Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46688 | 1 Jenkins | 1 Sonar Gerrit | 2025-04-23 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | |||||
| CVE-2022-3926 | 1 Wp-oauth | 1 Wp Oauth Server | 2025-04-23 | N/A | 6.5 MEDIUM |
| The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID | |||||
| CVE-2022-45667 | 1 Tenda | 2 I22, I22 Firmware | 2025-04-23 | N/A | 6.5 MEDIUM |
| Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | |||||
| CVE-2022-45228 | 1 Dragino | 2 Lg01 Lora, Lg01 Lora Firmware | 2025-04-23 | N/A | 3.5 LOW |
| Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page. | |||||
| CVE-2022-44849 | 1 Metinfo | 1 Metinfo | 2025-04-23 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account. | |||||
| CVE-2022-3880 | 1 Antihacker Project | 1 Antihacker | 2025-04-22 | N/A | 6.5 MEDIUM |
| The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
| CVE-2022-3881 | 1 Wptools Project | 1 Wptools | 2025-04-22 | N/A | 5.7 MEDIUM |
| The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
| CVE-2022-3879 | 1 Car Dealer Project | 1 Car Dealer | 2025-04-22 | N/A | 6.5 MEDIUM |
| The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
| CVE-2022-3946 | 1 Welcart | 1 Welcart E-commerce | 2025-04-22 | N/A | 6.5 MEDIUM |
| The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. | |||||
| CVE-2023-4251 | 1 Metagauss | 1 Eventprime | 2025-04-22 | N/A | 4.3 MEDIUM |
| The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. | |||||
| CVE-2022-45980 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-04-22 | N/A | 8.8 HIGH |
| Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet . | |||||
| CVE-2025-31328 | 2025-04-22 | N/A | 4.6 MEDIUM | ||
| SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. GET-based OData function is named in a way that it violates the expected behaviour. This issue could impact both the confidentiality and integrity of the application without affecting the availability. | |||||
| CVE-2024-6857 | 1 Ngothang | 1 Wp Multitasking | 2025-04-22 | N/A | N/A |
| The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack | |||||
| CVE-2024-6860 | 1 Ngothang | 1 Wp Multitasking | 2025-04-22 | N/A | N/A |
| The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack | |||||
| CVE-2024-8243 | 1 Felixker | 1 Wordpress\/plugin Upgrade Time Out Plugin | 2025-04-22 | N/A | N/A |
| The WordPress/Plugin Upgrade Time Out Plugin WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||
| CVE-2025-3131 | 1 Drupal | 1 Eca\ | 2025-04-22 | N/A | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal ECA: Event - Condition - Action allows Cross Site Request Forgery.This issue affects ECA: Event - Condition - Action: from 0.0.0 before 1.1.12, from 2.0.0 before 2.0.16, from 2.1.0 before 2.1.7, from 0.0.0 before 1.2.*. | |||||
| CVE-2022-3883 | 1 Stopbadbots Project | 1 Stopbadbots | 2025-04-22 | N/A | 6.5 MEDIUM |
| The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
| CVE-2022-3882 | 1 Wp-memory Project | 1 Wp-memory | 2025-04-22 | N/A | 6.5 MEDIUM |
| The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
| CVE-2022-3853 | 1 Supra-csv-parser Project | 1 Supra-csv-parser | 2025-04-22 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. | |||||
| CVE-2022-46059 | 1 Aerocms Project | 1 Aerocms | 2025-04-22 | N/A | 6.5 MEDIUM |
| AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). | |||||