Total
6248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33006 | 1 Jenkins | 1 Wso2 Oauth | 2024-08-02 | 5.4 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account. | ||||
| CVE-2023-32960 | 1 Updraftplus | 1 Updraftplus | 2024-08-02 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS). | ||||
| CVE-2023-32987 | 1 Jenkins | 1 Reverse Proxy Auth | 2024-08-02 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. | ||||
| CVE-2023-32739 | 1 Hamidrezasepehr | 1 Custom Cursors | 2024-08-02 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin < 3.2 versions. | ||||
| CVE-2023-32589 | 1 Pingonline | 1 Dyslexiefont Free | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <= 1.0.0 versions. | ||||
| CVE-2023-32514 | 1 Himanshuparashar | 1 Google Site Verification Plugin Using Meta Tag | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2. | ||||
| CVE-2023-32504 | 1 Kaine | 1 Wise Chat | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat.This issue affects Wise Chat: from n/a through 3.1.3. | ||||
| CVE-2023-32344 | 2024-08-02 | 4.3 Medium | ||
| IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898. | ||||
| CVE-2023-32123 | 1 Dream-theme | 1 The7 | 2024-08-02 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.This issue affects The7: from n/a through 11.7.3. | ||||
| CVE-2023-31999 | 1 Fastify | 1 Oauth2 | 2024-08-02 | 8.8 High |
| All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to the user's session in some way that will allow the server to validate it. v7.2.0 changes the default behavior to store the state in a cookie with the http-only and same-site=lax attributes set. The state is now by default generated for every user. Note that this contains a breaking change in the checkStateFunction function, which now accepts the full Request object. | ||||
| CVE-2023-31708 | 1 Eyoucms | 1 Eyoucms | 2024-08-02 | 4.3 Medium |
| A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function. | ||||
| CVE-2023-31230 | 1 Baidu-tongji-generator Project | 1 Baidu-tongji-generator | 2024-08-02 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tongji generator allows Stored XSS.This issue affects Baidu Tongji generator: from n/a through 1.0.2. | ||||
| CVE-2023-31218 | 1 Pluginus | 1 Wolf - Wordpress Posts Bulk Editor And Products Manager Professional | 2024-08-02 | 7.1 High |
| Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6 versions. | ||||
| CVE-2023-26516 | 1 Wpindeed | 1 Debug Assistant | 2024-08-02 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in WPIndeed Debug Assistant plugin <= 1.4 versions. | ||||
| CVE-2023-27434 | 1 Wpgrim | 1 Classic Editor And Classic Widgets | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Classic Editor and Classic Widgets plugin <= 1.2.5 versions. | ||||
| CVE-2023-27417 | 1 Ifeelweb | 1 Affiliate Super Assistent | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Timo Reith Affiliate Super Assistent plugin <= 1.5.1 versions. | ||||
| CVE-2023-28497 | 1 Tribulant | 1 Slideshow Gallery | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions. | ||||
| CVE-2023-25025 | 1 Chetangole | 1 Wp-copyprotect \[protect Your Blog Posts\] | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions. | ||||
| CVE-2023-25989 | 1 Mekshq | 10 Meks Audio Player, Meks Easy Ads Widget, Meks Easy Maps and 7 more | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to dismiss or the popup. | ||||
| CVE-2023-23719 | 1 Premmerce | 1 Premmerce | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Premmerce plugin <= 1.3.17 versions. | ||||