CWE-352— Cross-Site Request Forgery (CSRF)

CVE-2023-27418MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Timo Reith Affiliate Super Assistent plugin <= 1.5.1 versions.

CVE-2023-27423MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite – add sticky fixed buttons plugin <= 4.0 versions.

2023-05-18

Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto Prune Posts plugin <= 1.8.0 versions.

CVE-2023-27424MEDIUMCVSS 5.4EG 5.4

2023-07-17

Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <= 1.59 versions.

CVE-2023-27430MEDIUMCVSS 5.4EG 5.4

2023-05-18

Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass Delete Unused Tags plugin <= 2.0.0 versions.

CVE-2023-27431MEDIUMCVSS 4.3EG 4.3

CVE-2023-27433MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk Big Store theme <= 1.9.3 versions.

2023-10-04

Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Make Paths Relative allows Cross Site Request Forgery.This issue affects Make Paths Relative: from n/a through 1.3.0.

CVE-2023-27434MEDIUMCVSS 4.3EG 4.3

CVE-2023-27435MEDIUMCVSS 6.3EG 6.3

Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Classic Editor and Classic Widgets plugin <= 1.2.5 versions.

2023-10-03

Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin <= 0.3.2 versions.

CVE-2023-27436MEDIUMCVSS 5.4EG 5.4

CVE-2023-27438MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Louis Reingold Elegant Custom Fonts plugin <= 1.0 versions.

CVE-2023-27441MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Evgen Yurchenko WP Translitera plugin <= p1.2.5 versions.

CVE-2023-27442MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions.

CVE-2023-27444MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions.

CVE-2023-27445MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin <= 3.7.0 versions.

CVE-2023-27446MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc. Blog Floating Button plugin <= 1.4.12 versions.

CVE-2023-27448MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.1.4 versions.

2023-10-06

Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <= 2.8.0 versions.

CVE-2023-27453MEDIUMCVSS 5.4EG 5.4

CVE-2023-27457MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.3.1 versions.

CVE-2023-27458MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains Add Expires Headers & Optimized Minify plugin <= 2.7 versions.

CVE-2023-2746CRITICALCVSS 9.6EG 9.6

Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream plugin <= 4.4.10 versions.

2023-07-11

The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site R…

CVE-2023-27461MEDIUMCVSS 4.3EG 4.3

CVE-2023-27490HIGHCVSS 8.1EG 8.1

Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <= 1.2.1 versions.

2023-03-09

NextAuth.js is an open source authentication solution for Next.js applications. `next-auth` applications using OAuth provider versions before `v4.20.1` have been found to be subject to an authentication vulnerability. A bad actor who can r…

CVE-2023-27495MEDIUMCVSS 5.3EG 5.3

2023-04-20

@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-s…

CVE-2023-27520MEDIUMCVSS 6.5EG 4.8

2023-04-11

Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a …

CVE-2023-27606MEDIUMCVSS 5.4EG 5.4

2023-07-17

Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP Reroute Email plugin <= 1.4.6 versions.

CVE-2023-27611MEDIUMCVSS 5.4EG 5.4

CVE-2023-27615MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in audrasjb Reusable Blocks Extended plugin <= 0.9 versions.

2023-10-06

Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP Super Minify plugin <= 1.5.1 versions.

CVE-2023-27623MEDIUMCVSS 5.4EG 5.4

CVE-2023-27632MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Jens Törnell WP Page Numbers plugin <= 0.5 versions.

CVE-2023-27633MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.03.08 versions.

CVE-2023-27634HIGHCVSS 8.8EG 8.8

Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin <= 2.10.4 versions.

2023-06-15

Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions.

CVE-2023-27889HIGHCVSS 8.8EG 8.8

2023-05-10

Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a mal…

CVE-2023-28023MEDIUMCVSS 4.9EG 4.9

2023-07-18

A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).

CVE-2023-28167MEDIUMCVSS 5.4EG 5.4

CVE-2023-28172MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital CF7 Invisible reCAPTCHA plugin <= 1.3.3 versions.

CVE-2023-28173MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions.

CVE-2023-2830MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Images plugin <= 2.1.3 versions.

2023-10-03

Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions.

CVE-2023-28335HIGHCVSS 8.8EG 8.8

2023-03-23

The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.

CVE-2023-28361MEDIUMCVSS 6.5EG 6.5

2023-05-11

A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud…

CVE-2023-28419MEDIUMCVSS 5.4EG 5.4

CVE-2023-2842HIGHCVSS 8.1EG 8.1

Cross-Site Request Forgery (CSRF) vulnerability in Stranger Studios Force First and Last Name as Display Name plugin <= 1.2 versions.

2023-06-27

The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack

CVE-2023-28420MEDIUMCVSS 5.4EG 5.4

CVE-2023-28495MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Leo Caseiro Custom Options Plus plugin <= 1.8.1 versions.

CVE-2023-28497MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop WP Shortcode by MyThemeShop plugin <= 1.4.16 versions.

CVE-2023-28498MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions.