Total
8696 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28949 | 1 Ibm | 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216. | |||||
| CVE-2023-28930 | 1 Robinphillips | 1 Mobile Banner | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Robin Phillips Mobile Banner plugin <= 1.5 versions. | |||||
| CVE-2023-28848 | 1 Nextcloud | 1 User Oidc | 2024-11-21 | N/A | 4.8 MEDIUM |
| user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available. | |||||
| CVE-2023-28791 | 1 Webtechforce | 1 Simple Org Chart | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions. | |||||
| CVE-2023-28780 | 1 Yoast | 1 Yoast Local Seo | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through 14.8. | |||||
| CVE-2023-28747 | 1 Codeboxr | 1 Cbx Currency Converter | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Currency Converter plugin <= 3.0.3 versions. | |||||
| CVE-2023-28718 | 1 Propumpservice | 2 Osprey Pump Controller, Osprey Pump Controller Firmware | 2024-11-21 | N/A | 7.1 HIGH |
| Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. This may allow an attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website. | |||||
| CVE-2023-28696 | 1 Themeist | 1 I Recommend This | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend This allows Cross Site Request Forgery.This issue affects I Recommend This: from n/a through 3.9.0. | |||||
| CVE-2023-28694 | 1 Wbcomdesigns | 1 Buddypress Activity Social Share | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin <= 3.5.0 versions. | |||||
| CVE-2023-28618 | 1 Infolific | 1 Enhanced Plugin Admin | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin <= 1.16 versions. | |||||
| CVE-2023-28498 | 1 Motopress | 1 Hotel Booking Lite | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in MotoPress Hotel Booking Lite plugin <= 4.6.0 versions. | |||||
| CVE-2023-28497 | 1 Tribulant | 1 Slideshow Gallery | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions. | |||||
| CVE-2023-28495 | 1 Mythemeshop | 1 Wp Shortcode | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop WP Shortcode by MyThemeShop plugin <= 1.4.16 versions. | |||||
| CVE-2023-28420 | 1 Leocaseiro | 1 Custom Options Plus | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Leo Caseiro Custom Options Plus plugin <= 1.8.1 versions. | |||||
| CVE-2023-28419 | 1 Strangerstudios | 1 Force Display Name | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Stranger Studios Force First and Last Name as Display Name plugin <= 1.2 versions. | |||||
| CVE-2023-28335 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 8.8 HIGH |
| The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. | |||||
| CVE-2023-28173 | 1 Digitalinspiration | 1 Google Xml Sitemap For Images | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Images plugin <= 2.1.3 versions. | |||||
| CVE-2023-28167 | 1 Vsourz | 1 Cf7 Invisible Recaptcha | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital CF7 Invisible reCAPTCHA plugin <= 1.3.3 versions. | |||||
| CVE-2023-28023 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | N/A | 4.9 MEDIUM |
| A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). | |||||
| CVE-2023-27634 | 1 Intrepidity Project | 1 Intrepidity | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions. | |||||