Vulnerabilities (CVE)

Filtered by CWE-352
Total 6075 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-3579 1 Hadsky 1 Hadsky 2024-11-21 5.0 MEDIUM 4.3 MEDIUM
A vulnerability, which was classified as problematic, has been found in HadSky 7.11.8. Affected by this issue is some unknown functionality of the component User Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233372.
CVE-2023-3414 1 Jenkins 1 Servicenow Devops 2024-11-21 N/A 6.1 MEDIUM
A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform.
CVE-2023-3356 1 Kreci 1 Subscribers Text Counter 2024-11-21 N/A 4.3 MEDIUM
The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
CVE-2023-3254 1 Trustedindex 1 Widgets For Google Reviews 2024-11-21 N/A 4.3 MEDIUM
The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setup_no_reg_header.php. This makes it possible for unauthenticated attackers to reset plugin settings and remove reviews via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-3203 1 Inspireui 1 Mstore Api 2024-11-21 N/A 4.3 MEDIUM
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-3179 1 Wpexperts 1 Post Smtp Mailer 2024-11-21 N/A 8.8 HIGH
The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account).
CVE-2023-3178 1 Wpexperts 1 Post Smtp 2024-11-21 N/A 4.3 MEDIUM
The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack.
CVE-2023-3075 1 Corebos 1 Corebos 2024-11-21 N/A 6.5 MEDIUM
Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8.
CVE-2023-3055 1 Azexo 1 Page Builder With Image Map By Azexo 2024-11-21 N/A 6.1 MEDIUM
The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_save' function. This makes it possible for unauthenticated attackers to update the post content and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-3052 1 Azexo 1 Page Builder With Image Map By Azexo 2024-11-21 N/A 6.3 MEDIUM
The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_add_post', 'azh_duplicate_post', 'azh_update_post' and 'azh_remove_post' functions. This makes it possible for unauthenticated attackers to create, modify, and delete a post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-3029 1 Pythagorean Oa Office System Project 1 Pythagorean Oa Office System 2024-11-21 5.0 MEDIUM 4.3 MEDIUM
A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230458 is the identifier assigned to this vulnerability.
CVE-2023-39989 1 Draftpress 1 Header Footer Code Manager 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions.
CVE-2023-39925 1 Peepso 1 Peepso 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Community by PeepSo plugin <= 6.1.6.0 versions.
CVE-2023-39923 1 Radiustheme 1 The Post Grid 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions.
CVE-2023-39917 1 Ays-pro 1 Photo Gallery 2024-11-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions.
CVE-2023-39446 1 Socomec 2 Modulys Gp, Modulys Gp Firmware 2024-11-21 N/A 8.9 HIGH
Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application.
CVE-2023-39412 4 Apple, Google, Intel and 1 more 4 Iphone Os, Android, Unison Software and 1 more 2024-11-21 N/A 5.4 MEDIUM
Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.
CVE-2023-39372 1 Startrinity 1 Softswitch 2024-11-21 N/A 8.1 HIGH
StarTrinity Softswitch version 2023-02-16 - Multiple CSRF (CWE-352)
CVE-2023-39311 2024-11-21 N/A 7.1 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.
CVE-2023-39286 1 Mitel 1 Connect Mobility Router 2024-11-21 N/A 4.3 MEDIUM
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.