Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1842 | 1 Openbook Book Data Project | 1 Openbook Book Data | 2022-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well | |||||
| CVE-2022-1885 | 1 Cimy Header Image Rotator Project | 1 Cimy Header Image Rotator | 2022-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1847 | 1 Rotating Posts Project | 1 Rotating Posts | 2022-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1846 | 1 Tiny Contact Form Project | 1 Tiny Contact Form | 2022-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1845 | 1 Wp Post Styling Project | 1 Wp Post Styling | 2022-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks | |||||
| CVE-2022-1913 | 1 Add Post Url Project | 1 Add Post Url | 2022-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | |||||
| CVE-2022-1960 | 1 Mycss Project | 1 Mycss | 2022-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| The MyCSS WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1914 | 1 Clean-contact Project | 1 Clean-contact | 2022-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well | |||||
| CVE-2022-1603 | 1 Webfwd | 1 Mail Subscribe List | 2022-07-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list | |||||
| CVE-2022-33121 | 1 1234n | 1 Minicms | 2022-06-30 | 5.8 MEDIUM | 8.1 HIGH |
| A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link. | |||||
| CVE-2020-25252 | 1 Hyland | 1 Onbase | 2022-06-30 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account). | |||||
| CVE-2017-20088 | 1 Bytesforall | 1 Atahualpa | 2022-06-29 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. | |||||
| CVE-2017-20091 | 1 Wpjos | 1 Library File Manager | 2022-06-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. | |||||
| CVE-2017-20090 | 1 Global Content Blocks Project | 1 Global Content Blocks | 2022-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. | |||||
| CVE-2022-1610 | 1 Seamless Donations Project | 1 Seamless Donations | 2022-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Seamless Donations WordPress plugin before 5.1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-26173 | 1 Jforum | 1 Jforum | 2022-06-28 | 6.8 MEDIUM | 8.8 HIGH |
| JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts. | |||||
| CVE-2017-20065 | 1 Supsystic | 1 Popup | 2022-06-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-1818 | 1 Multi-page Toolkit Project | 1 Multi-page Toolkit | 2022-06-28 | 3.5 LOW | 5.4 MEDIUM |
| The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well | |||||
| CVE-2022-1826 | 1 Cross-linker Project | 1 Cross-linker | 2022-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Cross-Linker WordPress plugin through 3.0.1.9 does not have CSRF check in place when creating Cross-Links, which could allow attackers to make a logged in admin perform such action via a CSRF attack | |||||
| CVE-2022-1630 | 1 Wp-email Project | 1 Wp-email | 2022-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack | |||||