Total
6253 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0229 | 1 Miniorange | 1 Google Authenticator | 2024-08-02 | 8.1 High |
| The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable. | ||||
| CVE-2022-0231 | 1 Livehelperchat | 1 Live Helper Chat | 2024-08-02 | 6.5 Medium |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2022-0245 | 1 Livehelperchat | 1 Livehelperchat | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0. | ||||
| CVE-2022-0215 | 1 Xootix | 3 Login\/signup Popup, Side Cart Woocommerce, Waitlist Woocommerce | 2024-08-02 | 8.8 High |
| The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it possible for attackers to update arbitrary options on a site that can be used to create an administrative user account and grant full privileged access to a compromised site. This affects versions <= 2.2 in Login/Signup Popup, versions <= 2.5.1 in Waitlist Woocommerce ( Back in stock notifier ), and versions <= 2.0 in Side Cart Woocommerce (Ajax). | ||||
| CVE-2022-0196 | 2 Fedoraproject, Phoronix-media | 2 Fedora, Phoronix Test Suite | 2024-08-02 | 8.8 High |
| phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2022-0197 | 2 Fedoraproject, Phoronix-media | 2 Fedora, Phoronix Test Suite | 2024-08-02 | 8.8 High |
| phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2022-0199 | 1 Wpdevart | 1 Coming Soon And Maintenance Mode | 2024-08-02 | 4.3 Medium |
| The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack | ||||
| CVE-2022-0191 | 1 Acnam | 1 Ad Invalid Click Protector | 2024-08-02 | 6.5 Medium |
| The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans | ||||
| CVE-2022-0164 | 1 Wpdevart | 1 Coming Soon And Maintenance Mode | 2024-08-02 | 4.3 Medium |
| The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users | ||||
| CVE-2022-0180 | 1 Expresstech | 1 Quiz And Survey Master | 2024-08-02 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page. | ||||
| CVE-2022-0154 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 7.5 High |
| An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a Cross-Site Request Forgery attack that allows a malicious user to have their GitHub project imported on another GitLab user account. | ||||
| CVE-2022-0141 | 1 Vfbpro | 1 Visual Form Builder | 2024-08-02 | 8.1 High |
| The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks | ||||
| CVE-2022-0134 | 1 Bologer | 1 Anycomment | 2024-08-02 | 8.8 High |
| The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack | ||||
| CVE-2022-0088 | 1 Yourls | 1 Yourls | 2024-08-02 | 7.4 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3. | ||||
| CVE-2023-52200 | 1 Reputeinfosystems | 1 Armember | 2024-08-02 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a. | ||||
| CVE-2023-52226 | 2024-08-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Advanced Flamingo.This issue affects Advanced Flamingo: from n/a through 1.0. | ||||
| CVE-2023-52222 | 1 Woocommerce | 1 Woocommerce | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. | ||||
| CVE-2023-52216 | 1 Yevhenkotelnytskyi | 1 Js \& Css Script Optimizer | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3. | ||||
| CVE-2023-52184 | 1 Wpjobportal | 1 Wp Job Portal | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.6. | ||||
| CVE-2023-52130 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31. | ||||