Total
6075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47186 | 1 Kadencewp | 1 Kadence Woocommerce Email Designer | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin <= 1.5.11 versions. | |||||
| CVE-2023-47182 | 1 Nazmulhossainnihal | 1 Login Screen Manager | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin <= 3.5.2 versions. | |||||
| CVE-2023-47024 | 1 Ncratleos | 1 Terminal Handler | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types. | |||||
| CVE-2023-47020 | 1 Ncratleos | 1 Terminal Handler | 2024-11-21 | N/A | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types. | |||||
| CVE-2023-47014 | 1 Remyandrade | 1 Sticky Notes App | 2024-11-21 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php. | |||||
| CVE-2023-46781 | 1 Rolandmurg | 1 Current Menu Item For Custom Post Types | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin <= 1.5 versions. | |||||
| CVE-2023-46780 | 1 Altersoftware | 1 Alter | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin <= 1.0 versions. | |||||
| CVE-2023-46779 | 1 Easyrecipe Project | 1 Easyrecipe | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin <= 3.5.3251 versions. | |||||
| CVE-2023-46778 | 1 Thefreewindows | 1 Auto Limit Posts Reloaded | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in TheFreeWindows Auto Limit Posts Reloaded plugin <= 2.5 versions. | |||||
| CVE-2023-46777 | 1 Featherplugins | 1 Custom Login Page \| Temporary Users \| Rebrand Login \| Login Captcha | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin <= 1.1.3 versions. | |||||
| CVE-2023-46776 | 1 Josie | 1 Auto Excerpt Everywhere | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin <= 1.5 versions. | |||||
| CVE-2023-46775 | 1 Zixn | 1 Original Texts Yandex Webmaster | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin <= 1.18 versions. | |||||
| CVE-2023-46699 | 1 Weseek | 1 Growi | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention. | |||||
| CVE-2023-46617 | 1 Wpfoxly | 1 Adfoxly | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5. | |||||
| CVE-2023-46375 | 1 Zentao | 1 Biz | 2024-11-21 | N/A | 8.8 HIGH |
| ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF). | |||||
| CVE-2023-46242 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.6 CRITICAL |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to execute a content with the right of any user via a crafted URL. A user must have `programming` privileges in order to exploit this vulnerability. This issue has been patched in XWiki 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for for this vulnerability. | |||||
| CVE-2023-46212 | 1 Wpvnteam | 1 Wp Extra | 2024-11-21 | N/A | 6.3 MEDIUM |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2. | |||||
| CVE-2023-46204 | 1 Mullerdigital | 1 Duplicate Theme | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. Duplicate Theme plugin <= 0.1.6 versions. | |||||
| CVE-2023-46202 | 1 Auto Login New User After Registration Project | 1 Auto Login New User After Registration | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration plugin <= 1.9.6 versions. | |||||
| CVE-2023-46198 | 1 Apointzilla | 1 Appointment Calendar | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Solution Appointment Calendar plugin <= 2.9.6 versions. | |||||