Total
6075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36522 | 1 Wepupil | 1 Quiz Expert - Easy Quiz Maker\, Exam And Test Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WePupil Quiz Expert plugin <= 1.5.0 versions. | |||||
| CVE-2023-36517 | 1 Wp Abstracts Project | 1 Wp Abstracts | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions. | |||||
| CVE-2023-36514 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | |||||
| CVE-2023-36513 | 1 Woocommerce | 1 Automatewoo | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions. | |||||
| CVE-2023-36511 | 1 Woocommerce | 1 Woocommerce Order Barcodes | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions. | |||||
| CVE-2023-36256 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | N/A | 6.5 MEDIUM |
| The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin's consent. The email of the user to be deleted is passed as a parameter in the URL, which can be manipulated by the attacker. This could result in a loss of data. | |||||
| CVE-2023-36237 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script. | |||||
| CVE-2023-36162 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add function in adminlist.php. | |||||
| CVE-2023-35917 | 1 Woocommerce | 1 Paypal Payments | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions. | |||||
| CVE-2023-35913 | 1 Oopspam | 1 Oopspam Anti-spam | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.44 versions. | |||||
| CVE-2023-35912 | 1 Wpzone | 1 Potent Donations For Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Potent Donations for WooCommerce plugin <= 1.1.9 versions. | |||||
| CVE-2023-35880 | 1 Woocommerce | 1 Brands | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions. | |||||
| CVE-2023-35793 | 1 Cassianetworks | 1 Access Controller | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery (CSRF) attacks. | |||||
| CVE-2023-35781 | 1 Lws | 1 Lws Cleaner | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin <= 2.3.0 versions. | |||||
| CVE-2023-35780 | 1 Galleria Project | 1 Galleria | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Andy Whalen Galleria plugin <= 1.0.3 versions. | |||||
| CVE-2023-35778 | 1 Recent Posts Slider Project | 1 Recent Posts Slider | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions. | |||||
| CVE-2023-35774 | 1 Lws | 1 Lws Tools | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.4.1 versions. | |||||
| CVE-2023-35773 | 1 Template Debugger Project | 1 Template Debugger | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Danny Hearnah - ChubbyNinjaa Template Debugger plugin <= 3.1.2 versions. | |||||
| CVE-2023-35148 | 1 Jenkins | 1 Digital.ai App Management Publisher | 2024-11-21 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | |||||
| CVE-2023-35141 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A | 8.0 HIGH |
| In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu. | |||||