Total
6287 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4621 | 1 Panasonic | 10 Vcc-hd2100p, Vcc-hd2100p Firmware, Vcc-hd3100p and 7 more | 2024-08-03 | 7.5 High |
| Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges. | ||||
| CVE-2022-4604 | 1 Wp-english-wp-admin Project | 1 Wp-english-wp-admin | 2024-08-03 | 4.3 Medium |
| A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function register_endpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.5.2 is able to address this issue. The name of the patch is ad4ba171c974c65c3456e7c6228f59f40783b33d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216199. | ||||
| CVE-2022-4548 | 1 Imageseo | 1 Optimize Images Alt Text \(alt Tag\) \& Names For Seo Using Ai | 2024-08-03 | 6.5 Medium |
| The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. | ||||
| CVE-2022-4564 | 1 Ucf | 1 Materia | 2024-08-03 | 4.3 Medium |
| A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.1-alpha1 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability. | ||||
| CVE-2022-4397 | 1 Zend-blog-2 Project | 1 Zend-blog-2 | 2024-08-03 | 4.3 Medium |
| A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 36b2d4abe20a6245e4f8df7a4b14e130b24d429d. It is recommended to apply a patch to fix this issue. VDB-215250 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-4349 | 1 Pwn Project | 1 Pwn | 2024-08-03 | 4.3 Medium |
| A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability. | ||||
| CVE-2022-4138 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.4 Medium |
| A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project. | ||||
| CVE-2022-4090 | 1 Stock Management System Project | 1 Stock Management System | 2024-08-03 | 4.3 Medium |
| A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214331. | ||||
| CVE-2022-4125 | 1 Popup Manager Project | 1 Popup Manager | 2024-08-03 | 4.3 Medium |
| The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well | ||||
| CVE-2022-4148 | 1 Dash10 | 1 Oauth Server | 2024-08-03 | 4.3 Medium |
| The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. | ||||
| CVE-2022-4102 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-08-03 | 3.1 Low |
| The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug. | ||||
| CVE-2022-4124 | 1 Popup Manager Project | 1 Popup Manager | 2024-08-03 | 4.3 Medium |
| The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them | ||||
| CVE-2022-4103 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-08-03 | 4.3 Medium |
| The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any post type) with an arbitrary title | ||||
| CVE-2022-4021 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2024-08-03 | 8.8 High |
| The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to change plugin settings including permalinks and site maps, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2022-4014 | 1 Feehi | 1 Feehicms | 2024-08-03 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this vulnerability is VDB-213788. | ||||
| CVE-2022-4013 | 1 Hospital Management Center Project | 1 Hospital Management Center | 2024-08-03 | 4.3 Medium |
| A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787. | ||||
| CVE-2022-3978 | 1 Nodebb | 1 Nodebb | 2024-08-03 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this issue. The name of the patch is 2f9d8c350e54543f608d3d4c8e1a49bbb6cdea38. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-213555. | ||||
| CVE-2022-4024 | 1 Genetechsolutions | 1 Pie Register | 2024-08-03 | 6.5 Medium |
| The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts) | ||||
| CVE-2022-3999 | 1 Dpdgroup | 1 Woocommerce Shipping | 2024-08-03 | 8.1 High |
| The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. | ||||
| CVE-2022-3926 | 1 Wp-oauth | 1 Wp Oauth Server | 2024-08-03 | 6.5 Medium |
| The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID | ||||