Total
9107 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50886 | 1 Wpwax | 1 Legal Pages | 2025-01-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.3.7. | ||||
| CVE-2023-50861 | 1 Pluginus | 1 Husky - Products Filter Professional For Woocommerce | 2025-01-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.4.3. | ||||
| CVE-2023-33006 | 1 Jenkins | 1 Wso2 Oauth | 2025-01-23 | 5.4 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account. | ||||
| CVE-2023-33003 | 1 Jenkins | 1 Tag Profiler | 2025-01-23 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics. | ||||
| CVE-2023-32998 | 1 Jenkins | 1 Appspider | 2025-01-23 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. | ||||
| CVE-2023-32987 | 1 Jenkins | 1 Reverse Proxy Auth | 2025-01-23 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. | ||||
| CVE-2023-32980 | 2 Jenkins, Redhat | 2 Email Extension, Openshift | 2025-01-23 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job. | ||||
| CVE-2023-32978 | 1 Jenkins | 1 Lightweight Directory Access Protocol | 2025-01-23 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. | ||||
| CVE-2024-31985 | 1 Xwiki | 1 Xwiki | 2025-01-23 | 5.4 Medium |
| XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in any content as an image. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, manually apply the patch by modifying the `Scheduler.WebHome` page. | ||||
| CVE-2024-31363 | 1 Lifterlms | 1 Lifterlms | 2025-01-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issue affects LifterLMS: from n/a through 7.5.0. | ||||
| CVE-2024-43301 | 1 Fontsplugin | 1 Fonts | 2025-01-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Fonts Plugin Fonts allows Stored XSS.This issue affects Fonts: from n/a through 3.7.7. | ||||
| CVE-2023-2195 | 1 Jenkins | 1 Code Dx | 2025-01-22 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL. | ||||
| CVE-2023-2631 | 1 Jenkins | 1 Code Dx | 2025-01-22 | 4.3 Medium |
| A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | ||||
| CVE-2024-32785 | 1 Webangon | 1 The Pack Elementor Addons | 2025-01-22 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Webangon The Pack Elementor addons allows Cross-Site Scripting (XSS).This issue affects The Pack Elementor addons: from n/a through 2.0.8.3. | ||||
| CVE-2024-32793 | 1 Strangerstudios | 1 Paid Memberships Pro | 2025-01-22 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10. | ||||
| CVE-2024-2560 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-01-22 | 4.3 Medium |
| A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-51529 | 1 Hasthemes | 1 Ht Mega | 2025-01-22 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega – Absolute Addons For Elementor.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.3. | ||||
| CVE-2023-31708 | 1 Eyoucms | 1 Eyoucms | 2025-01-21 | 4.3 Medium |
| A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function. | ||||
| CVE-2024-0203 | 1 Unitedover | 1 Digits | 2025-01-21 | 8.8 High |
| The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digits_save_settings' function. This makes it possible for unauthenticated attackers to modify the default role of registered users to elevate user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-4429 | 1 Microfocus | 1 Imanager | 2025-01-21 | 5.4 Medium |
| Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information disclosure. | ||||