2023-5899 | 1 Pkp | 1 Pkp Web Application Library | 2023-11-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||||
| CVE-2023-5820 | 1 I13websolution | 1 Thumbnail Slider With Lightbox | 2023-11-07 | N/A | 8.8 HIGH |
| The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-45317 | 1 Sielco | 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more | 2023-11-07 | N/A | 8.8 HIGH |
| The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. | |||||
| CVE-2023-5602 | 1 Ultimatelysocial | 1 Social Media Share Buttons \& Social Sharing Icons | 2023-11-07 | N/A | 8.8 HIGH |
| The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-5531 | 1 I13websolution | 1 Thumbnail Slider With Lightbox | 2023-11-07 | N/A | 4.3 MEDIUM |
| The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the delete functionality. This makes it possible for unauthenticated attackers to delete image lightboxes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-4937 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2023-11-07 | N/A | 4.3 MEDIUM |
| The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-4942 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2023-11-07 | N/A | 4.3 MEDIUM |
| The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-4926 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2023-11-07 | N/A | 4.3 MEDIUM |
| The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulk_delete_products function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-4940 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2023-11-07 | N/A | 4.3 MEDIUM |
| The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-4935 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2023-11-07 | N/A | 4.3 MEDIUM |
| The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-4923 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2023-11-07 | N/A | 4.3 MEDIUM |
| The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_delete function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-4975 | 1 Seedprod | 1 Website Builder By Seedprod | 2023-11-07 | N/A | 4.3 MEDIUM |
| The Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.13.1. This is due to missing or incorrect nonce validation on functionality in the builder.php file. This makes it possible for unauthenticated attackers to change the stripe connect token via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-4959 | 1 Redhat | 1 Quay | 2023-11-07 | N/A | 6.5 MEDIUM |
| A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victim’s browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges). | |||||
| CVE-2023-4920 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2023-11-07 | N/A | 8.8 HIGH |
| The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Additionally, input sanitization and escaping is insufficient resulting in the possibility of malicious script injection. | |||||
| CVE-2023-4924 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2023-11-07 | N/A | 4.3 MEDIUM |
| The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products. | |||||
| CVE-2023-40671 | 1 Daxiawp | 1 Dx-auto-save-images | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in ??wp DX-auto-save-images plugin <= 1.4.0 versions. | |||||
| CVE-2023-3254 | 1 Trustedindex | 1 Widgets For Google Reviews | 2023-11-07 | N/A | 4.3 MEDIUM |
| The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setup_no_reg_header.php. This makes it possible for unauthenticated attackers to reset plugin settings and remove reviews via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||