Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36693 | 1 Wp Rss Images Project | 1 Wp Rss Images | 2023-07-18 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez WP RSS Images plugin <= 1.1 versions. | |||||
| CVE-2022-29561 | 1 Siemens | 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more | 2023-07-18 | N/A | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. | |||||
| CVE-2023-37277 | 1 Xwiki | 1 Xwiki | 2023-07-18 | N/A | 9.6 CRITICAL |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts `text/plain`, `multipart/form-data` or `application/www-form-urlencoded` as content types which can be sent via regular HTML forms, thus allowing cross-site request forgery. With the interaction of a user with programming rights, this allows remote code execution through script macros and thus impacts the integrity, availability and confidentiality of the whole XWiki installation. For regular cookie-based authentication, the vulnerability is mitigated by SameSite cookie restrictions but as of March 2023, these are not enabled by default in Firefox and Safari. The vulnerability has been patched in XWiki 14.10.8 and 15.2 by requiring a CSRF token header for certain request types that are susceptible to CSRF attacks. | |||||
| CVE-2023-36517 | 1 Wp Abstracts Project | 1 Wp Abstracts | 2023-07-18 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions. | |||||
| CVE-2023-36691 | 1 Webwinkelkeur Project | 1 Webwinkelkeur | 2023-07-18 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Albert Peschar WebwinkelKeur plugin <= 3.24 versions. | |||||
| CVE-2023-34015 | 1 Piwebsolution | 1 Advanced-free-flat-shipping-woocommerce | 2023-07-18 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin <= 1.6.4.4 versions. | |||||
| CVE-2021-34619 | 1 Storeapps | 1 Stock Manager For Woocommerce | 2023-07-18 | 6.8 MEDIUM | 8.8 HIGH |
| The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file. | |||||
| CVE-2023-37392 | 1 Wp Dummy Content Generator Project | 1 Wp Dummy Content Generator | 2023-07-18 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Deepak Anand WP Dummy Content Generator plugin <= 2.3.0 versions. | |||||
| CVE-2023-31999 | 1 Fastify | 1 Oauth2 | 2023-07-17 | N/A | 8.8 HIGH |
| All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to the user's session in some way that will allow the server to validate it. v7.2.0 changes the default behavior to store the state in a cookie with the http-only and same-site=lax attributes set. The state is now by default generated for every user. Note that this contains a breaking change in the checkStateFunction function, which now accepts the full Request object. | |||||
| CVE-2023-25201 | 1 Multitech | 4 Conduit Ap Mtcap2-l4e1, Conduit Ap Mtcap2-l4e1-868-042a, Conduit Ap Mtcap2-l4e1-868-042a Firmware and 1 more | 2023-07-17 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload. | |||||
| CVE-2023-35781 | 1 Lws | 1 Lws Cleaner | 2023-07-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin <= 2.3.0 versions. | |||||
| CVE-2023-35913 | 1 Oopspam | 1 Oopspam Anti-spam | 2023-07-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.44 versions. | |||||
| CVE-2023-35774 | 1 Lws | 1 Lws Tools | 2023-07-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.4.1 versions. | |||||
| CVE-2022-2350 | 1 Brainvire | 1 Disable User Login | 2023-07-14 | N/A | 5.3 MEDIUM |
| The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will. | |||||
| CVE-2023-35912 | 1 Wpzone | 1 Potent Donations For Woocommerce | 2023-07-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Potent Donations for WooCommerce plugin <= 1.1.9 versions. | |||||
| CVE-2023-25487 | 1 Pixelgrade | 1 Pixtypes | 2023-07-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes plugin <= 1.4.14 versions. | |||||
| CVE-2023-25468 | 1 Pvmg | 1 Reservation.studio | 2023-07-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions. | |||||
| CVE-2023-23997 | 1 Database Collation Fix Project | 1 Database Collation Fix | 2023-07-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch Database Collation Fix plugin <= 1.2.7 versions. | |||||
| CVE-2023-25051 | 1 Comment Reply Notification Project | 1 Comment Reply Notification | 2023-07-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Denishua Comment Reply Notification plugin <= 1.4 versions. | |||||
| CVE-2023-24421 | 1 Wpengine | 1 Php Compatibility Checker | 2023-07-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <= 1.5.2 versions. | |||||