Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-2531

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-03 Jun, 2008 | 15:00
Updated At-07 Aug, 2024 | 09:05
Rejected At-
Credits

Cross-site scripting (XSS) vulnerability in the search script in Build A Niche Store (BANS) 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:03 Jun, 2008 | 15:00
Updated At:07 Aug, 2024 | 09:05
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site scripting (XSS) vulnerability in the search script in Build A Niche Store (BANS) 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/42373
vdb-entry
x_refsource_XF
http://holisticinfosec.org/content/view/64/45/
x_refsource_MISC
http://secunia.com/advisories/30153
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/29187
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42373
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://holisticinfosec.org/content/view/64/45/
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/30153
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/29187
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/42373
vdb-entry
x_refsource_XF
x_transferred
http://holisticinfosec.org/content/view/64/45/
x_refsource_MISC
x_transferred
http://secunia.com/advisories/30153
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/29187
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42373
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://holisticinfosec.org/content/view/64/45/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/30153
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/29187
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 Jun, 2008 | 15:32
Updated At:08 Aug, 2017 | 01:31

Cross-site scripting (XSS) vulnerability in the search script in Build A Niche Store (BANS) 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
buildanichestore3
buildanichestore3
>>bans>>3.0
cpe:2.3:a:buildanichestore3:bans:3.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://holisticinfosec.org/content/view/64/45/cve@mitre.org
N/A
http://secunia.com/advisories/30153cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/29187cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/42373cve@mitre.org
N/A
Hyperlink: http://holisticinfosec.org/content/view/64/45/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/30153
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/29187
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42373
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

698Records found
CVE-2022-26588
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.85%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 20:12
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI.

Action-Not Available
Vendor-icehrmn/a
Product-icehrmn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-36534
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 36.86%
||
7 Day CHG~0.00%
Published-03 Jun, 2022 | 19:10
Updated-15 Apr, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
easyii CMS out cross-site request forgery

A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-easyiicmseasyii
Product-easyiicmsCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-2123
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 12:57
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Opt-in <= 1.4.1 - Arbitrary Settings Update via CSRF

The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails.

Action-Not Available
Vendor-wp_opt-in_projectUnknown
Product-wp_opt-inWP Opt-in
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-36140
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 41.56%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 15:03
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely).

Action-Not Available
Vendor-bloofoxn/a
Product-bloofoxcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-2146
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.13% / 32.98%
||
7 Day CHG~0.00%
Published-17 Jul, 2022 | 10:36
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Import CSV Files <= 1.0 - Reflected Cross-Site Scripting

The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting

Action-Not Available
Vendor-import_csv_files_projectUnknown
Product-import_csv_filesImport CSV Files
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-36505
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.73%
||
7 Day CHG~0.00%
Published-01 Nov, 2021 | 08:45
Updated-04 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delete All Comments Easily <= 1.3 - All Comments Deletion via CSRF

The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog.

Action-Not Available
Vendor-delete_all_comments_easily_projectUnknown
Product-delete_all_comments_easilyDelete All Comments Easily
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1829
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.19%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 10:26
Updated-03 Aug, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inline Google Maps <= 5.11 - Arbitrary Settings Update to Stored XSS via CSRF

The Inline Google Maps WordPress plugin through 5.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping

Action-Not Available
Vendor-inline_google_maps_projectUnknown
Product-inline_google_mapsInline Google Maps
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1895
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 10:26
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
underConstruction < 1.20 - Construction Mode Deactivation via CSRF

The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack

Action-Not Available
Vendor-underconstruction_projectUnknown
Product-underconstructionunderConstruction
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1732
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.86%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 12:56
Updated-03 Aug, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rename wp-login.php <= 2.6.0 - Secret URL Update via CSRF

The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-rename_wp-login_projectUnknown
Product-rename_wp-loginRename wp-login.php
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1843
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:57
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MailPress <= 7.2.1 - Arbitrary Settings Update & Log Files Purge via CSRF

The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks

Action-Not Available
Vendor-mailpress_projectUnknown
Product-mailpressMailPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1827
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.40%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 10:26
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDF24 Article To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF

The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-pdf24_articles_to_pdf_projectUnknown
Product-pdf24_articles_to_pdfPDF24 Article To PDF
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1424
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.61%
||
7 Day CHG~0.00%
Published-06 Jun, 2022 | 08:51
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ask Me < 6.8.2 - Multiple CSRF in AJAX Actions

The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.

Action-Not Available
Vendor-2codeUnknown
Product-ask_meAsk me
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1612
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 12:42
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Webriti SMTP Mail <= 1.0 - Arbitrary Settings Update via CSRF

The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-webritiUnknown
Product-webriti_smtp_mailWebriti SMTP Mail
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1885
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cimy Header Image Rotator <= 6.1.1 - Arbitrary Settings Update via CSRF

The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-cimy_header_image_rotator_projectUnknown
Product-cimy_header_image_rotatorCimy Header Image Rotator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1712
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-06 Jun, 2022 | 08:51
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LiveSync for WordPress <= 1.0 - Arbitrary Settings Update via CSRF

The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-livesync_projectUnknown
Product-livesyncLiveSync for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1847
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rotating Posts <= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF

The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-rotating_posts_projectUnknown
Product-rotating_postsRotating Posts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1846
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF

The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-tiny_contact_form_projectUnknown
Product-tiny_contact_formTiny Contact Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1625
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:57
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF

The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites.

Action-Not Available
Vendor-wpexpertsUnknown
Product-new_user_approveNew User Approve
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1914
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clean-Contact <= 1.6 - Arbitrary Settings Update to Stored XSS via CSRF

The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well

Action-Not Available
Vendor-clean-contact_projectUnknown
Product-clean-contactClean-Contact
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1605
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 12:42
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Email Users <= 4.8.8 - Arbitrary Settings Update via CSRF

The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users

Action-Not Available
Vendor-email_users_projectUnknown
Product-email_usersEmail Users
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1694
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 12:42
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Useful Banner Manager <= 1.6.1 - Modify banners via CSRF

The Useful Banner Manager WordPress plugin through 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form.

Action-Not Available
Vendor-useful_banner_manager_projectUnknown
Product-useful_banner_managerUseful Banner Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1695
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-06 Jun, 2022 | 08:51
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF

The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.

Action-Not Available
Vendor-UnknownTips and Tricks HQ
Product-wp_simple_adsense_insertionWP Simple Adsense Insertion
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1421
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-7.61% / 91.48%
||
7 Day CHG~0.00%
Published-06 Jun, 2022 | 08:50
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discy < 5.2 - Settings Update via CSRF

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack

Action-Not Available
Vendor-2codeUnknown
Product-discyDiscy
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1608
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.61%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 12:42
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OnePress Social Locker <= 5.6.2 - Arbitrary Settings Update via CSRF

The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-byonepressUnknown
Product-social_lockerOnePress Social Locker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1844
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:57
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Sentry <= 1.0 - Arbitrary Settings Update to Stored XSS via CSRF

The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well

Action-Not Available
Vendor-wp-sentry_projectUnknown
Product-wp-sentryWP Sentry
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1960
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MyCSS <= 1.1 - Arbitrary Settings Update via CSRF

The MyCSS WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-mycss_projectUnknown
Product-mycssMyCSS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1761
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.40%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 12:42
Updated-03 Aug, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Peter’s Collaboration E-mails <= 2.2.0 - Arbitrary Settings Update via CSRF

The Peter’s Collaboration E-mails WordPress plugin through 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more.

Action-Not Available
Vendor-peter\'s_collaboration_e-mails_projectUnknown
Product-peter\'s_collaboration_e-mailsPeter’s Collaboration E-mails
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1790
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.61%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 12:42
Updated-03 Aug, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
New User Email Set Up <= 0.5.2 - Arbitrary Settings Update via CSRF

The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-new_user_email_set_up_projectUnknown
Product-new_user_email_set_upNew User Email Set Up
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1418
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.09% / 27.11%
||
7 Day CHG~0.00%
Published-16 May, 2022 | 14:30
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF

The Social Stickers WordPress plugin through 2.2.9 does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues.

Action-Not Available
Vendor-pluginmirrorUnknown
Product-social_stickersSocial Stickers
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1573
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:56
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTML2WP <= 1.0.0 - Arbitrary Settings Update via CSRF

The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them

Action-Not Available
Vendor-html2wp_projectUnknown
Product-html2wpHTML2WP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1913
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:58
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF

The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping

Action-Not Available
Vendor-add_post_url_projectUnknown
Product-add_post_urlAdd Post URL
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1709
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-06 Jun, 2022 | 08:51
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Throws SPAM Away < 3.3.1 - Comment Deletion via CSRF

The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attack

Action-Not Available
Vendor-gtiUnknown
Product-throws_spam_awayThrows SPAM Away
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1653
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:57
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF

The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks.

