CWE-352— Cross-Site Request Forgery (CSRF)

CVE-2023-44999MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy Hoyt, steveclarkcouk, Vitaliy Kukin, Eric Le Bail, Tom Ransom Category Meta plugin plugin <= 1.2.8 versions.

2024-03-27

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0.

CVE-2023-45011MEDIUMCVSS 4.3EG 4.3

CVE-2023-45047HIGHCVSS 7.1EG 7.1

Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Power Stats plugin <= 2.2.3 versions.

CVE-2023-45048MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in LeadSquared, Inc LeadSquared Suite plugin <= 0.7.4 versions.

CVE-2023-45052MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof testimonials and reviews by Repuso plugin <= 5.00 versions.

CVE-2023-45058MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map Pro plugin < 5.0 versions.

CVE-2023-45060MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short URL plugin <= 1.6.8 versions.

CVE-2023-45063MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions.

CVE-2023-45068MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin <= 1.1.5 versions.

CVE-2023-45102MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions.

CVE-2023-45103MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Blog Manager Light plugin <= 1.20 versions.

CVE-2023-45106MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions.

CVE-2023-45107MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin <= 2.8.33 versions.

CVE-2023-45108MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin <= 1.0.22 versions.

CVE-2023-45109MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay plugin <= 2.1.1 versions.

CVE-2023-45128CRITICALCVSS 10.0EG 10.0

Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage plugin <= 1.1.5 versions.

CVE-2023-45141HIGHCVSS 8.6EG 8.6

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf …

CVE-2023-45267MEDIUMCVSS 4.3EG 4.3

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user.…

CVE-2023-45268MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou plugin <= 2.2.1 versions.

CVE-2023-45269MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps Web Analytics plugin <= 5.86 versions.

CVE-2023-45270MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 2.0.25 versions.

CVE-2023-45273MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions.

CVE-2023-45274MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Matt McKenny Stout Google Calendar plugin <= 1.2.3 versions.

CVE-2023-45276MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <= 1.3.1 versions.

CVE-2023-45316HIGHCVSS 7.3EG 7.3

Cross-Site Request Forgery (CSRF) vulnerability in automatededitor.Com Automated Editor plugin <= 1.3 versions.

2023-12-12

Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to …

CVE-2023-45317HIGHCVSS 8.8EG 8.8

2023-10-26

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a log…

CVE-2023-45374MEDIUMCVSS 5.3EG 5.3

2023-10-09

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:Upda…

CVE-2023-45605MEDIUMCVSS 4.3EG 4.3

CVE-2023-45606MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Christopher Finke Feed Statistics plugin <= 4.1 versions.

CVE-2023-45629MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs plugin <= 120 versions.

CVE-2023-45638MEDIUMCVSS 6.5EG 6.5

Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions.

CVE-2023-45639MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in euPago Eupago Gateway For Woocommerce plugin <= 3.1.9 versions.

CVE-2023-45641MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Codex-m Sort SearchResult By Title plugin <= 10.0 versions.

CVE-2023-45642MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Caret Inc. Caret Country Access Limit plugin <= 1.0.2 versions.

CVE-2023-45643MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Hassan Ali Snap Pixel plugin <= 1.5.7 versions.

CVE-2023-45645MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin <= 1.0 versions.

CVE-2023-45647MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in InfoD74 WP Open Street Map plugin <= 1.25 versions.

CVE-2023-45650MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in MailMunch Constant Contact Forms by MailMunch plugin <= 2.0.10 versions.

CVE-2023-45651MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com HTML5 Maps plugin <= 1.7.1.4 versions.

CVE-2023-45653MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11.

CVE-2023-45654MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Video Playlist For YouTube plugin <= 6.0 versions.

CVE-2023-45655MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions.

CVE-2023-45656MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions.

CVE-2023-45670HIGHCVSS 7.5EG 7.5

Cross-Site Request Forgery (CSRF) vulnerability in Kevin Weber Lazy Load for Videos plugin <= 2.18.2 versions.

2023-10-30

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site …

CVE-2023-45748MEDIUMCVSS 4.3EG 4.3