Total
7815 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38468 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration. | |||||
| CVE-2022-38454 | 1 Kraken | 1 Kraken.io Image Optimizer | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress. | |||||
| CVE-2022-38359 | 1 Eyeofnetwork | 1 Eyes Of Network Web | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin user by directing an authenticated user to the URL https://<target-address>/module/admin_user/index.php?DataTables_Table_0_length=10&user_selected%5B%5D=1&user_mgt_list=delete_user&action=submit by means of a crafted link. | |||||
| CVE-2022-38356 | 1 Stylemixthemes | 1 Pearl Header Builder | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin <= 1.3.4 versions. | |||||
| CVE-2022-38139 | 1 Rdstation | 1 Rd Station | 2024-11-21 | N/A | 5.4 MEDIUM |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.2.0 at WordPress. | |||||
| CVE-2022-38137 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= 4.2.2 on WordPress. | |||||
| CVE-2022-38095 | 1 Algolplus | 1 Advanced Dynamic Pricing For Woocommerce | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress. | |||||
| CVE-2022-38093 | 1 Aioseo | 1 All In One Seo | 2024-11-21 | N/A | 5.4 MEDIUM |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in One SEO plugin <= 4.2.3.1 at WordPress. | |||||
| CVE-2022-38086 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change. | |||||
| CVE-2022-38085 | 1 Read More By Adam Project | 1 Read More By Adam | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress. | |||||
| CVE-2022-38079 | 1 Backup Scheduler Project | 1 Backup Scheduler | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress. | |||||
| CVE-2022-38077 | 1 Essentialplugin | 1 Popup Anything | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions. | |||||
| CVE-2022-38075 | 1 Webartesanal | 1 Mantenimiento Web | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress. | |||||
| CVE-2022-38063 | 1 Social Login Wp Project | 1 Social Login Wp | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plugin <= 5.0.0.0 versions. | |||||
| CVE-2022-38062 | 1 Metagauss | 1 Download Theme | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme plugin <= 1.0.9 versions. | |||||
| CVE-2022-38059 | 1 Access Code Feeder Project | 1 Access Code Feeder | 2024-11-21 | N/A | 5.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Alexey Trofimov's Access Code Feeder plugin <= 1.0.3 at WordPress. | |||||
| CVE-2022-37730 | 1 Ftcms | 1 Ftcms | 2024-11-21 | N/A | 8.8 HIGH |
| In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerability in the PHP page, which causes the attacker to forge a link to trick him to click on a malicious link or visit a page containing attack code, and send a request to the server (corresponding to the identity authentication information) as the victim without the victim's knowledge. | |||||
| CVE-2022-37411 | 1 Captcha Code Project | 1 Captcha Code | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Captcha Code plugin <= 2.7 at WordPress. | |||||
| CVE-2022-37405 | 1 Better Font Awesome Project | 1 Better Font Awesome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay's Better Font Awesome plugin <= 2.0.1 at WordPress. | |||||
| CVE-2022-37043 | 1 Zimbra | 1 Collaboration | 2024-11-21 | N/A | 5.7 MEDIUM |
| An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. Thus, when an authenticated user views an attacker-controlled page, a request will be sent to the application that appears to be intended. The CSRF token is omitted from the request, but the request still succeeds. | |||||