Total
6075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41684 | 1 Felixwelberg | 1 Sis Handball | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Felix Welberg SIS Handball plugin <= 1.0.45 versions. | |||||
| CVE-2023-41672 | 1 Remileclercq | 1 Hide Admin Notices - Admin Notification Center Plugin | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Rémi Leclercq Hide admin notices – Admin Notification Center plugin <= 2.3.2 versions. | |||||
| CVE-2023-41670 | 1 Palasthotel | 1 Use Memcached | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel (in person: Edward Bock) Use Memcached plugin <= 1.0.4 versions. | |||||
| CVE-2023-41669 | 1 Daext | 1 Live News | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plugin <= 1.06 versions. | |||||
| CVE-2023-41668 | 1 Leadster | 1 Leadster | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions. | |||||
| CVE-2023-41667 | 1 Ulfbenjaminsson | 1 Wp-dtree | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions. | |||||
| CVE-2023-41660 | 1 Wpsynchro | 1 Wp Synchro | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchro plugin <= 1.9.1 versions. | |||||
| CVE-2023-41659 | 1 Bdwm | 1 Responsive Gallery Grid | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <= 2.3.10 versions. | |||||
| CVE-2023-41654 | 1 Heigl | 1 Authldap | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <= 2.5.8 versions. | |||||
| CVE-2023-41650 | 1 Remove\/hide Author\, Date\, Category Like Entry-meta Project | 1 Remove\/hide Author\, Date\, Category Like Entry-meta | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <= 2.1 versions. | |||||
| CVE-2023-41452 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. | |||||
| CVE-2023-41244 | 1 Buildfail | 1 Localize Remote Images | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions. | |||||
| CVE-2023-41131 | 1 Followingmedarling | 1 Spotify Play Button | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.10 versions. | |||||
| CVE-2023-41086 | 1 Furunosystems | 24 Acera 1010, Acera 1010 Firmware, Acera 1020 and 21 more | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. If a user views a malicious page while logged in, unintended operations may be performed. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode. | |||||
| CVE-2023-40953 | 1 Idreamsoft | 1 Icms | 2024-11-21 | N/A | 8.8 HIGH |
| icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF). | |||||
| CVE-2023-40868 | 1 Moosocial | 1 Moosocial | 2024-11-21 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions. | |||||
| CVE-2023-40671 | 1 Daxiawp | 1 Dx-auto-save-images | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in ??wp DX-auto-save-images plugin <= 1.4.0 versions. | |||||
| CVE-2023-40607 | 1 Cluevo | 1 Learning Management System | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <= 1.10.0 versions. | |||||
| CVE-2023-40572 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.0 CRITICAL |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation. | |||||
| CVE-2023-40561 | 1 Multidots | 1 Enhanced Ecommerce Google Analytics For Woocommerce | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhanced Ecommerce Google Analytics for WooCommerce plugin <= 3.7.1 versions. | |||||