Total
8695 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40724 | 1 Pingidentity | 1 Pingfederate | 2024-11-21 | N/A | 6.4 MEDIUM |
| The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests. | |||||
| CVE-2022-40695 | 1 Clogica | 1 Seo Redirection | 2024-11-21 | N/A | 5.4 MEDIUM |
| Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress. | |||||
| CVE-2022-40692 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions. | |||||
| CVE-2022-40687 | 1 Constantcontact | 1 Creative Mail | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. | |||||
| CVE-2022-40686 | 1 Constantcontact | 1 Creative Mail | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. | |||||
| CVE-2022-40671 | 1 Blazzdev | 1 Rate My Post - Wp Rating System | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress. | |||||
| CVE-2022-40632 | 1 Gvectors | 1 Wpforo Forum | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion. | |||||
| CVE-2022-40623 | 1 Wavlink | 2 Wn531g3, Wn531g3 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution. | |||||
| CVE-2022-40219 | 1 Sedlex | 1 Favicon-switcher | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change. | |||||
| CVE-2022-40198 | 1 Standalonetech | 1 Terawallet | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech TeraWallet – For WooCommerce plugin <= 1.3.24 leading to plugin settings change. | |||||
| CVE-2022-40192 | 1 Gvectors | 1 Wpforo Forum | 2024-11-21 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. | |||||
| CVE-2022-40180 | 1 Siemens | 20 Desigo Pxm30-1, Desigo Pxm30-1 Firmware, Desigo Pxm30.e and 17 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). A Cross-Site Request Forgery exists in the “Import Files“ functionality of the “Operation” web application due to the missing validation of anti-CSRF tokens or other origin checks. A remote unauthenticated attacker can upload and enable permanent arbitrary JavaScript code into the device just by convincing a victim to visit a specifically crafted webpage while logged-in to the device web application. | |||||
| CVE-2022-40179 | 1 Siemens | 20 Desigo Pxm30-1, Desigo Pxm30-1 Firmware, Desigo Pxm30.e and 17 more | 2024-11-21 | N/A | 8.1 HIGH |
| A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). A Cross-Site Request Forgery exists in endpoints of the “Operation” web application that interpret and execute Axon language queries, due to the missing validation of anti-CSRF tokens or other origin checks. By convincing a victim to click on a malicious link or visit a specifically crafted webpage while logged-in to the device web application, a remote unauthenticated attacker can execute arbitrary Axon queries against the device. | |||||
| CVE-2022-40132 | 1 Castos | 1 Seriously Simple Podcasting | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change. | |||||
| CVE-2022-40131 | 1 A3rev | 1 Page View Count | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings. | |||||
| CVE-2022-40128 | 1 Algolplus | 1 Advanced Order Export For Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download. | |||||
| CVE-2022-3978 | 1 Nodebb | 1 Nodebb | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this issue. The name of the patch is 2f9d8c350e54543f608d3d4c8e1a49bbb6cdea38. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-213555. | |||||
| CVE-2022-3747 | 1 Muffingroup | 1 Becustom | 2024-11-21 | N/A | 8.8 HIGH |
| The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like betheme_url_slug, replaced_theme_author, and betheme_label to name a few, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-3585 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0. Affected is an unknown function of the file /csms/?page=contact_us of the component Contact Us. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-211194 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3582 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211189 was assigned to this vulnerability. | |||||