Total
8545 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4633 | 1 Auto Upload Images Project | 1 Auto Upload Images | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Settings Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 3.3.1 is able to address this issue. The name of the patch is 895770ee93887ec78429c78ffdfb865bee6f9436. It is recommended to upgrade the affected component. VDB-216482 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-4604 | 1 Wp-english-wp-admin Project | 1 Wp-english-wp-admin | 2024-11-21 | 4.3 Medium |
| A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function register_endpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.5.2 is able to address this issue. The name of the patch is ad4ba171c974c65c3456e7c6228f59f40783b33d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216199. | ||||
| CVE-2022-4125 | 1 Popup Manager Project | 1 Popup Manager | 2024-11-21 | 4.3 Medium |
| The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well | ||||
| CVE-2022-4014 | 1 Feehi | 1 Feehicms | 2024-11-21 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this vulnerability is VDB-213788. | ||||
| CVE-2022-47559 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2024-11-21 | 8.6 High |
| Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity. | ||||
| CVE-2022-47175 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions. | ||||
| CVE-2022-47172 | 1 Hasthemes | 1 Woolentor - Woocommerce Elementor Addons \+ Builder | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions. | ||||
| CVE-2022-47169 | 1 Staxwp | 1 Visibility Logic For Elementor | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in StaxWP Visibility Logic for Elementor plugin <= 2.3.4 versions. | ||||
| CVE-2022-47132 | 1 Creativeitem | 1 Academy Lms | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users. | ||||
| CVE-2022-46857 | 1 Sitealert | 1 Sitealert | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= 1.9.7 versions. | ||||
| CVE-2022-46841 | 1 Soflyy | 1 Oxygen | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <= 4.4 versions. | ||||
| CVE-2022-45828 | 1 Nootheme | 1 Noo Timetable | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions. | ||||
| CVE-2022-45823 | 1 Video Contest Wordpress Project | 1 Video Contest Wordpress | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Video Contest WordPress plugin <= 3.2 versions. | ||||
| CVE-2022-45372 | 1 Codeixer | 1 Product Gallery Slider For Woocommerce | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Gallery Slider for WooCommerce plugin <= 2.2.8 versions. | ||||
| CVE-2022-44741 | 1 Slidervilla | 1 Testimonial Slider | 2024-11-21 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress. | ||||
| CVE-2022-43710 | 1 Gxsoftware | 1 Xperiencentral | 2024-11-21 | 8.8 High |
| Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields. | ||||
| CVE-2022-42880 | 1 Auto Upload Images Project | 1 Auto Upload Images | 2024-11-21 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ali Irani Auto Upload Images plugin <= 3.3 versions allows Stored Cross-Site Scripting (XSS). | ||||
| CVE-2022-41615 | 1 Agilelogix | 1 Store Locator | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress. | ||||
| CVE-2022-41296 | 1 Ibm | 2 Db2, Db2 Warehouse | 2024-11-21 | 6.5 Medium |
| IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210. | ||||
| CVE-2022-41136 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2024-11-21 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress. | ||||