Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 7225 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-46151 1 Awesometogi 1 Product Category Tree 2023-11-01 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions.
CVE-2023-46191 1 Underdock 1 Open Graph Metabox 2023-11-01 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar Open Graph Metabox plugin <= 1.4.4 versions.
CVE-2023-46150 1 Wpmilitary 1 Wp Radio 2023-11-01 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radio plugin <= 3.1.9 versions.
CVE-2023-46190 1 Novo-media 1 Novo-map\ 2023-11-01 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin <= 1.1.2 versions.
CVE-2023-46189 1 Xtendify 1 Simple Calendar 2023-11-01 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar – Google Calendar Plugin <= 3.2.5 versions.
CVE-2023-46089 1 Userback 1 Userback 2023-10-30 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback Userback plugin <= 1.0.13 versions.
CVE-2023-46085 1 Wpmet 1 Wp Ultimate Review 2023-10-30 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions.
CVE-2023-46095 1 Chetangole 1 Smooth Scroll Links 2023-10-30 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth Scroll Links [SSL] plugin <= 1.1.0 versions.
CVE-2023-5802 1 Wpknowledgebase 1 Wp Knowledgebase 2023-10-30 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin <= 1.3.4 versions.
CVE-2023-46067 1 Qwerty23 1 Rocket Font 2023-10-27 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions.
CVE-2023-46078 1 Pluginever 1 Wc Serial Numbers 2023-10-27 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Serial Numbers plugin <= 1.6.3 versions.
CVE-2023-5687 1 Mosparo 1 Mosparo 2023-10-27 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3.
CVE-2023-5690 1 Modoboa 1 Modoboa 2023-10-27 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2.
CVE-2023-43118 1 Extremenetworks 1 Exos 2023-10-27 N/A 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API.
CVE-2023-44385 1 Home-assistant 1 Home Assistant Companion 2023-10-26 N/A 8.8 HIGH
The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this security advisory, may result in full compromise and remote code execution (RCE). Version 2023.7 addresses this issue and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-161.
CVE-2023-2307 1 Builder 1 Qwik 2023-10-25 N/A 6.5 MEDIUM
Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.
CVE-2023-42435 1 Dexma 1 Dexgate 2023-10-25 N/A 8.8 HIGH
The affected product is vulnerable to a cross-site request forgery vulnerability, which may allow an attacker to perform actions with the permissions of a victim user.
CVE-2020-2240 1 Jenkins 1 Database 2023-10-25 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts.
CVE-2019-1003090 1 Jenkins 1 Soasta Cloudtest 2023-10-25 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003058 1 Jenkins 1 Ftp Publisher 2023-10-25 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server.