Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2022-47179: WordPress OWM Weather plugin <= 5.6.11 - Cross Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a draft.

CVE
#csrf#vulnerability#wordpress#auth
CVE-2022-47612: WordPress Participants Database plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update.

CVE-2023-23865: WordPress Stripe Payments For WooCommerce by Checkout Plugins plugin <= 1.4.10 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin <= 1.4.10 leads to settings change.

CVE-2023-23983: WordPress Responsive Vertical Icon Menu plugin <= 1.5.8 - Cross Site Request Forgery (CSRF) Leading To Settings Change Vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 can lead to theme deletion.

CVE-2023-24419: WordPress Formidable Forms plugin <= 5.5.6 - Cross Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions.

CVE-2022-43459: WordPress Forms by CaptainForm <= 2.5.3 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainForm – Form Builder for WordPress plugin <= 2.5.3 versions.

Osprey Pump Controller 1.0.1 Cross-Site Request Forgery

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

CVE-2022-48362: ZohOwned :: A Critical Authentication Bypass on Zoho ManageEngine Desktop Central

Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.)