Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41615 | 1 Agilelogix | 1 Store Locator | 2022-11-23 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress. | |||||
| CVE-2022-41634 | 1 Maxfoundry | 1 Media Library Folders | 2022-11-23 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress. | |||||
| CVE-2022-44740 | 1 Constantcontact | 1 Creative Mail | 2022-11-23 | N/A | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress. | |||||
| CVE-2022-41685 | 1 Visztpeter | 2 Integration For Szamlazz.hu \& Woocommerce, Package Points And Shipping Labels For Woocommerce | 2022-11-23 | N/A | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress. | |||||
| CVE-2022-45073 | 1 Miniorange | 1 Wordpress Rest Api Authentication | 2022-11-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress. | |||||
| CVE-2022-45071 | 1 Wpml | 1 Wpml | 2022-11-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. | |||||
| CVE-2022-45072 | 1 Wpml | 1 Wpml | 2022-11-22 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. | |||||
| CVE-2022-40192 | 1 Gvectors | 1 Wpforo Forum | 2022-11-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. | |||||
| CVE-2022-38075 | 1 Webartesanal | 1 Mantenimiento Web | 2022-11-21 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress. | |||||
| CVE-2022-40686 | 1 Constantcontact | 1 Creative Mail | 2022-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. | |||||
| CVE-2022-40695 | 1 Clogica | 1 Seo Redirection | 2022-11-21 | N/A | 8.8 HIGH |
| Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress. | |||||
| CVE-2022-40687 | 1 Constantcontact | 1 Creative Mail | 2022-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. | |||||
| CVE-2022-41805 | 1 Booster | 1 Booster For Woocommerce | 2022-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress. | |||||
| CVE-2019-1010054 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 6.8 MEDIUM | 8.8 HIGH |
| Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access malitious urls. | |||||
| CVE-2019-15062 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 6.0 MEDIUM | 8.0 HIGH |
| An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.) | |||||
| CVE-2020-11825 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 6.8 MEDIUM | 8.8 HIGH |
| In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation. | |||||
| CVE-2020-25015 | 1 Genexis | 2 Platinum 4410, Platinum 4410 Firmware | 2022-11-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password. | |||||
| CVE-2020-24373 | 1 Free | 10 Freebox Delta, Freebox Delta Firmware, Freebox Mini and 7 more | 2022-11-16 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. | |||||
| CVE-2014-4717 | 1 Sharethis | 1 Simple Share Buttons Adder | 2022-11-15 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts. | |||||
| CVE-2021-36886 | 1 Ciphercoin | 1 Contact Form 7 Database Addon | 2022-11-14 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9). | |||||