Total
8607 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-7052 | 1 Phpgurukul | 1 Online Notes Sharing System | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739. | ||||
| CVE-2023-7051 | 1 Phpgurukul | 1 Online Notes Sharing System | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/manage-notes.php of the component Notes Handler. The manipulation of the argument delid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248738 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-7038 | 1 Automad | 1 Automad | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in automad up to 1.10.9. It has been rated as problematic. This issue affects some unknown processing of the file /dashboard?controller=UserCollection::createUser of the component User Creation Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248687. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6968 | 1 Themoneytizer | 1 The Moneytizer | 2024-11-21 | 8.1 High |
| The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.5.20. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to to update and retrieve billing and bank details, update and reset the plugin's settings, and update languages as well as other lower-severity actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-6904 | 1 Nxfilter | 1 Nxfilter | 2024-11-21 | 4.3 Medium |
| A vulnerability classified as problematic was found in Jahastech NxFilter 4.3.2.5. This vulnerability affects unknown code of the file /config,admin.jsp. The manipulation of the argument admin_name leads to cross-site request forgery. The attack can be initiated remotely. VDB-248266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6766 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2024-11-21 | 4.3 Medium |
| A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/course.php of the component Delete Course Handler. The manipulation of the argument delid leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247896. | ||||
| CVE-2023-6689 | 1 Efacec | 2 Bcu 500, Bcu 500 Firmware | 2024-11-21 | 8.2 High |
| A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application. | ||||
| CVE-2023-6676 | 1 Nationalkeep | 1 Cybermath | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery.This issue affects CyberMath: from v1.4 before v1.5. | ||||
| CVE-2023-6671 | 1 Openjournalsystems | 1 Open Journal Systems | 2024-11-21 | 6.3 Medium |
| A vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. | ||||
| CVE-2023-6653 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the component Create a new Subject. The manipulation of the argument cid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247346 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-6633 | 1 Sidenotesproject | 1 Side Notes | 2024-11-21 | 4.3 Medium |
| The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks | ||||
| CVE-2023-6501 | 1 Cochinoman | 1 Splashscreen | 2024-11-21 | 4.3 Medium |
| The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2023-6251 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 3.5 Low |
| Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. | ||||
| CVE-2023-6197 | 1 Myaudiomerchant | 1 Audio Merchant | 2024-11-21 | 5.4 Medium |
| The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audio_merchant_save_settings function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-6196 | 1 Myaudiomerchant | 1 Audio Merchant | 2024-11-21 | 8.8 High |
| The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audio_merchant_add_audio_file function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-6137 | 1 Wpfrontier | 1 Frontier Post | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in finnj Frontier Post allows Cross Site Request Forgery.This issue affects Frontier Post: from n/a through 6.1. | ||||
| CVE-2023-6022 | 1 Prefect | 1 Prefect | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefect prior to 2.16.5. | ||||
| CVE-2023-6008 | 1 Userproplugin | 1 Userpro | 2024-11-21 | 6.3 Medium |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options. | ||||
| CVE-2023-5990 | 1 Funnelforms | 1 Funnelforms Free | 2024-11-21 | 6.5 Medium |
| The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks | ||||
| CVE-2023-5979 | 1 Implecode | 1 Ecommerce Product Catalog | 2024-11-21 | 6.5 Medium |
| The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products | ||||