CWE-352— Cross-Site Request Forgery (CSRF)

CVE-2023-45753MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gallery plugin <= 2.3.12 versions.

CVE-2023-45763MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Gilles Dumas which template file plugin <= 4.6.0 versions.

CVE-2023-45831MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Taggbox plugin <= 2.9 versions.

CVE-2023-45836MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin Rafique AMP WP – Google AMP For WordPress plugin <= 1.5.15 versions.

CVE-2023-45857MEDIUMCVSS 6.5EG 6.5

Cross-Site Request Forgery (CSRF) vulnerability in XYDAC Ultimate Taxonomy Manager plugin <= 2.0 versions.

2023-11-08

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

CVE-2023-45884MEDIUMCVSS 6.5EG 6.5

2023-11-09

Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin.

CVE-2023-45901HIGHCVSS 8.8EG 8.8

CVE-2023-45902HIGHCVSS 8.8EG 8.8

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin\/category\/add.

CVE-2023-45903HIGHCVSS 8.8EG 8.8

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete.

CVE-2023-45904HIGHCVSS 8.8EG 8.8

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete.

CVE-2023-45905HIGHCVSS 8.8EG 8.8

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update.

CVE-2023-45906HIGHCVSS 8.8EG 8.8

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add.

CVE-2023-45907HIGHCVSS 8.8EG 8.8

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add.

CVE-2023-45992CRITICALCVSS 9.6EG 9.6

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete.

2023-10-19

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin manage…

CVE-2023-46067MEDIUMCVSS 4.3EG 4.3

2023-10-21

Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions.

CVE-2023-46078MEDIUMCVSS 5.4EG 5.4

2023-10-21

Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Serial Numbers plugin <= 1.6.3 versions.

CVE-2023-46085MEDIUMCVSS 4.3EG 4.3

2023-10-22

Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions.

CVE-2023-46087MEDIUMCVSS 4.3EG 4.3

CVE-2023-46089MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa Who Hit The Page – Hit Counter plugin <= 1.4.14.3 versions.

2023-10-22

Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback Userback plugin <= 1.0.13 versions.

CVE-2023-46092MEDIUMCVSS 5.4EG 7.1

CVE-2023-46095MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Webmaster Tools allows Stored XSS.This issue affects Webmaster Tools: from n/a through 2.0.

2023-10-22

Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth Scroll Links [SSL] plugin <= 1.1.0 versions.

CVE-2023-46150MEDIUMCVSS 5.4EG 5.4

CVE-2023-46151MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radio plugin <= 3.1.9 versions.

CVE-2023-46152MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions.

CVE-2023-46189MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions.

CVE-2023-46190MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar – Google Calendar Plugin <= 3.2.5 versions.

CVE-2023-46191MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin <= 1.1.2 versions.

CVE-2023-46193MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar Open Graph Metabox plugin <= 1.4.4 versions.

CVE-2023-46198MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions.

CVE-2023-46201MEDIUMCVSS 4.3EG 7.1

Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Solution Appointment Calendar plugin <= 2.9.6 versions.

CVE-2023-46202MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration allows Stored XSS.This issue affects Auto Login New User After Registration: from n/a through 1.9.6.

CVE-2023-46204MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration plugin <= 1.9.6 versions.

CVE-2023-46212MEDIUMCVSS 6.3EG 6.3

Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. Duplicate Theme plugin <= 0.1.6 versions.

2023-12-19

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2.

CVE-2023-46242CRITICALCVSS 9.6EG 9.6

2023-11-07

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to execute a content with the right of any user via a crafted URL. A user must have `programming` p…

CVE-2023-4628MEDIUMCVSS 4.3EG 4.3

2024-03-12

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflow_save_hook() function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to u…

CVE-2023-4629MEDIUMCVSS 4.3EG 4.3

2024-03-12

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the save_config() function in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to update t…

CVE-2023-46375HIGHCVSS 8.8EG 8.8

2023-10-27

ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF).

CVE-2023-4659CRITICALCVSS 9.8EG 9.8

2023-10-02

Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET …

CVE-2023-46614MEDIUMCVSS 5.4EG 8.8

2023-11-09

Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Helper Premium plugin <= 4.5.1 versions.

CVE-2023-46617MEDIUMCVSS 5.4EG 5.4

2023-12-18

Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5.

CVE-2023-46618MEDIUMCVSS 4.3EG 4.3

CVE-2023-46619MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5 versions.

CVE-2023-46620MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions.

CVE-2023-46625MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.3.9.1 versions.

CVE-2023-46629MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Autolinks Manager plugin <= 1.10.04 versions.

CVE-2023-46634HIGHCVSS 7.1EG 7.1

Cross-Site Request Forgery (CSRF) vulnerability in themelocation Remove Add to Cart WooCommerce plugin <= 1.4.4.

CVE-2023-46636MEDIUMCVSS 5.4EG 5.4

Cross-Site Request Forgery (CSRF) vulnerability in phoeniixx Custom My Account for Woocommerce allows Cross-Site Scripting (XSS).This issue affects Custom My Account for Woocommerce: from n/a through 2.1.

CVE-2023-46638MEDIUMCVSS 4.3EG 4.3

Cross-Site Request Forgery (CSRF) vulnerability in David Stöckl Custom Header Images plugin <= 1.2.1 versions.