Total
6078 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45228 | 1 Dragino | 2 Lg01 Lora, Lg01 Lora Firmware | 2024-11-21 | N/A | 3.5 LOW |
| Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page. | |||||
| CVE-2022-45149 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | N/A | 5.4 MEDIUM |
| A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks. | |||||
| CVE-2022-45130 | 1 Plesk | 1 Obsidian | 2024-11-21 | N/A | 6.5 MEDIUM |
| Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names ("Obsidian"), not numbers. | |||||
| CVE-2022-45127 | 1 Sewio | 1 Real-time Location System Studio | 2024-11-21 | N/A | 8.1 HIGH |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary backup operations and cause a denial-of-service condition. | |||||
| CVE-2022-45080 | 1 Krishaweb | 1 Add Multiple Marker | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in KrishaWeb Add Multiple Marker plugin <= 1.2 versions. | |||||
| CVE-2022-45079 | 1 Loginizer | 1 Loginizer | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. | |||||
| CVE-2022-45076 | 1 Webmat | 1 Flexible Elementor Panel | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WebMat Flexible Elementor Panel plugin <= 2.3.8 versions. | |||||
| CVE-2022-45074 | 1 Areteit | 1 Activity Reactions For Buddypress | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Paramveer Singh for Arete IT Private Limited Activity Reactions For Buddypress plugin <= 1.0.22 versions. | |||||
| CVE-2022-45073 | 1 Miniorange | 1 Wordpress Rest Api Authentication | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress. | |||||
| CVE-2022-45072 | 1 Wpml | 1 Wpml | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. | |||||
| CVE-2022-45071 | 1 Wpml | 1 Wpml | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. | |||||
| CVE-2022-45068 | 1 Mercadopago | 1 Mercado Pago Payments For Woocommerce | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin <= 6.3.1. | |||||
| CVE-2022-45067 | 1 Devscred | 1 Exclusive Addons For Elementor | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions. | |||||
| CVE-2022-44937 | 1 Bosscms | 1 Bosscms | 2024-11-21 | N/A | 6.5 MEDIUM |
| Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module. | |||||
| CVE-2022-44849 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account. | |||||
| CVE-2022-44741 | 1 Slidervilla | 1 Testimonial Slider | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress. | |||||
| CVE-2022-44740 | 1 Constantcontact | 1 Creative Mail | 2024-11-21 | N/A | 5.4 MEDIUM |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress. | |||||
| CVE-2022-44739 | 1 Thingsforrestaurants | 1 Quick Restaurant Reservations | 2024-11-21 | N/A | 5.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin <= 1.5.4 versions. | |||||
| CVE-2022-44737 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2024-11-21 | N/A | 5.4 MEDIUM |
| Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress. | |||||
| CVE-2022-44627 | 1 Coleds | 1 Simple Seo | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemaps. | |||||