Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2022-36417: 3D Tag Cloud

Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress.

CVE
Open in Source
#xss#csrf#vulnerability#web#java#wordpress#php
CVE-2022-38085

Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress.

CVE-2022-40671

Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress.

CVE-2022-2937: Vulnerability Advisories - Wordfence

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.

Feehi CMS 2.1.1 Remote Code Execution

Feehi CMS version 2.1.1 suffers from an authenticated remote code execution vulnerability.

GHSA-gmj8-84r4-h46j: rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed

rdiffwen prior to version 2.4.7 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker can change a user's email ID. Version 2.4.7 has a fix for this issue.

CVE-2022-3274: Mitigate CSRF on user's settings #221 · ikus060/rdiffweb@e974df7

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.7.

CVE-2022-3267

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6.

GHSA-jjch-7g85-4m72: Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer permission for the affected form validation method.

GHSA-6cvr-rvpm-9wx4: Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.