Total
9108 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49794 | 1 Ibm | 1 Applinx | 2025-02-22 | 4.3 Medium |
| IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2024-31988 | 1 Xwiki | 1 Xwiki | 2025-02-21 | 9.7 Critical |
| XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user to either visit a crafted URL or to view an image with this URL that could be in a comment, the attacker can get the admin to execute arbitrary XWiki syntax including scripting macros with Groovy or Python code. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9. As a workaround, one may update `RTFrontend.ConvertHTML` manually with the patch. This will, however, break some synchronization processes in the realtime editor, so upgrading should be the preferred way on installations where this editor is used. | ||||
| CVE-2021-23227 | 1 Php Everywhere Project | 1 Php Everywhere | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP Everywhere plugin <= 2.0.2 versions. | ||||
| CVE-2021-44777 | 1 Email Tracker Project | 1 Email Tracker | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions <= 5.2.6). | ||||
| CVE-2022-23983 | 1 Wp-buy | 1 Wp Content Copy Protection \& No Right Click | 2025-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4). | ||||
| CVE-2022-25599 | 1 Spiffyplugins | 1 Spiffy Calendar | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). | ||||
| CVE-2022-25608 | 1 Yooslider | 1 Yoo Slider | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action. | ||||
| CVE-2022-25615 | 1 Stylemixthemes | 1 Eroom - Zoom Meetings \& Webinar | 2025-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion. | ||||
| CVE-2022-25614 | 1 Stylemixthemes | 1 Eroom - Zoom Meetings \& Webinar | 2025-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings. | ||||
| CVE-2021-36914 | 1 Claderaform | 1 Calderawp License Manager | 2025-02-20 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11. | ||||
| CVE-2022-27847 | 1 Yooslider | 1 Yoo Slider | 2025-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates. | ||||
| CVE-2022-27846 | 1 Yooslider | 1 Yoo Slider | 2025-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider. | ||||
| CVE-2022-27850 | 1 Plugin-planet | 1 Simple Ajax Chat | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message. | ||||
| CVE-2022-27851 | 1 Dineshkarki | 1 Use Any Font | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key. | ||||
| CVE-2022-23976 | 1 Accesspressthemes | 1 Access Demo Importer | 2025-02-20 | 8.1 High |
| Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media). | ||||
| CVE-2022-23975 | 1 Accesspressthemes | 1 Access Demo Importer | 2025-02-20 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin. | ||||
| CVE-2022-27860 | 1 Footer-text Project | 1 Footer-text | 2025-02-20 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin <= 2.0.3 on WordPress. | ||||
| CVE-2022-29413 | 1 Hermit Project | 1 Hermit | 2025-02-20 | 4.7 Medium |
| Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress via &title parameter. | ||||
| CVE-2022-29412 | 1 Hermit Project | 1 Hermit | 2025-02-20 | 5.4 Medium |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source. | ||||
| CVE-2022-29414 | 1 Wpkube | 1 Subscribe To Comments Reloaded | 2025-02-20 | 5.4 Medium |
| Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription. | ||||