Total
8544 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5772 | 1 Bowo | 1 Debug Log Manager | 2024-11-21 | 4.3 Medium |
| The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the clear_log() function. This makes it possible for unauthenticated attackers to clear the debug log via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-5756 | 1 Supsystic | 1 Digital Publications By Supsystic | 2024-11-21 | 5.4 Medium |
| The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-5690 | 1 Modoboa | 1 Modoboa | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2. | ||||
| CVE-2023-5687 | 1 Mosparo | 1 Mosparo | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3. | ||||
| CVE-2023-5626 | 1 Sfu | 1 Open Journal System | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16. | ||||
| CVE-2023-5537 | 1 Joselazo | 1 Delete Usermeta | 2024-11-21 | 4.3 Medium |
| The Delete Usermeta plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing nonce validation on the delumet_options_page() function. This makes it possible for unauthenticated attackers to remove user meta for arbitrary users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-5511 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3. | ||||
| CVE-2023-5498 | 1 Chiefonboarding | 1 Chiefonboarding | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository chiefonboarding/chiefonboarding prior to v2.0.47. | ||||
| CVE-2023-5382 | 1 Funnelforms | 1 Funnelforms | 2024-11-21 | 6.5 Medium |
| The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_delete_posts function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-5036 | 1 Usememos | 1 Memos | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1. | ||||
| CVE-2023-52145 | 1 Mariosalexandrou | 1 Republish Old Posts | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.This issue affects Republish Old Posts: from n/a through 1.21. | ||||
| CVE-2023-52127 | 1 Wpclever | 1 Wpc Product Bundles For Woocommerce | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce.This issue affects WPC Product Bundles for WooCommerce: from n/a through 7.3.1. | ||||
| CVE-2023-52120 | 1 Basixonline | 1 Nex-forms | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2. | ||||
| CVE-2023-51681 | 2024-11-21 | 6.5 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicator – WordPress Migration & Backup Plugin.This issue affects Duplicator – WordPress Migration & Backup Plugin: from n/a through 1.5.7. | ||||
| CVE-2023-51668 | 1 Wpzone | 1 Inline Image Upload For Bbpress | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress.This issue affects Inline Image Upload for BBPress: from n/a through 1.1.18. | ||||
| CVE-2023-51545 | 1 Themehigh | 1 Job Manager \& Career | 2024-11-21 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4. | ||||
| CVE-2023-51530 | 2024-11-21 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through 3.5.1. | ||||
| CVE-2023-51474 | 1 Pixelemu | 1 Terraclassifieds | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Pixelemu TerraClassifieds.This issue affects TerraClassifieds: from n/a through 2.0.3. | ||||
| CVE-2023-51378 | 1 Eaglevisionit | 1 Rise Blocks | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Blocks – A Complete Gutenberg Page Builder.This issue affects Rise Blocks – A Complete Gutenberg Page Builder: from n/a through 3.1. | ||||
| CVE-2023-51358 | 1 Brightplugins | 1 Block Ips For Gravity Forms | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms.This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1. | ||||