Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3585 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | 4.3 Medium |
| A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0. Affected is an unknown function of the file /csms/?page=contact_us of the component Contact Us. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-211194 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-3582 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | 4.3 Medium |
| A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211189 was assigned to this vulnerability. | ||||
| CVE-2022-3538 | 1 Webmaster Tools Verification Project | 1 Webmaster Tools Verification | 2024-11-21 | 6.5 Medium |
| The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins | ||||
| CVE-2022-3537 | 1 Addify | 1 Role Based Pricing For Woocommerce | 2024-11-21 | 8.8 High |
| The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP | ||||
| CVE-2022-3536 | 1 Addify | 1 Role Based Pricing For Woocommerce | 2024-11-21 | 8.8 High |
| The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog | ||||
| CVE-2022-3489 | 1 Weberge | 1 Wp Hide | 2024-11-21 | 5.3 Medium |
| The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request | ||||
| CVE-2022-3451 | 1 Addify | 1 Product Stock Manager | 2024-11-21 | 4.3 Medium |
| The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options | ||||
| CVE-2022-3419 | 1 Addify | 1 Automatic User Roles Switcher | 2024-11-21 | 6.5 Medium |
| The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator | ||||
| CVE-2022-3274 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 3.5 Low |
| Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.7. | ||||
| CVE-2022-3267 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6. | ||||
| CVE-2022-3233 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6. | ||||
| CVE-2022-3232 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5. | ||||
| CVE-2022-3221 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3. | ||||
| CVE-2022-3208 | 1 Simplefilelist | 1 Simple-file-list | 2024-11-21 | 6.5 Medium |
| The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack. | ||||
| CVE-2022-3154 | 3 Integration For Billingo \& Gravity Forms Project, Integration For Szamlazz.hu \& Gravity Forms Project, Woo Billingo Plus Project | 3 Integration For Billingo \& Gravity Forms, Integration For Szamlazz.hu \& Gravity Forms, Woo Billingo Plus | 2024-11-21 | 7.1 High |
| The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license | ||||
| CVE-2022-3151 | 1 Wp Custom Cursors Project | 1 Wp Custom Cursors | 2024-11-21 | 4.3 Medium |
| The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack. | ||||
| CVE-2022-3149 | 1 Wp Custom Cursors Project | 1 Wp Custom Cursors | 2024-11-21 | 6.1 Medium |
| The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored Cross-Site Scripting | ||||
| CVE-2022-3126 | 1 Najeebmedia | 1 Frontend File Manager Plugin | 2024-11-21 | 4.3 Medium |
| The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf | ||||
| CVE-2022-3121 | 1 Online Employee Leave Management System Project | 1 Online Employee Leave Management System | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addemployee.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The identifier VDB-207853 was assigned to this vulnerability. | ||||
| CVE-2022-3119 | 1 Oauth Client Single Sign On Project | 1 Oauth Client Single Sign On | 2024-11-21 | 7.5 High |
| The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address | ||||