Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12271 | 1 Cisco | 4 Spa300 Firmware, Spa300 Series Ip Phone, Spa500 Firmware and 1 more | 2023-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308. | |||||
| CVE-2022-2312 | 1 Student Result Or Employee Database Project | 1 Student Result Or Employee Database | 2023-06-27 | N/A | 5.4 MEDIUM |
| The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting | |||||
| CVE-2023-34373 | 1 Zephyr Project Manager Project | 1 Zephyr Project Manager | 2023-06-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions. | |||||
| CVE-2023-25055 | 1 Digitalinspiration | 1 Google Xml Sitemap For Videos | 2023-06-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin <= 2.6.1 versions. | |||||
| CVE-2023-25450 | 1 Givewp | 1 Givewp | 2023-06-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions. | |||||
| CVE-2023-23802 | 1 Hasthemes | 1 Ht Easy Ga4 \(google Analytics 4\) | 2023-06-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 versions. | |||||
| CVE-2023-25449 | 1 Cformsii Project | 1 Cformsii | 2023-06-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bastian Germann cformsII plugin <= 15.0.4 versions. | |||||
| CVE-2023-35030 | 1 Liferay | 2 Dxp, Liferay Portal | 2023-06-22 | N/A | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter. | |||||
| CVE-2023-27634 | 1 Intrepidity Project | 1 Intrepidity | 2023-06-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions. | |||||
| CVE-2022-42880 | 1 Auto Upload Images Project | 1 Auto Upload Images | 2023-06-20 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Ali Irani Auto Upload Images plugin <= 3.3 versions allows Stored Cross-Site Scripting (XSS). | |||||
| CVE-2023-31200 | 1 Ptc | 1 Vuforia Studio | 2023-06-16 | N/A | 8.0 HIGH |
| PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. | |||||
| CVE-2023-3075 | 1 Corebos | 1 Corebos | 2023-06-08 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8. | |||||
| CVE-2018-20967 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2023-06-06 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF. | |||||
| CVE-2023-33926 | 1 Supsystic | 1 Easy Google Maps | 2023-06-02 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps plugin <= 1.11.7 versions. | |||||
| CVE-2023-33212 | 1 Crocoblock | 1 Jetformbuilder | 2023-06-02 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.0.6 versions. | |||||
| CVE-2022-45372 | 1 Codeixer | 1 Product Gallery Slider For Woocommerce | 2023-06-02 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Gallery Slider for WooCommerce plugin <= 2.2.8 versions. | |||||
| CVE-2022-33974 | 1 Smashballoon | 1 Custom Twitter Feeds | 2023-06-02 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) plugin <= 1.8.4 versions. | |||||
| CVE-2023-33313 | 1 Themeinprogress | 1 Wip Custom Login | 2023-06-02 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeinProgress WIP Custom Login plugin <= 1.2.9 versions. | |||||
| CVE-2023-33931 | 1 Getbutterfly | 1 Youtube Playlist Player | 2023-06-02 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <= 4.6.4 versions. | |||||
| CVE-2023-33314 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2023-06-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1 versions. | |||||