CWE-352 CVEs and Security Vulnerabilities

Filtered by CWE-352

Search

Switch to Advanced Search (Beta)

Total 8528 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-2447	1 Userproplugin	1 Userpro	2024-11-21	6.1 Medium
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'export_users' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-2440	1 Userproplugin	1 Userpro	2024-11-21	8.8 High
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to modify the role of verified users to elevate verified user privileges to that of any user such as 'administrator' via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-2438	1 Userproplugin	1 Userpro	2024-11-21	6.1 Medium
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-2286	1 Wpwhitesecurity	1 Wp Activity Log	2024-11-21	4.3 Medium
The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-29440	1 Presstigers	1 Simple Job Board	2024-11-21	8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board plugin <= 2.10.3 versions.
CVE-2023-29426	1 Spreadshop	1 Spreadshop	2024-11-21	8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd.Net AG) Spreadshop plugin <= 1.6.5 versions.
CVE-2023-29425	1 Plainware	1 Shiftcontroller	2024-11-21	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions.
CVE-2023-29238	1 Whydonate	1 Wp Whydonate	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Whydonate Whydonate – FREE Donate button – Crowdfunding – Fundraising plugin <= 3.12.15 versions.
CVE-2023-29235	1 Fugu	1 Maintenance Switch	2024-11-21	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions.
CVE-2023-28995	1 Configurable Tag Cloud Project	1 Configurable Tag Cloud	2024-11-21	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Configurable Tag Cloud (CTC) plugin <= 5.2 versions.
CVE-2023-28989	1 Wedevs	1 Happy Addons For Elementor	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons for Elementor plugin <= 3.8.2 versions.
CVE-2023-28987	1 Wpmet	1 Wp Ultimate Review	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions.
CVE-2023-28986	1 Wpaffiliatemanager	1 Affiliates Manager	2024-11-21	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin <= 2.9.20 versions.
CVE-2023-28949	1 Ibm	2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access	2024-11-21	6.5 Medium
IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.
CVE-2023-28930	1 Robinphillips	1 Mobile Banner	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Robin Phillips Mobile Banner plugin <= 1.5 versions.
CVE-2023-28791	1 Webtechforce	1 Simple Org Chart	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.
CVE-2023-28780	1 Yoast	1 Yoast Local Seo	2024-11-21	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through 14.8.
CVE-2023-28749	1 Cminds	1 Cm On Demand Search And Replace	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.
CVE-2023-28747	1 Codeboxr	1 Cbx Currency Converter	2024-11-21	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Currency Converter plugin <= 3.0.3 versions.
CVE-2023-28696	1 Themeist	1 I Recommend This	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend This allows Cross Site Request Forgery.This issue affects I Recommend This: from n/a through 3.9.0.

« first previous Page 298 of 427. next last »