ReportizFlow
Filtered by vendor
Subscriptions
Total
8337 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2746 | 1 Rockwellautomation | 1 Enhanced Him | 2024-11-21 | 9.6 Critical |
| The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products. | ||||
| CVE-2023-2508 | 2 Apple, Papercut | 2 Macos, Mobility Print Server | 2024-11-21 | 5.3 Medium |
| The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure printer discovery" section). This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc. | ||||
| CVE-2023-2497 | 1 Userproplugin | 1 Userpro | 2024-11-21 | 8.8 High |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to the use of unserialize() on the user supplied parameter via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-2474 | 1 Getrebuild | 1 Rebuild | 2024-11-21 | 4.3 Medium |
| A vulnerability has been found in Rebuild 3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-227866 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-2447 | 1 Userproplugin | 1 Userpro | 2024-11-21 | 6.1 Medium |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'export_users' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-2440 | 1 Userproplugin | 1 Userpro | 2024-11-21 | 8.8 High |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to modify the role of verified users to elevate verified user privileges to that of any user such as 'administrator' via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-2438 | 1 Userproplugin | 1 Userpro | 2024-11-21 | 6.1 Medium |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-2286 | 1 Wpwhitesecurity | 1 Wp Activity Log | 2024-11-21 | 4.3 Medium |
| The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-29440 | 1 Presstigers | 1 Simple Job Board | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board plugin <= 2.10.3 versions. | ||||
| CVE-2023-29426 | 1 Spreadshop | 1 Spreadshop | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd.Net AG) Spreadshop plugin <= 1.6.5 versions. | ||||
| CVE-2023-29425 | 1 Plainware | 1 Shiftcontroller | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions. | ||||
| CVE-2023-29238 | 1 Whydonate | 1 Wp Whydonate | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Whydonate Whydonate – FREE Donate button – Crowdfunding – Fundraising plugin <= 3.12.15 versions. | ||||
| CVE-2023-29235 | 1 Fugu | 1 Maintenance Switch | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions. | ||||
| CVE-2023-28995 | 1 Configurable Tag Cloud Project | 1 Configurable Tag Cloud | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Configurable Tag Cloud (CTC) plugin <= 5.2 versions. | ||||
| CVE-2023-28989 | 1 Wedevs | 1 Happy Addons For Elementor | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons for Elementor plugin <= 3.8.2 versions. | ||||
| CVE-2023-28987 | 1 Wpmet | 1 Wp Ultimate Review | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions. | ||||
| CVE-2023-28986 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin <= 2.9.20 versions. | ||||
| CVE-2023-28949 | 1 Ibm | 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access | 2024-11-21 | 6.5 Medium |
| IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216. | ||||
| CVE-2023-28930 | 1 Robinphillips | 1 Mobile Banner | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Robin Phillips Mobile Banner plugin <= 1.5 versions. | ||||
| CVE-2023-28791 | 1 Webtechforce | 1 Simple Org Chart | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions. | ||||