CVE-2023-2271 Tiempo.com <= 0.1.2 - Shortcode Deletion via CSRF

The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack...

The vulnerability of the Sitemap plugin in the click5 content management system for WordPress allows a hacker to create an administrator-account and perform a CSRF attack.

The vulnerability of the Sitemap plugin in the click5 content management system for WordPress is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to create an account with administrator privileges and carry out a CSRF attack...

Absolute Privacy <= 2.1 - User Email/Password Change via Cross-Site Request Forgery

Description The plugin does not protect its abprprofileShortcode action against CSRF attacks, allowing an unauthenticated attacker to change a users email or password by tricking a logged in administrator to submit a crafted request...

Subscribers Text Counter < 1.7.1 - Settings Update via CSRF to Stored XSS

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping PoC Create an HTML file with the...

CVE-2023-3507 WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack...

Multiple Plugins from Inisev - Plugin Installation via CSRF

Description Multiple plugins from the Inisev vendor are lacking CSRF check in the handleinstallation function hooked to the inisevinstallation AJAX action, allowing unauthenticated attackers to make logged in admins install plugins from Inisev on the blog via a CSRF attack...

Cisco NX-OS Software NX-API Cross-Site Request Forgery (CVE-2021-1227)

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker cou...

CVE-2022-30280

/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application even if it implements a CSRF token for the random GET request does not ever verify a CSRF token. With a litt...

CVE-2023-2329

The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

PT-2023-13775 · WordPress +1 · 3Dprint +1

Name of the Vulnerable Software and Affected Versions: 3DPrint WordPress plugin versions prior to 3.5.6.9 Description: The issue allows an attacker to craft a malicious request, exploiting the lack of protection against CSRF attacks in the modified version of Tiny File Manager. This can trick a...

CVE-2021-4421 Advanced Popups <= 1.1.1 - Cross-Site Request Forgery Bypass

The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the metaboxpopupsave function. This makes it possible for unauthenticated attackers to save meta tags via a forged...

Cross site request forgery (csrf)

The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing CORS settings and, as a result, is vulnerable to a Cross Site Request Forgery CSRF attack. To exploit this vulnerability, a...

CVE-2023-2746 Rockwell Automation Enhanced HIM Vulnerable to Cross-Site Request Forgery Attack

The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing CORS settings and, as a result, is vulnerable to a Cross Site Request Forgery CSRF attack. To exploit this vulnerability, a...

CVE-2022-29561

The CVE-2022-29561 entry documents a Cross-Site Request Forgery (CSRF) vulnerability in Siemens RUGGEDCOM ROX devices. Affected products and older versions include MX5000, MX5000RE, RX1400, RX1500/1501/1510/1511/1512/1524/1536, and RX5000, all versions

CVE-2023-20180

A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attack...

Cross site request forgery (csrf)

A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attack...

CVE-2023-20180

A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attack...

SUSE SLES15 Security Update : dnsdist (SUSE-SU-2023:2777-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2777-1 advisory. - An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend...

The vulnerability of the software and hardware components of SCADA systems, such as the ABB Pulsar Plus System Controller NE843_S, Infinity DC Power Plant H5692448 G104, Infinity DC Power Plant H5692448 G842, Infinity DC Power Plant H5692448 G224L, Infinity DC Power Plant H5692448 G630-4, Infinity DC Power Plant H5692448 G451C(2), Infinity DC Power Plant H5692448 G461(2), arises due to insufficient validation of input data. This vulnerability allows attackers to execute CSRF attacks.

The vulnerabilities of the software and hardware components of SCADA systems, such as ABB Pulsar Plus System Controller NE843S, Infinity DC Power Plant H5692448 G104, Infinity DC Power Plant H5692448 G842, Infinity DC Power Plant H5692448 G224L, Infinity DC Power Plant H5692448 G630-4, Infinity D...

CVE-2023-2842

The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack...