Total
6248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46617 | 1 Wpfoxly | 1 Adfoxly | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5. | ||||
| CVE-2023-46212 | 1 Wpvnteam | 1 Wp Extra | 2024-08-02 | 6.3 Medium |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2. | ||||
| CVE-2023-46152 | 1 Pluginus | 1 Wolf - Wordpress Posts Bulk Editor And Products Manager Professional | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions. | ||||
| CVE-2023-45992 | 1 Commscope | 1 Ruckus Cloudpath Enrollment System | 2024-08-02 | 9.6 Critical |
| A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system. | ||||
| CVE-2023-45831 | 1 Pixelative | 1 Google Amp | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin Rafique AMP WP – Google AMP For WordPress plugin <= 1.5.15 versions. | ||||
| CVE-2023-45651 | 1 Marcomilesi | 1 Wp Attachments | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11. | ||||
| CVE-2023-45670 | 1 Frigate | 1 Frigate | 2024-08-02 | 7.5 High |
| Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server (e.g. via "drive-by" attack). Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. This issue can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration. Version 0.13.0 Beta 3 contains a patch. | ||||
| CVE-2023-45629 | 1 Wpdevart | 1 Gallery - Image And Video Gallery With Thumbnails | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions. | ||||
| CVE-2023-45316 | 1 Mattermost | 1 Mattermost Server | 2024-08-02 | 7.3 High |
| Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack. | ||||
| CVE-2023-45317 | 1 Sielco | 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more | 2024-08-02 | 8.8 High |
| The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. | ||||
| CVE-2023-45269 | 1 Coleds | 1 Simple Seo | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 2.0.25 versions. | ||||
| CVE-2023-45052 | 1 Dan009 | 1 Wp Bing Map Pro | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map Pro plugin < 5.0 versions. | ||||
| CVE-2023-44999 | 2024-08-02 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0. | ||||
| CVE-2023-44478 | 2024-08-02 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Hive Events Rich Snippets for Google allows Exploitation of Trusted Credentials.This issue affects Events Rich Snippets for Google: from n/a through 1.8. | ||||
| CVE-2023-44233 | 1 Fooplugins | 1 Foogallery | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin <= 2.2.44 versions. | ||||
| CVE-2023-44160 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-08-02 | 6.5 Medium |
| Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | ||||
| CVE-2024-6023 | 1 Adamsolymosi | 1 Contentlock | 2024-08-02 | 8.8 High |
| The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when adding emails, which could allow attackers to make a logged in admin perform such action via a CSRF attack | ||||
| CVE-2024-6022 | 1 Adamsolymosi | 1 Contentlock | 2024-08-02 | 8.8 High |
| The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-2748 | 2024-08-02 | 4.3 Medium | ||
| A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2023-42270 | 1 Grocy Project | 1 Grocy | 2024-08-02 | 8.8 High |
| Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF). | ||||