ReportizFlow
Filtered by vendor
Subscriptions
Total
8331 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0141 | 1 Vfbpro | 1 Visual Form Builder | 2024-11-21 | 8.1 High |
| The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks | ||||
| CVE-2022-0134 | 1 Bologer | 1 Anycomment | 2024-11-21 | 8.8 High |
| The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack | ||||
| CVE-2022-0088 | 1 Yourls | 1 Yourls | 2024-11-21 | 7.4 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3. | ||||
| CVE-2021-4425 | 1 Wpmudev | 1 Defender Security | 2024-11-21 | 4.3 Medium |
| The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to verify a one time login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2021-4418 | 1 Wpfactory | 1 Custom Css\, Js \& Php | 2024-11-21 | 4.3 Medium |
| The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2021-4389 | 1 Wensolutions | 1 Wp Travel | 2024-11-21 | 4.3 Medium |
| The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2021-4168 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 8.8 High |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-4164 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 8.8 High |
| calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-4162 | 1 Archivy Project | 1 Archivy | 2024-11-21 | 4.3 Medium |
| archivy is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-4131 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 8.8 High |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-4130 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 8.8 High |
| snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-4123 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 6.5 Medium |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-4092 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 4.3 Medium |
| yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-4082 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 4.3 Medium |
| pimcore is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-4049 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 6.5 Medium |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-4033 | 1 Kimai | 1 Kimai 2 | 2024-11-21 | 6.5 Medium |
| kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-4030 | 1 Zyxel | 4 Nbg6816, Nbg6816 Firmware, Nbg6817 and 1 more | 2024-11-21 | 8 High |
| A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts. | ||||
| CVE-2021-4017 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 8.8 High |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-4015 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 4.3 Medium |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-4005 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 4.3 Medium |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | ||||