Total
8644 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33003 | 1 Jenkins | 1 Tag Profiler | 2025-01-23 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics. | |||||
| CVE-2023-32998 | 1 Jenkins | 1 Appspider | 2025-01-23 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. | |||||
| CVE-2023-32987 | 1 Jenkins | 1 Reverse Proxy Auth | 2025-01-23 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. | |||||
| CVE-2023-32980 | 1 Jenkins | 1 Email Extension | 2025-01-23 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job. | |||||
| CVE-2023-32978 | 1 Jenkins | 1 Lightweight Directory Access Protocol | 2025-01-23 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. | |||||
| CVE-2024-43301 | 1 Fontsplugin | 1 Fonts | 2025-01-23 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Fonts Plugin Fonts allows Stored XSS.This issue affects Fonts: from n/a through 3.7.7. | |||||
| CVE-2024-32785 | 1 Webangon | 1 The Pack Elementor Addons | 2025-01-22 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Webangon The Pack Elementor addons allows Cross-Site Scripting (XSS).This issue affects The Pack Elementor addons: from n/a through 2.0.8.3. | |||||
| CVE-2024-32793 | 1 Strangerstudios | 1 Paid Memberships Pro | 2025-01-22 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10. | |||||
| CVE-2024-2560 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-01-22 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-2395 | 1 Autopolis | 1 Bulgarisation For Woocommerce | 2025-01-22 | N/A | 7.3 HIGH |
| The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.14. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to generate and delete labels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-51529 | 1 Hasthemes | 1 Ht Mega | 2025-01-22 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega – Absolute Addons For Elementor.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.3. | |||||
| CVE-2023-31708 | 1 Eyoucms | 1 Eyoucms | 2025-01-21 | N/A | 4.3 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function. | |||||
| CVE-2024-0203 | 1 Unitedover | 1 Digits | 2025-01-21 | N/A | 8.8 HIGH |
| The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digits_save_settings' function. This makes it possible for unauthenticated attackers to modify the default role of registered users to elevate user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-4429 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information disclosure. | |||||
| CVE-2024-32794 | 1 Strangerstudios | 1 Paid Memberships Pro | 2025-01-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10. | |||||
| CVE-2024-37306 | 1 Cvat | 1 Computer Vision Annotation Tool | 2025-01-21 | N/A | 7.1 HIGH |
| Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a project, task or job that the victim user has permission to export into a cloud storage that the victim user has access to. The name of the resulting file can be chosen by the attacker. This implies that the attacker can overwrite arbitrary files in any cloud storage that the victim can access and, if the attacker has read access to the cloud storage used in the attack, they can obtain media files, annotations, settings and other information from any projects, tasks or jobs that the victim has permission to export. Version 2.14.3 contains a fix for the issue. No known workarounds are available. | |||||
| CVE-2024-13444 | 2025-01-21 | N/A | 6.1 MEDIUM | ||
| The wp-greet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-13432 | 2025-01-18 | N/A | 6.1 MEDIUM | ||
| The Webcamconsult plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-13317 | 2025-01-18 | N/A | 4.3 MEDIUM | ||
| The ShipWorks Connector for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to missing or incorrect nonce validation on the 'shipworks-wordpress' page. This makes it possible for unauthenticated attackers to update the services username and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-0588 | 1 Strangerstudios | 1 Paid Memberships Pro | 2025-01-17 | N/A | 4.3 MEDIUM |
| The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This makes it possible for unauthenticated attackers to enable the streamline setting with Lifter LMS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||