Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41296 | 1 Ibm | 2 Db2, Db2 Warehouse | 2023-11-07 | N/A | 8.8 HIGH |
| IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210. | |||||
| CVE-2022-40198 | 1 Standalonetech | 1 Terawallet | 2023-11-07 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech TeraWallet – For WooCommerce plugin <= 1.3.24 leading to plugin settings change. | |||||
| CVE-2022-40692 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions. | |||||
| CVE-2022-3978 | 1 Nodebb | 1 Nodebb | 2023-11-07 | N/A | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this issue. The name of the patch is 2f9d8c350e54543f608d3d4c8e1a49bbb6cdea38. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-213555. | |||||
| CVE-2022-41620 | 1 Seosamba | 1 Seosamba | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPress Webmasters plugin <= 1.0.5 versions. | |||||
| CVE-2022-41622 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2023-11-07 | N/A | 8.8 HIGH |
| In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2022-41633 | 1 Peepso | 1 Peepso | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.2.0 versions. | |||||
| CVE-2022-3568 | 1 Orangelab | 1 Imagemagick Engine | 2023-11-07 | N/A | 8.8 HIGH |
| The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. | |||||
| CVE-2022-3747 | 1 Muffingroup | 1 Becustom | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like betheme_url_slug, replaced_theme_author, and betheme_label to name a few, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-38077 | 1 Essentialplugin | 1 Popup Anything | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions. | |||||
| CVE-2022-3240 | 1 Follow Me Plugin Project | 1 Follow Me Plugin | 2023-11-07 | N/A | 8.8 HIGH |
| The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMedia_options_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-38660 | 1 Hcltech | 1 Domino | 2023-11-07 | N/A | 8.8 HIGH |
| HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. | |||||
| CVE-2022-38468 | 1 Imagely | 1 Nextgen Gallery | 2023-11-07 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration. | |||||
| CVE-2022-35730 | 1 Oceanwp | 1 Sticky Header | 2023-11-07 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky header plugin <= 1.0.8 on WordPress. | |||||
| CVE-2022-36401 | 1 Standalonetech | 1 Terawallet | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet – For WooCommerce plugin <= 1.3.24 versions. | |||||
| CVE-2022-38063 | 1 Social Login Wp Project | 1 Social Login Wp | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plugin <= 5.0.0.0 versions. | |||||
| CVE-2022-36404 | 1 Coleds | 1 Simple Seo | 2023-11-07 | N/A | 5.4 MEDIUM |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions. | |||||
| CVE-2022-36379 | 1 Yookassa | 1 Yukassa For Woocommerce | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress. | |||||
| CVE-2022-34654 | 1 Freeamigos | 1 Manage Notification E-mails | 2023-11-07 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notification E-mails plugin <= 1.8.2 on WordPress. | |||||
| CVE-2022-34448 | 1 Dell | 1 Powerpath Management Appliance | 2023-11-07 | N/A | 8.8 HIGH |
| PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions. | |||||