Total
6081 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20612 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-11-21 | 2.6 LOW | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set. | |||||
| CVE-2022-1969 | 1 Script | 1 Mobile Browser Color Select | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the admin_update_data() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-1967 | 1 Wp-championship Project | 1 Wp-championship | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues | |||||
| CVE-2022-1960 | 1 Mycss Project | 1 Mycss | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The MyCSS WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1957 | 1 Comment License Project | 1 Comment License | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Comment License WordPress plugin before 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1956 | 1 Shortcut Macros Project | 1 Shortcut Macros | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them. | |||||
| CVE-2022-1918 | 1 Toolbar To Share Project | 1 Toolbar To Share | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-1914 | 1 Clean-contact Project | 1 Clean-contact | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well | |||||
| CVE-2022-1913 | 1 Add Post Url Project | 1 Add Post Url | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | |||||
| CVE-2022-1912 | 1 Smartsoft | 1 Button Widget Smartsoft | 2024-11-21 | N/A | 8.8 HIGH |
| The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbutton_settings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-1900 | 1 Copify | 1 Copify | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-1895 | 1 Underconstruction Project | 1 Underconstruction | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack | |||||
| CVE-2022-1885 | 1 Cimy Header Image Rotator Project | 1 Cimy Header Image Rotator | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1847 | 1 Rotating Posts Project | 1 Rotating Posts | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1846 | 1 Tiny Contact Form Project | 1 Tiny Contact Form | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1845 | 1 Wp Post Styling Project | 1 Wp Post Styling | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks | |||||
| CVE-2022-1844 | 1 Wp-sentry Project | 1 Wp-sentry | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well | |||||
| CVE-2022-1843 | 1 Mailpress Project | 1 Mailpress | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks | |||||
| CVE-2022-1842 | 1 Openbook Book Data Project | 1 Openbook Book Data | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well | |||||
| CVE-2022-1832 | 1 Capa Protect Project | 1 Capa Protect | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable the applied protection. | |||||