Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2023-23671: WordPress Layer Slider plugin <= 1.1.9.7 - Cross-Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions.

CVE
Open in Source
#csrf#vulnerability#wordpress#auth
Rockwell Automation Enhanced HIM

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Enhanced HIM Vulnerability: Cross-site Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to sensitive information disclosure and full remote access to the affected products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation’s Enhanced HIM, a communication interface, are affected: Enhanced HIM: Version 1.001 3.2 VULNERABILITY OVERVIEW 3.2.1 CROSS-SITE REQUEST FORGERY (CSRF) CWE-352  The API the application uses is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). ...

CVE-2023-36687: WordPress Menubar plugin <= 5.8.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Tarantini Menubar plugin <= 5.8.2 versions.

CVE-2023-36693: WordPress WP RSS Images plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez WP RSS Images plugin <= 1.1 versions.

CVE-2023-37391: WordPress WordPress Mobile Pack plugin <= 3.4.1 - Broken Access Control Vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin <= 3.4.1 versions.

CVE-2023-34015: WordPress Advanced Flat rate shipping Woocommerce plugin <= 1.6.4.4 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin <= 1.6.4.4 versions.

CVE-2023-36517: WordPress WP Abstracts plugin <= 2.6.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions.