Total
6248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-22852 | 1 Tiki | 1 Tiki | 2024-08-02 | 6.5 Medium |
| Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php. | ||||
| CVE-2023-22375 | 1 Planex | 2 Cs-wmv02g, Cs-wmv02g Firmware | 2024-08-02 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability only affects products that are no longer supported by the developer. | ||||
| CVE-2023-22688 | 1 Wp Tabs Slides Project | 1 Wp Tabs Slides | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs Slides plugin <= 2.0.3 versions. | ||||
| CVE-2023-22692 | 1 Name Directory Project | 1 Name Directory | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <= 1.27.1 versions. | ||||
| CVE-2023-22691 | 1 Tipsandtricks-hq | 1 Category Specific Rss Feed Subscription | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.1 versions. | ||||
| CVE-2023-22714 | 1 Supsystic | 1 Coming Soon | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <= 1.7.10 versions. | ||||
| CVE-2023-22678 | 1 Superior Faq Project | 1 Superior Faq | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rafael Dery Superior FAQ plugin <= 1.0.2 versions. | ||||
| CVE-2023-22681 | 1 Online Exam Software \ | 1 Eexamhall Project | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Aarvanshinfotech Online Exam Software: eExamhall plugin <= 4.0 versions. | ||||
| CVE-2023-22700 | 1 Pixelyoursite | 1 Pixelyoursite | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager plugin <= 9.3.0 versions. | ||||
| CVE-2023-22689 | 1 Autoaffiliatelinks | 1 Auto Affiliate Links | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions. | ||||
| CVE-2023-22686 | 1 Trinitronic | 1 Nice Paypal Button Lite | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice PayPal Button Lite plugin <= 1.3.5 versions. | ||||
| CVE-2023-22472 | 1 Nextcloud | 1 Desktop | 2024-08-02 | 5.3 Medium |
| Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat link, etc). There are currently no known workarounds. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.2. | ||||
| CVE-2023-22457 | 1 Xwiki | 1 Ckeditor Integration | 2024-08-02 | 9.1 Critical |
| CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he `CKEditor.HTMLConverter` document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileged user with programming rights was tricked into executing a GET request to this document with certain parameters (e.g., via an image with a corresponding URL embedded in a comment or via a redirect), this would allow arbitrary remote code execution and the attacker could gain rights, access private information or impact the availability of the wiki. The issue has been patched in the CKEditor Integration version 1.64.3. This has also been patched in the version of the CKEditor integration that is bundled starting with XWiki 14.6 RC1. There are no known workarounds for this other than upgrading the CKEditor integration to a fixed version. | ||||
| CVE-2023-22286 | 1 Ate-mahoroba | 6 Maho-pbx Netdevancer, Maho-pbx Netdevancer Firmware, Maho-pbx Netdevancer Mobilegate and 3 more | 2024-08-02 | 8.1 High |
| Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to hijack the user authentication and conduct user's unintended operations by having a user to view a malicious page while logged in. | ||||
| CVE-2023-20856 | 1 Vmware | 1 Vrealize Operations | 2024-08-02 | 8.8 High |
| VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. | ||||
| CVE-2023-20221 | 1 Cisco | 46 Ip Conference Phone 7832, Ip Conference Phone 7832 With Multiplatform Firmware, Ip Conference Phone 8831 and 43 more | 2024-08-02 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition. | ||||
| CVE-2023-20180 | 1 Cisco | 1 Webex Meetings | 2024-08-02 | 4.3 Medium |
| A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions. These actions could include joining meetings and scheduling training sessions. | ||||
| CVE-2023-6968 | 1 Themoneytizer | 1 The Moneytizer | 2024-08-02 | 8.1 High |
| The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.5.20. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to to update and retrieve billing and bank details, update and reset the plugin's settings, and update languages as well as other lower-severity actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-7125 | 1 Peepso | 1 Peepso | 2024-08-02 | 4.3 Medium |
| The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in users perform such action via a CSRF attack | ||||
| CVE-2023-7074 | 1 Giovambattistafazioli | 1 Wp Social Bookmark Menu | 2024-08-02 | 8.8 High |
| The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | ||||