Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3356 | 1 Kreci | 1 Subscribers Text Counter | 2024-11-21 | 4.3 Medium |
| The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | ||||
| CVE-2023-3179 | 1 Wpexperts | 1 Post Smtp Mailer | 2024-11-21 | 8.8 High |
| The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account). | ||||
| CVE-2023-3178 | 1 Wpexperts | 1 Post Smtp | 2024-11-21 | 4.3 Medium |
| The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack. | ||||
| CVE-2023-39989 | 1 Draftpress | 1 Header Footer Code Manager | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions. | ||||
| CVE-2023-39925 | 1 Peepso | 1 Peepso | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Community by PeepSo plugin <= 6.1.6.0 versions. | ||||
| CVE-2023-39923 | 1 Radiustheme | 1 The Post Grid | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions. | ||||
| CVE-2023-39917 | 1 Ays-pro | 1 Photo Gallery | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions. | ||||
| CVE-2023-39446 | 1 Socomec | 2 Modulys Gp, Modulys Gp Firmware | 2024-11-21 | 8.9 High |
| Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application. | ||||
| CVE-2023-39412 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | 5.4 Medium |
| Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. | ||||
| CVE-2023-39372 | 1 Startrinity | 1 Softswitch | 2024-11-21 | 8.1 High |
| StarTrinity Softswitch version 2023-02-16 - Multiple CSRF (CWE-352) | ||||
| CVE-2023-39311 | 2024-11-21 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1. | ||||
| CVE-2023-39286 | 1 Mitel | 1 Connect Mobility Router | 2024-11-21 | 4.3 Medium |
| A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. | ||||
| CVE-2023-39285 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 4.3 Medium |
| A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. | ||||
| CVE-2023-39166 | 1 Tagdiv | 1 Tagdiv Composer | 2024-11-21 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before 4.4. | ||||
| CVE-2023-39165 | 1 Fetchdesigns | 1 Sign-up Sheets | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets plugin <= 2.2.8 versions. | ||||
| CVE-2023-39159 | 1 Multidots | 1 Fraud Prevention For Woocommerce | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions. | ||||
| CVE-2023-39158 | 1 Multidots | 1 Banner Management For Woocommerce | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions. | ||||
| CVE-2023-39156 | 1 Jenkins | 1 Bazaar | 2024-11-21 | 5.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags. | ||||
| CVE-2023-39153 | 1 Jenkins | 1 Gitlab Authentication | 2024-11-21 | 5.4 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account. | ||||
| CVE-2023-39061 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 3.5 Low |
| Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code. | ||||