Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2375 | 1 Okapitech | 1 Wp Sticky Button | 2022-08-25 | N/A | 5.4 MEDIUM |
| The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues | |||||
| CVE-2022-2275 | 1 Wp Edit Menu Project | 1 Wp Edit Menu | 2022-08-25 | N/A | 4.3 MEDIUM |
| The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack | |||||
| CVE-2022-2172 | 1 Linkworth | 1 Linkworth | 2022-08-25 | N/A | 4.3 MEDIUM |
| The LinkWorth WordPress plugin before 3.3.4 does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack. | |||||
| CVE-2021-24912 | 1 Transposh | 1 Transposh Wordpress Translation | 2022-08-25 | N/A | 5.4 MEDIUM |
| The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scripting issue which will be executed in the context of a logged in admin | |||||
| CVE-2022-29468 | 1 Wwbn | 1 Avideo | 2022-08-24 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. | |||||
| CVE-2022-2555 | 1 Yotpo Reviews For Woocommerce Project | 1 Yotpo Reviews For Woocommerce | 2022-08-23 | N/A | 6.5 MEDIUM |
| The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack. | |||||
| CVE-2022-1251 | 1 Inkthemes | 1 Ask Me | 2022-08-23 | N/A | 4.3 MEDIUM |
| The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request. | |||||
| CVE-2022-36346 | 1 Maxfoundry | 1 Maxbuttons | 2022-08-23 | N/A | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress. | |||||
| CVE-2021-36852 | 1 Thimpress | 1 Wp Hotel Booking | 2022-08-23 | N/A | 8.0 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress. | |||||
| CVE-2022-35656 | 1 Pega | 1 Pega Platform | 2022-08-23 | N/A | 4.5 MEDIUM |
| Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. | |||||
| CVE-2022-36225 | 1 Eyoucms | 1 Eyoucms | 2022-08-22 | N/A | 8.8 HIGH |
| EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add. | |||||
| CVE-2022-36577 | 1 Jizhicms | 1 Jizhicms | 2022-08-22 | N/A | 8.8 HIGH |
| An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin. | |||||
| CVE-2022-36579 | 1 Wellcms | 1 Wellcms | 2022-08-22 | N/A | 8.8 HIGH |
| Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF). | |||||
| CVE-2022-36224 | 1 Xunruicms | 1 Xunruicms | 2022-08-22 | N/A | 8.8 HIGH |
| XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF). | |||||
| CVE-2020-10504 | 1 Chadhaajay | 1 Phpkb | 2022-08-19 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request. | |||||
| CVE-2021-46426 | 1 Phpipam | 1 Phpipam | 2022-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality. | |||||
| CVE-2022-23765 | 1 Iptime | 6 Nas1dual, Nas1dual Firmware, Nas2dual and 3 more | 2022-08-19 | N/A | 8.8 HIGH |
| This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Remote attackers can steal root privileges by changing the password of the root through a POST request. | |||||
| CVE-2022-36312 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2022-08-17 | N/A | 8.8 HIGH |
| Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models. | |||||
| CVE-2022-38359 | 1 Eyeofnetwork | 1 Eyes Of Network Web | 2022-08-17 | N/A | 8.8 HIGH |
| Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin user by directing an authenticated user to the URL https://<target-address>/module/admin_user/index.php?DataTables_Table_0_length=10&user_selected%5B%5D=1&user_mgt_list=delete_user&action=submit by means of a crafted link. | |||||
| CVE-2022-2381 | 1 E Unlocked - Student Result Project | 1 E Unlocked - Student Result | 2022-08-16 | N/A | 8.8 HIGH |
| The E Unlocked - Student Result WordPress plugin through 1.0.4 is lacking CSRF and validation when uploading the School logo, which could allow attackers to make a logged in admin upload arbitrary files, such as PHP via a CSRF attack | |||||