Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2023-34178: WordPress Groundhogg plugin <= 2.7.11 - Cross Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Groundhogg plugin <= 2.7.11 versions.

CVE
Open in Source
#csrf#vulnerability#wordpress#auth
CVE-2023-46614: WordPress WP Helper Premium plugin <= 4.5.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Helper Premium plugin <= 4.5.1 versions.

CVE-2023-34386: WordPress WPC Smart Wishlist for WooCommerce plugin <= 4.7.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin <= 4.7.1 versions.

CVE-2023-25975: WordPress Etsy Shop plugin <= 3.0.3 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Frédéric Sheedy Etsy Shop plugin <= 3.0.3 versions.

CVE-2023-45885: XSS in NASAs Open MCT v3.1.0

Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.

CVE-2023-25994: WordPress Publish to Schedule plugin <= 4.4.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.4.2 versions.

CVE-2023-45857: CVE-2023-45857 (CWE-359) XSRF-TOKEN value is disclosed to an unauthorised actor · Issue #6006 · axios/axios

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.