Action-Not Available
Vendor-supsysticUnknown
Product-social_share_buttonsSocial Share Buttons by Supsystic
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1624
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 12:42
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via CSRF

The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-latest_tweets_widget_projectUnknown
Product-latest_tweets_widgetLatest Tweets Widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1627
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:57
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
My Private Site < 3.0.8 - Arbitrary Settings Update via CSRF

The My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-zatzlabsUnknown
Product-my_private_siteMy Private Site
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1842
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:57
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenBook Book Data <= 3.5.2 - Arbitrary Settings Update to Stored XSS via CSRF

The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well

Action-Not Available
Vendor-openbook_book_data_projectUnknown
Product-openbook_book_dataOpenBook Book Data
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1826
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 10:26
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Linker <= 3.0.1.9 - Arbitrary Cross-Link Creation via CSRF

The Cross-Linker WordPress plugin through 3.0.1.9 does not have CSRF check in place when creating Cross-Links, which could allow attackers to make a logged in admin perform such action via a CSRF attack

Action-Not Available
Vendor-cross-linker_projectUnknown
Product-cross-linkerCross-Linker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-35347
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.21%
||
7 Day CHG~0.00%
Published-26 Dec, 2020 | 03:05
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add.

Action-Not Available
Vendor-cxuun/a
Product-cxuucmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1610
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 10:25
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Seamless Donations < 5.1.9 - Arbitrary Settings Update via CSRF

The Seamless Donations WordPress plugin before 5.1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-seamless_donations_projectUnknown
Product-seamless_donationsSeamless Donations: A Platform for Global Fundraising and Rebuilding using Stripe and PayPal
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1599
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.27%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 12:56
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Admin Management Xtended < 2.4.5 - Post Visibility/Date/Comment Status Update via CSRF

The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.

Action-Not Available
Vendor-admin_management_xtended_projectUnknown
Product-admin_management_xtendedAdmin Management Xtended
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1845
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:57
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Post Styling < 1.3.1 - Multiple CSRF

The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks

Action-Not Available
Vendor-wp_post_styling_projectUnknown
Product-wp_post_stylingWP Post Styling
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0638
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.02%
||
7 Day CHG~0.00%
Published-17 Feb, 2022 | 16:30
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in microweber/microweber

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

Action-Not Available
Vendor-Microweber (‘Microweber Academy’ Foundation)
Product-microwebermicroweber/microweber
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0515
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.21%
||
7 Day CHG~0.00%
Published-21 Mar, 2022 | 18:50
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in crater-invoice/crater

Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.

Action-Not Available
Vendor-craterappcrater-invoice
Product-cratercrater-invoice/crater
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-35972
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.82%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 20:55
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html.

Action-Not Available
Vendor-yzmcmsn/a
Product-yzmcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0833
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.67%
||
7 Day CHG~0.00%
Published-28 Mar, 2022 | 17:23
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Church Admin < 3.4.135 - Unauthenticated Plugin's Backup Disclosure

The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin's DB data

Action-Not Available
Vendor-church_admin_projectUnknown
Product-church_adminChurch Admin
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0875
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:55
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
miniOrange Google Authenticator < 1.0.5 - CSRF to Stored Cross-Site Scripting

The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks

Action-Not Available
Vendor-miniorangeUnknown
Product-google_authenticatorGoogle Authenticator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0444
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.79%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 08:55
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XCloner < 4.3.6 - Plugin Settings Reset

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key.

Action-Not Available
Vendor-watchfulUnknown
Product-xclonerBackup, Restore and Migrate WordPress Sites With the XCloner Plugin
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-35687
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.27%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 16:52
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.

Action-Not Available
Vendor-php-fusionn/a
Product-phpfusionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-35759
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.59%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 15:52
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely).

Action-Not Available
Vendor-bloofoxn/a
Product-bloofoxcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-35722
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.28%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 02:56
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-policy_authority_for_unified_communicationsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 13
  • 14
  • Next
Details not found