Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15835 | 1 Wp Better Permalinks Project | 1 Wp Better Permalinks | 2019-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. | |||||
| CVE-2019-15770 | 1 Hallme | 1 Woocommerce Address Book | 2019-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks. | |||||
| CVE-2019-15834 | 1 Webp Converter For Media Project | 1 Webp Converter For Media | 2019-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF. | |||||
| CVE-2019-15779 | 1 Quadlayers | 1 Wp Social Feed Gallery | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete. | |||||
| CVE-2019-15841 | 1 Facebook | 1 Facebook For Woocommerce | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. | |||||
| CVE-2019-15868 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The affiliates-manager plugin before 2.6.6 for WordPress has CSRF. | |||||
| CVE-2019-15831 | 1 Wp-buy | 1 Visitor Traffic Real Time Statistics | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. | |||||
| CVE-2019-15832 | 1 Wp-buy | 1 Visitor Traffic Real Time Statistics | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. | |||||
| CVE-2015-9380 | 1 10web | 1 Photo Gallery | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The photo-gallery plugin before 1.2.42 for WordPress has CSRF. | |||||
| CVE-2019-15865 | 1 Holest | 1 Breadcrumbs By Menu | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF. | |||||
| CVE-2019-15840 | 1 Facebook | 1 Facebook For Woocommerce | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. | |||||
| CVE-2015-4089 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2019-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page. | |||||
| CVE-2019-15781 | 1 Weblizar | 1 Social Likebox \& Feed | 2019-08-30 | 6.8 MEDIUM | 8.8 HIGH |
| The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. | |||||
| CVE-2019-15496 | 1 Manageyourteam | 1 Myt Project Management | 2019-08-30 | 6.8 MEDIUM | 8.8 HIGH |
| MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page. | |||||
| CVE-2019-14999 | 1 Atlassian | 1 Universal Plugin Manager | 2019-08-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator. | |||||
| CVE-2019-15515 | 1 Discourse | 1 Discourse | 2019-08-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| Discourse 2.3.2 sends the CSRF token in the query string. | |||||
| CVE-2019-10057 | 1 Lexmark | 50 Cs31x, Cs31x Firmware, Cs41x and 47 more | 2019-08-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| Various Lexmark products have CSRF. | |||||
| CVE-2015-9343 | 1 Impress | 1 Wp Rollback | 2019-08-29 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-rollback plugin before 1.2.3 for WordPress has CSRF. | |||||
| CVE-2014-10382 | 1 Pippinsplugins | 1 Featured Comments | 2019-08-29 | 4.3 MEDIUM | 4.3 MEDIUM |
| The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment. | |||||
| CVE-2018-21002 | 1 Joomsky | 1 Js Help Desk | 2019-08-28 | 6.8 MEDIUM | 8.8 HIGH |
| The js-support-ticket plugin before 2.0.6 for WordPress has CSRF. | |||||