Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35277 | 1 Getresponse | 1 Getresponse | 2022-09-10 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in GetResponse plugin <= 5.5.20 at WordPress. | |||||
| CVE-2022-37405 | 1 Better Font Awesome Project | 1 Better Font Awesome | 2022-09-10 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay's Better Font Awesome plugin <= 2.0.1 at WordPress. | |||||
| CVE-2022-38059 | 1 Access Code Feeder Project | 1 Access Code Feeder | 2022-09-10 | N/A | 8.0 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Alexey Trofimov's Access Code Feeder plugin <= 1.0.3 at WordPress. | |||||
| CVE-2022-2432 | 1 Lightspeedhq | 1 Ecwid Ecommerce Shopping Cart | 2022-09-09 | N/A | 4.3 MEDIUM |
| The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwid_update_plugin_params function. This makes it possible for unauthenticated attackers to update plugin options granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-33177 | 1 Wpbookingcalendar | 1 Booking Calendar | 2022-09-09 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins Booking Calendar plugin <= 9.2.1 at WordPress leading to Translations Update. | |||||
| CVE-2022-2657 | 1 Wc-marketplace | 1 Multivendor Marketplace Solution For Woocommerce - Wc Marketplace | 2022-09-08 | N/A | 4.3 MEDIUM |
| The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors (reporter by the submitter) or update arbitrary order status (identified by WPScan when verifying the issue) for example. Other unauthenticated attacks are also possible, either directly or via CSRF | |||||
| CVE-2022-3121 | 1 Online Employee Leave Management System Project | 1 Online Employee Leave Management System | 2022-09-08 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addemployee.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The identifier VDB-207853 was assigned to this vulnerability. | |||||
| CVE-2022-36076 | 1 Nodebb | 1 Nodebb | 2022-09-08 | N/A | 7.5 HIGH |
| NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2. | |||||
| CVE-2022-36373 | 1 Mp3-jplayer Project | 1 Mp3-jplayer | 2022-09-02 | N/A | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Ward MP3 jPlayer plugin <= 2.7.3 at WordPress. | |||||
| CVE-2022-36796 | 1 Callrail | 1 Callrail Phone Call Tracking | 2022-09-02 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin <= 0.4.9 at WordPress. | |||||
| CVE-2020-12626 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2022-09-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered. | |||||
| CVE-2020-13786 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2022-09-02 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. | |||||
| CVE-2020-10488 | 1 Chadhaajay | 1 Phpkb | 2022-09-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request. | |||||
| CVE-2020-10489 | 1 Chadhaajay | 1 Phpkb | 2022-09-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request. | |||||
| CVE-2020-10487 | 1 Chadhaajay | 1 Phpkb | 2022-09-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request. | |||||
| CVE-2020-10497 | 1 Chadhaajay | 1 Phpkb | 2022-09-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request. | |||||
| CVE-2020-10490 | 1 Chadhaajay | 1 Phpkb | 2022-09-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request. | |||||
| CVE-2020-10496 | 1 Chadhaajay | 1 Phpkb | 2022-09-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request. | |||||
| CVE-2020-10494 | 1 Chadhaajay | 1 Phpkb | 2022-09-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request. | |||||
| CVE-2020-10495 | 1 Chadhaajay | 1 Phpkb | 2022-09-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request. | |||||