Total
6253 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-45073 | 1 Miniorange | 1 Wordpress Rest Api Authentication | 2024-09-16 | 5.4 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress. | ||||
CVE-2016-9714 | 1 Ibm | 1 Infosphere Master Data Management Server | 2024-09-16 | N/A |
IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727. | ||||
CVE-2012-2056 | 2 Drupal, Nathan Brink | 2 Drupal, Content Lock | 2024-09-16 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Content Lock module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
CVE-2022-29429 | 1 Code Snippets Extended Project | 1 Code Snippets Extended | 2024-09-16 | 8.8 High |
Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery. | ||||
CVE-2017-0933 | 1 Ubnt | 1 Edgeos | 2024-09-16 | N/A |
Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system. | ||||
CVE-2015-6965 | 1 Creative-solutions | 1 Contact Form Generator | 2024-09-16 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) create a field, (2) update a field, (3) delete a field, (4) create a form, (5) update a form, (6) delete a form, (7) create a template, (8) update a template, (9) delete a template, or (10) conduct cross-site scripting (XSS) attacks via a crafted request to the cfg_forms page in wp-admin/admin.php. | ||||
CVE-2021-26033 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 6.5 Medium |
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint. | ||||
CVE-2009-4905 | 1 Accscripts | 1 Acc Statistics | 2024-09-16 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change (1) passwords, (2) usernames, and (3) e-mail addresses. | ||||
CVE-2017-1218 | 1 Ibm | 1 Bigfix Platform | 2024-09-16 | N/A |
IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858. | ||||
CVE-2013-0320 | 2 Drupal, Mattias Hutterer | 2 Drupal, Taxonomy Manager | 2024-09-16 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors. | ||||
CVE-2022-33177 | 1 Wpbookingcalendar | 1 Booking Calendar | 2024-09-16 | 5.4 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins Booking Calendar plugin <= 9.2.1 at WordPress leading to Translations Update. | ||||
CVE-2022-32175 | 1 Adguard | 1 Adguardhome | 2024-09-16 | 5.4 Medium |
In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules. | ||||
CVE-2018-2000 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-09-16 | N/A |
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890. | ||||
CVE-2018-6357 | 1 Acurax | 1 Social Media Widget | 2024-09-16 | N/A |
The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS. | ||||
CVE-2021-36850 | 1 Meowapps | 1 Media File Renamer - Auto \& Manual Rename | 2024-09-16 | 5.4 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters "post_title", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state. | ||||
CVE-2022-22348 | 1 Ibm | 1 Spectrum Protect Operations Center | 2024-09-16 | 2.4 Low |
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139. | ||||
CVE-2013-2704 | 2 Metin Saylan, Wordpress | 2 Dropdown Menu Widget, Wordpress | 2024-09-16 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. | ||||
CVE-2022-22361 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-09-16 | 6.5 Medium |
IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
CVE-2017-5796 | 1 Hp | 10 J9623a, J9623a Firmware, J9624a and 7 more | 2024-09-16 | N/A |
A Remote Cross Site Request Forgery (CSRF) vulnerability in HPE 2620 Series Network Switches version RA.15.05.0006 was found. | ||||
CVE-2018-10048 | 1 Iscripts | 1 Eswap | 2024-09-16 | N/A |
iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel. |