Total
6248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6292 | 1 Lightspeedhq | 1 Ecwid Ecommerce Shopping Cart | 2024-08-02 | 4.3 Medium |
| The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | ||||
| CVE-2023-6242 | 1 Myeventon | 2 Eventon, Eventon-lite | 2024-08-02 | 6.5 Medium |
| The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (for Pro) & 2.2.7 (for Free). This is due to missing or incorrect nonce validation on the evo_eventpost_update_meta function. This makes it possible for unauthenticated attackers to update arbitrary post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-6244 | 1 Myeventon | 2 Eventon, Eventon-lite | 2024-08-02 | 6.5 Medium |
| The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). This is due to missing or incorrect nonce validation on the save_virtual_event_settings function. This makes it possible for unauthenticated attackers to modify virtual event settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-6251 | 1 Checkmk | 1 Checkmk | 2024-08-02 | 3.5 Low |
| Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. | ||||
| CVE-2023-6137 | 1 Wpfrontier | 1 Frontier Post | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in finnj Frontier Post allows Cross Site Request Forgery.This issue affects Frontier Post: from n/a through 6.1. | ||||
| CVE-2023-6022 | 1 Prefect | 1 Prefect | 2024-08-02 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefect prior to 2.16.5. | ||||
| CVE-2023-5975 | 1 Imagemapper Project | 1 Imagemapper | 2024-08-02 | 4.3 Medium |
| The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to update the plugin settings via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-5982 | 1 Updraftplus | 1 Updraftplus | 2024-08-02 | 5.4 Medium |
| The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instance_id on the 'updraftmethod-googledrive-auth' action used to update Google Drive remote storage location. This makes it possible for unauthenticated attackers to modify the Google Drive location that backups are sent to via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can make it possible for attackers to receive backups for a site which may contain sensitive information. | ||||
| CVE-2023-6008 | 1 Userproplugin | 1 Userpro | 2024-08-02 | 6.3 Medium |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options. | ||||
| CVE-2023-5990 | 1 Funnelforms | 1 Funnelforms Free | 2024-08-02 | 6.5 Medium |
| The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks | ||||
| CVE-2023-5979 | 1 Implecode | 1 Ecommerce Product Catalog | 2024-08-02 | 6.5 Medium |
| The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products | ||||
| CVE-2023-5961 | 1 Moxa | 20 Iologik E1210, Iologik E1210 Firmware, Iologik E1211 and 17 more | 2024-08-02 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user. | ||||
| CVE-2023-5945 | 1 I13websolution | 1 Video Carousel Slider With Lightbox | 2024-08-02 | 4.3 Medium |
| The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func() function. This makes it possible for unauthenticated attackers to delete videos hosted from the video slider via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-5803 | 1 Businessdirectoryplugin | 1 Business Directory | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a through 6.3.10. | ||||
| CVE-2023-5893 | 1 Sfu | 1 Pkp Web Application Library | 2024-08-02 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | ||||
| CVE-2023-5898 | 1 Pkp | 1 Pkp Web Application Library | 2024-08-02 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | ||||
| CVE-2023-5900 | 1 Sfu | 1 Pkp Web Application Library | 2024-08-02 | 3.5 Low |
| Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | ||||
| CVE-2023-5897 | 1 Sfu | 1 Customlocale | 2024-08-02 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1. | ||||
| CVE-2023-5882 | 1 Soflyy | 2 Export Any Wordpress Data To Xml\/csv, Wp All Export | 2024-08-02 | 8.8 High |
| The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution. | ||||
| CVE-2023-5820 | 1 I13websolution | 1 Thumbnail Slider With Lightbox | 2024-08-02 | 9.6 Critical |
| The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||