Total
6077 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-4604 | 1 Wp-english-wp-admin Project | 1 Wp-english-wp-admin | 2024-11-21 | N/A | 4.3 MEDIUM |
A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function register_endpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.5.2 is able to address this issue. The name of the patch is ad4ba171c974c65c3456e7c6228f59f40783b33d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216199. | |||||
CVE-2022-4564 | 1 Ucf | 1 Materia | 2024-11-21 | N/A | 4.3 MEDIUM |
A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.1-alpha1 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability. | |||||
CVE-2022-4548 | 1 Imageseo | 1 Optimize Images Alt Text \(alt Tag\) \& Names For Seo Using Ai | 2024-11-21 | N/A | 6.5 MEDIUM |
The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. | |||||
CVE-2022-4397 | 1 Zend-blog-2 Project | 1 Zend-blog-2 | 2024-11-21 | N/A | 4.3 MEDIUM |
A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 36b2d4abe20a6245e4f8df7a4b14e130b24d429d. It is recommended to apply a patch to fix this issue. VDB-215250 is the identifier assigned to this vulnerability. | |||||
CVE-2022-4349 | 1 Pwn Project | 1 Pwn | 2024-11-21 | N/A | 4.3 MEDIUM |
A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability. | |||||
CVE-2022-4138 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 6.4 MEDIUM |
A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project. | |||||
CVE-2022-4125 | 1 Popup Manager Project | 1 Popup Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well | |||||
CVE-2022-4124 | 1 Popup Manager Project | 1 Popup Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them | |||||
CVE-2022-4103 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-11-21 | N/A | 4.3 MEDIUM |
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any post type) with an arbitrary title | |||||
CVE-2022-4102 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-11-21 | N/A | 3.1 LOW |
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug. | |||||
CVE-2022-4090 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | N/A | 4.3 MEDIUM |
A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214331. | |||||
CVE-2022-4024 | 1 Genetechsolutions | 1 Pie Register | 2024-11-21 | N/A | 6.5 MEDIUM |
The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts) | |||||
CVE-2022-4021 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2024-11-21 | N/A | 8.8 HIGH |
The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to change plugin settings including permalinks and site maps, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
CVE-2022-4014 | 1 Feehi | 1 Feehicms | 2024-11-21 | N/A | 4.3 MEDIUM |
A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this vulnerability is VDB-213788. | |||||
CVE-2022-4013 | 1 Hospital Management Center Project | 1 Hospital Management Center | 2024-11-21 | N/A | 4.3 MEDIUM |
A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787. | |||||
CVE-2022-48320 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 5.4 MEDIUM |
Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk <= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an attacker to add new visual elements to multiple pages. | |||||
CVE-2022-48309 | 1 Sophos | 1 Connect | 2024-11-21 | N/A | 4.3 MEDIUM |
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. | |||||
CVE-2022-47612 | 1 Xnau | 1 Participants Database | 2024-11-21 | N/A | 4.3 MEDIUM |
Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update. | |||||
CVE-2022-47611 | 1 Hover Image Project | 1 Hover Image | 2024-11-21 | N/A | 4.3 MEDIUM |
Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m Hover Image plugin <= 1.4.1 versions. | |||||
CVE-2022-47609 | 1 Nicearma | 1 Dnui-delete-not-used-image | 2024-11-21 | N/A | 6.3 MEDIUM |
Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugin <= 2.8.1 versions. |