Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2839 | 1 Zephyr-one | 1 Zephyr Project Manager | 2022-10-04 | N/A | 5.4 MEDIUM |
| The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins. | |||||
| CVE-2022-39268 | 1 Orchest | 1 Orchest | 2022-10-04 | N/A | 8.1 HIGH |
| ### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account. ### Patch Upgrade to v2022.09.10 to patch this vulnerability. ### Workarounds Rebuild and redeploy the Orchest `auth-server` with this commit: https://github.com/orchest/orchest/commit/c2587a963cca742c4a2503bce4cfb4161bf64c2d ### References https://en.wikipedia.org/wiki/Cross-site_request_forgery https://cwe.mitre.org/data/definitions/352.html ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/orchest/orchest * Email us at rick@orchest.io | |||||
| CVE-2021-36854 | 1 Bookingultrapro | 1 Booking Ultra Pro Appointments Booking Calendar | 2022-10-04 | N/A | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress. | |||||
| CVE-2021-36855 | 1 Bookingultrapro | 1 Booking Ultra Pro Appointments Booking Calendar | 2022-10-04 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress. | |||||
| CVE-2020-35675 | 1 Bigprof | 1 Online Invoicing System | 2022-10-03 | N/A | 8.8 HIGH |
| BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. The applicable endpoint (admin/pageTransferOwnership.php) lacks CSRF protection, resulting in an attacker being able to escalate their privileges to Administrator and effectively taking over the application. | |||||
| CVE-2021-22724 | 1 Schneider-electric | 12 Evb1a, Evb1a Firmware, Evc1s22p4 and 9 more | 2022-09-28 | 6.8 MEDIUM | 8.8 HIGH |
| A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) | |||||
| CVE-2021-22725 | 1 Schneider-electric | 12 Evb1a, Evb1a Firmware, Evc1s22p4 and 9 more | 2022-09-28 | 6.8 MEDIUM | 8.8 HIGH |
| A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) | |||||
| CVE-2022-38085 | 1 Read More By Adam Project | 1 Read More By Adam | 2022-09-26 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress. | |||||
| CVE-2022-40132 | 1 Castos | 1 Seriously Simple Podcasting | 2022-09-26 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change. | |||||
| CVE-2022-40671 | 1 Blazzdev | 1 Rate My Post - Wp Rating System | 2022-09-26 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress. | |||||
| CVE-2022-38095 | 1 Algolplus | 1 Advanced Dynamic Pricing For Woocommerce | 2022-09-26 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress. | |||||
| CVE-2022-38470 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2022-09-26 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. | |||||
| CVE-2022-36417 | 1 3d Tag Cloud Project | 1 3d Tag Cloud | 2022-09-26 | N/A | 6.1 MEDIUM |
| Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress. | |||||
| CVE-2022-38704 | 1 Clogica | 1 Seo Redirection | 2022-09-26 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history. | |||||
| CVE-2022-38079 | 1 Backup Scheduler Project | 1 Backup Scheduler | 2022-09-26 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress. | |||||
| CVE-2022-38454 | 1 Kraken | 1 Kraken.io Image Optimizer | 2022-09-26 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress. | |||||
| CVE-2022-3274 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-26 | N/A | 3.5 LOW |
| Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.7. | |||||
| CVE-2022-36388 | 1 Ydesignservices | 1 Yds Support Ticket System | 2022-09-23 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket System plugin <= 1.0 at WordPress. | |||||
| CVE-2022-36798 | 1 Topdigitaltrends | 1 Mega Addons For Wpbakery Page Builder | 2022-09-23 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin <= 4.2.7 at WordPress. | |||||
| CVE-2022-3233 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-23 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6. | |||||