Cross site request forgery (csrf)

The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-6292 Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF

The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-3178 POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability delete arbitrary logs via a CSRF attack...

CVE-2022-3899

The CVE-2022-3899 entry describes a CSRF vulnerability in the 3dprint WordPress plugin (versions prior to 3.5.6.9) that uses a modified Tiny File Manager. The underlying issue is a lack of CSRF protection in the file management component, allowing an attacker to craft a request that can delete fi...

PT-2024-15213 · Peepso · The Community By Peepso

Name of the Vulnerable Software and Affected Versions: The Community by PeepSo WordPress plugin versions prior to 6.3.1.2 Description: The issue is related to the lack of a CSRF check when creating a user post, which could allow attackers to make logged-in users perform such actions via a CSRF...

CVE-2023-50932

An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visitin...

CVE-2023-50931

An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting...

CVE-2023-50930

An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a...

CVE-2023-50930

An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a...

Cross site request forgery (csrf)

An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a...

Design/Logic Flaw

An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting...

Design/Logic Flaw

An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visitin...

CVE-2023-50931

savignano S/Notify for Bitbucket

Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF

Description The plugin does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack PoC 1. Log in as a normal user. 2. Save the content below as an HTML file. 3. Change...

CVE-2023-50932

The CVE-2023-50932 issue affects savignano S/Notify before 4.0.2 on Confluence. When an administrative user is logged in, the app’s configuration can be modified via CSRF, triggered by clicking a malicious link or visiting a malicious site. If exploited, an attacker could adjust the S/Notify conf...

CVE-2023-50932

An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visitin...

CVE-2023-50930

Affected product: savignano S/Notify for Jira (prior to v4.0.2). Root cause: CSRF enables an administrative user to modify configuration settings when logged in, via a malicious link or malicious website. Impact: potential for unencrypted email notifications (confidentiality impact) and configura...

CVE-2023-50930

An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a...

CVE-2023-50930

An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a...

CVE-2023-50932

An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visitin...