Total
6253 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1842 | 1 Openbook Book Data Project | 1 Openbook Book Data | 2024-08-03 | 4.3 Medium |
| The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well | ||||
| CVE-2022-1918 | 1 Toolbar To Share Project | 1 Toolbar To Share | 2024-08-03 | 8.8 High |
| The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2022-1827 | 1 Pdf24 Articles To Pdf Project | 1 Pdf24 Articles To Pdf | 2024-08-03 | 6.5 Medium |
| The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2022-1846 | 1 Tiny Contact Form Project | 1 Tiny Contact Form | 2024-08-03 | 4.3 Medium |
| The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2022-1843 | 1 Mailpress Project | 1 Mailpress | 2024-08-03 | 6.5 Medium |
| The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks | ||||
| CVE-2022-1845 | 1 Wp Post Styling Project | 1 Wp Post Styling | 2024-08-03 | 4.3 Medium |
| The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks | ||||
| CVE-2022-1791 | 1 One Click Plugin Updater Project | 1 One Click Plugin Updater | 2024-08-03 | 8.1 High |
| The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check. | ||||
| CVE-2022-1832 | 1 Capa Protect Project | 1 Capa Protect | 2024-08-03 | 6.5 Medium |
| The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable the applied protection. | ||||
| CVE-2022-1828 | 1 Pdf24 Articles To Pdf Project | 1 Pdf24 Articles To Pdf | 2024-08-03 | 6.5 Medium |
| The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2022-1844 | 1 Wp-sentry Project | 1 Wp-sentry | 2024-08-03 | 4.3 Medium |
| The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well | ||||
| CVE-2022-1826 | 1 Cross-linker Project | 1 Cross-linker | 2024-08-03 | 6.5 Medium |
| The Cross-Linker WordPress plugin through 3.0.1.9 does not have CSRF check in place when creating Cross-Links, which could allow attackers to make a logged in admin perform such action via a CSRF attack | ||||
| CVE-2022-1764 | 1 Wp-chgfontsize Project | 1 Wp-chgfontsize | 2024-08-03 | 5.4 Medium |
| The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | ||||
| CVE-2022-1831 | 1 Wplite Project | 1 Wplite | 2024-08-03 | 6.5 Medium |
| The WPlite WordPress plugin through 1.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2022-1847 | 1 Rotating Posts Project | 1 Rotating Posts | 2024-08-03 | 4.3 Medium |
| The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2022-1830 | 1 Amazon Einzeltitellinks Project | 1 Amazon Einzeltitellinks | 2024-08-03 | 6.5 Medium |
| The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | ||||
| CVE-2022-1818 | 1 Multi-page Toolkit Project | 1 Multi-page Toolkit | 2024-08-03 | 5.4 Medium |
| The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well | ||||
| CVE-2022-1760 | 1 Dd32 | 1 Core Control | 2024-08-03 | 4.3 Medium |
| The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2022-1829 | 1 Inline Google Maps Project | 1 Inline Google Maps | 2024-08-03 | 6.5 Medium |
| The Inline Google Maps WordPress plugin through 5.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | ||||
| CVE-2022-1790 | 1 New User Email Set Up Project | 1 New User Email Set Up | 2024-08-03 | 6.5 Medium |
| The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2022-1792 | 1 Quick Subscribe Project | 1 Quick Subscribe | 2024-08-03 | 5.4 Medium |
| The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them | ||||