Total
6081 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0245 | 1 Livehelperchat | 1 Livehelperchat | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0. | |||||
| CVE-2022-0238 | 2 Fedoraproject, Phoronix-media | 2 Fedora, Phoronix Test Suite | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2022-0231 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2022-0226 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2022-0215 | 1 Xootix | 3 Login\/signup Popup, Side Cart Woocommerce, Waitlist Woocommerce | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it possible for attackers to update arbitrary options on a site that can be used to create an administrative user account and grant full privileged access to a compromised site. This affects versions <= 2.2 in Login/Signup Popup, versions <= 2.5.1 in Waitlist Woocommerce ( Back in stock notifier ), and versions <= 2.0 in Side Cart Woocommerce (Ajax). | |||||
| CVE-2022-0199 | 1 Wpdevart | 1 Coming Soon And Maintenance Mode | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack | |||||
| CVE-2022-0197 | 2 Fedoraproject, Phoronix-media | 2 Fedora, Phoronix Test Suite | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2022-0196 | 2 Fedoraproject, Phoronix-media | 2 Fedora, Phoronix Test Suite | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2022-0191 | 1 Acnam | 1 Ad Invalid Click Protector | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans | |||||
| CVE-2022-0180 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page. | |||||
| CVE-2022-0154 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a Cross-Site Request Forgery attack that allows a malicious user to have their GitHub project imported on another GitLab user account. | |||||
| CVE-2022-0141 | 1 Vfbpro | 1 Visual Form Builder | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks | |||||
| CVE-2022-0134 | 1 Bologer | 1 Anycomment | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack | |||||
| CVE-2022-0088 | 1 Yourls | 1 Yourls | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3. | |||||
| CVE-2021-4425 | 1 Wpmudev | 1 Defender Security | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to verify a one time login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4422 | 1 Wpexperts | 1 Post Smtp Mailer | 2024-11-21 | N/A | 4.3 MEDIUM |
| The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport() function. This makes it possible for unauthenticated attackers to trigger a CSV export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4418 | 1 Wpfactory | 1 Custom Css\, Js \& Php | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4398 | 1 Amministrazione Trasparente Project | 1 Amministrazione Trasparente | 2024-11-21 | N/A | 8.8 HIGH |
| The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the at_save_aturl_meta() function. This makes it possible for unauthenticated attackers to update meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4389 | 1 Wensolutions | 1 Wp Travel | 2024-11-21 | N/A | 4.3 MEDIUM |
| The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4373 | 1 Webberzone | 1 Better Search | 2024-11-21 | N/A | 8.8 HIGH |
| The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||