Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2023-0503

The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

CVE
Open in Source
#csrf#wordpress
CVE-2023-0484

The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

CVE-2023-0335

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment.

WebTareas 2.4 Cross Site Scripting

WebTareas version 2.4 suffers from multiple cross site scripting vulnerabilities.

CVE-2022-30705: WordPress Ping Optimizer plugin <= 2.35.1.2.3 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Pankaj Jha WordPress Ping Optimizer plugin <= 2.35.1.2.3 versions.

GHSA-wxmq-v9gx-75pg: Moodle vulnerable to Cross-site Request Forgery

The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.

CVE-2023-1612: SQL injection vulnerability exists in the /files/list-file interface of the rebuild system · Issue #598 · getrebuild/rebuild

A vulnerability, which was classified as critical, was found in Rebuild up to 3.2.3. This affects an unknown part of the file /files/list-file. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223743.

CVE-2023-28335

The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.

CVE-2023-1610: SQL injection vulnerability exists in the /project/tasks/list interface of the rebuild system · Issue #597 · getrebuild/rebuild

A vulnerability, which was classified as critical, has been found in Rebuild up to 3.2.3. Affected by this issue is some unknown functionality of the file /project/tasks/list. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223742 is the identifier assigned to this vulnerability.

CVE-2023-20113: Cisco Security Advisory: Cisco SD-WAN vManage Software Cluster Mode Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts.