Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-42447

Summary
Assigner-HCL
Assigner Org ID-1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At-27 Mar, 2023 | 22:22
Updated At-19 Feb, 2025 | 15:48
Rejected At-
Credits

Cross-origin resource sharing vulnerability affects HCL Compass

HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:HCL
Assigner Org ID:1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At:27 Mar, 2023 | 22:22
Updated At:19 Feb, 2025 | 15:48
Rejected At:
▼CVE Numbering Authority (CNA)
Cross-origin resource sharing vulnerability affects HCL Compass

HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.

Affected Products
Vendor
HCL Technologies Ltd.HCL Software
Product
HCL Compass2.0
Default Status
unaffected
Versions
Affected
  • 2.0, 2.1, 2.2
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.19.6CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0103581
N/A
Hyperlink: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0103581
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0103581
x_transferred
Hyperlink: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0103581
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@hcl.com
Published At:02 Apr, 2023 | 21:15
Updated At:19 Feb, 2025 | 16:15

HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.6CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
HCL Technologies Ltd.
hcltech
>>hcl_compass>>Versions from 2.0.0(inclusive) to 2.0.3(inclusive)
cpe:2.3:a:hcltech:hcl_compass:*:*:*:*:*:*:*:*
HCL Technologies Ltd.
hcltech
>>hcl_compass>>Versions from 2.1.0(inclusive) to 2.2.1(exclusive)
cpe:2.3:a:hcltech:hcl_compass:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE-352Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-352
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0103581psirt@hcl.com
Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0103581af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0103581
Source: psirt@hcl.com
Resource:
Vendor Advisory
Hyperlink: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0103581
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2282Records found
CVE-2023-28335
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.07%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 00:00
Updated-02 Aug, 2024 | 12:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moodle: csrf risk in resetting all templates of a database activity

The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.

Action-Not Available
Vendor-Moodle Pty Ltd
Product-moodlemoodle
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-23585
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.44% / 62.38%
||
7 Day CHG~0.00%
Published-23 Nov, 2022 | 00:00
Updated-25 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgm_config_file.asp" because of which attacker can create a crafted "csrf form" which sends " malicious xml data" to "/boaform/admin/formMgmConfigUpload". the exploit allows attacker to "gain full privileges" and to "fully compromise of router & network".

Action-Not Available
Vendor-optilinknetworkn/a
Product-op-xt71000n_firmwareop-xt71000nn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28780
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.81%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 22:45
Updated-02 Aug, 2024 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through 14.8.

Action-Not Available
Vendor-yoastYoast
Product-yoast_local_seoYoast Local Premium
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28419
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.87%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 22:15
Updated-30 Aug, 2024 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Force First and Last Name as Display Name Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Stranger Studios Force First and Last Name as Display Name plugin <= 1.2 versions.

Action-Not Available
Vendor-strangerstudiosStranger Studios
Product-force_display_nameForce First and Last Name as Display Name
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28696
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.00%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 21:40
Updated-02 Aug, 2024 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress I Recommend This Plugin <= 3.9.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend This allows Cross Site Request Forgery.This issue affects I Recommend This: from n/a through 3.9.0.

Action-Not Available
Vendor-themeistHarish Chouhan, Themeist
Product-i_recommend_thisI Recommend This
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28676
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.49% / 64.63%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 11:26
Updated-25 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution (RCE).

Action-Not Available
Vendor-Jenkins
Product-convert_to_pipelineJenkins Convert To Pipeline Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-652
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
CVE-2010-3305
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.50% / 65.00%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 21:09
Updated-07 Aug, 2024 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.

Action-Not Available
Vendor-pixelpostpixelpost
Product-pixelpostpixelpost
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-35559
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.20%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 13:38
Updated-13 Feb, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=rev&nohrefStr=close.

Action-Not Available
Vendor-n/aidccms_project
Product-n/aidccms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28618
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 21:51
Updated-30 Aug, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Enhanced Plugin Admin Plugin <= 1.16 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin <= 1.16 versions.

Action-Not Available
Vendor-infolificMarios Alexandrou
Product-enhanced_plugin_adminEnhanced Plugin Admin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28930
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.00%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 21:32
Updated-03 Sep, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mobile Banner Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Robin Phillips Mobile Banner plugin <= 1.5 versions.

Action-Not Available
Vendor-robinphillipsRobin Phillips
Product-mobile_bannerMobile Banner
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28167
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 22:31
Updated-30 Aug, 2024 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CF7 Invisible reCAPTCHA Plugin <= 1.3.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital CF7 Invisible reCAPTCHA plugin <= 1.3.3 versions.

Action-Not Available
Vendor-vsourzVsourz Digital
Product-cf7_invisible_recaptchaCF7 Invisible reCAPTCHA
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34008
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-3.5||LOW
EPSS-0.40% / 59.68%
||
7 Day CHG~0.00%
Published-31 May, 2024 | 20:44
Updated-25 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
moodle: CSRF risk in analytics management of models

Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk.

Action-Not Available
Vendor-Moodle Pty Ltd
Product-moodle
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-23384
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.59%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 12:04
Updated-03 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add

Action-Not Available
Vendor-yzmcmsn/a
Product-yzmcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28498
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.00%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 21:57
Updated-30 Aug, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hotel Booking Lite Plugin <= 4.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in MotoPress Hotel Booking Lite plugin <= 4.6.0 versions.

Action-Not Available
Vendor-motopressMotoPress
Product-hotel_booking_liteHotel Booking Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-23342
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-9.21% / 92.39%
||
7 Day CHG~0.00%
Published-19 Jan, 2021 | 13:35
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.

Action-Not Available
Vendor-anchorcmsn/a
Product-anchor_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28747
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.46%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 13:06
Updated-29 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CBX Currency Converter Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Currency Converter plugin <= 3.0.3 versions.

Action-Not Available
Vendor-codeboxrcodeboxr
Product-cbx_currency_converterCBX Currency Converter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28674
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.18%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 11:26
Updated-25 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-octoperf_load_testingJenkins OctoPerf Load Testing Plugin Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-2830
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.37%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 11:22
Updated-23 Sep, 2024 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Testimonials Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions.

Action-Not Available
Vendor-trustindexTrustindex.io
Product-wp_testimonialsWP Testimonials
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-41602
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.03%
||
7 Day CHG+0.35%
Published-19 Jul, 2024 | 00:00
Updated-29 May, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL

Action-Not Available
Vendor-denkgrootn/adenkgroot
Product-spinan/aspina
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27461
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.66%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 13:51
Updated-02 Aug, 2024 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress When Last Login Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <= 1.2.1 versions.

Action-Not Available
Vendor-yoohoopluginsYoohoo Plugins
Product-when_last_loginWhen Last Login
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-22808
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.06% / 17.61%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 00:00
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)

Action-Not Available
Vendor-n/a
Product-hmibscea53d1edb_firmwarehmibscea53d1emlhmibscea53d1edbhmibscea53d1edmhmibscea53d1edm_firmwarehmibscea53d1esm_firmwarehmibscea53d1edlhmibscea53d1ess_firmwarehmibscea53d1eds_firmwarehmibscea53d1edl_firmwarehmibscea53d1eml_firmwarehmibscea53d1esshmibscea53d1esmhmibscea53d1edsEcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27611
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 22:35
Updated-30 Aug, 2024 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Reusable Blocks Extended Plugin <= 0.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in audrasjb Reusable Blocks Extended plugin <= 0.9 versions.

Action-Not Available
Vendor-jeanbaptisteaudrasaudrasjb
Product-reusable_blocks_extendedReusable Blocks Extended
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27441
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.36%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 23:26
Updated-30 Aug, 2024 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress New Adman Plugin <= 1.6.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions.

Action-Not Available
Vendor-new_adman_projectgl_SPICE
Product-new_admanNew Adman
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27606
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.12%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 10:28
Updated-07 Oct, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Reroute Email Plugin <= 1.4.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP Reroute Email plugin <= 1.4.6 versions.

Action-Not Available
Vendor-wp_reroute_email_projectSajjad Hossain
Product-wp_reroute_emailWP Reroute Email
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3476
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.30% / 53.13%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 06:00
Updated-08 May, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Side Menu Lite < 4.2.1 - Menu Deletion via CSRF

The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks

Action-Not Available
Vendor-wow-companyUnknownwow-company
Product-side_menu_liteSide Menu Lite side_menu_lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27436
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 23:09
Updated-30 Aug, 2024 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Elegant Custom Fonts Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Louis Reingold Elegant Custom Fonts plugin <= 1.0 versions.

Action-Not Available
Vendor-Louis ReingoldBreakdance
Product-elegant_custom_fontsElegant Custom Fonts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-40119
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.75% / 87.56%
||
7 Day CHG+2.83%
Published-17 Jul, 2024 | 00:00
Updated-02 Aug, 2024 | 04:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN v.1.0 Firmware V2.0.1 contains a Cross-Site Request Forgery (CSRF) vulnerability in the password change function, which allows remote attackers to change the admin password without the user's consent, leading to a potential account takeover.

Action-Not Available
Vendor-n/anepstech
Product-n/antpl-xpon1gfevn_firmware
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-39022
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.70%
||
7 Day CHG~0.00%
Published-05 Jul, 2024 | 00:00
Updated-15 Apr, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/infoSys_deal.php?mudi=deal

Action-Not Available
Vendor-idccmsn/aidccms_project
Product-idccmsn/aidccms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-26543
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.00%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 00:02
Updated-29 Aug, 2024 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Meteor Page Speed Optimization Topping Plugin <= 3.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Guidrevitch WP Meteor Website Speed Optimization Addon plugin <= 3.1.4 versions.

Action-Not Available
Vendor-FastPixel (Aleksandr Guidrevitch)
Product-wp_meteorWP Meteor Website Speed Optimization Addon
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27430
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 10:38
Updated-09 Jan, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mass Delete Unused Tags Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass Delete Unused Tags plugin <= 2.0.0 versions.

Action-Not Available
Vendor-mijnpressRamon Fincken
Product-mass_delete_unused_tagsMass Delete Unused Tags
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-22346
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 27.24%
||
7 Day CHG~0.00%
Published-14 Mar, 2022 | 17:00
Updated-16 Sep, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_operations_centerSpectrum Protect Operations Center
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27458
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.65%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 13:54
Updated-02 Aug, 2024 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WpStream – Live Streaming, Video on Demand, Pay Per View Plugin <= 4.4.10 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream plugin <= 4.4.10 versions.

Action-Not Available
Vendor-wpstreamwpstream
Product-wpstreamWpStream
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27634
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.66%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 13:19
Updated-21 Oct, 2024 | 11:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Intrepidity Theme <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions.

Action-Not Available
Vendor-intrepidity_projectShingo
Product-intrepidityIntrepidity
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27435
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 20.48%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 13:07
Updated-20 Sep, 2024 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HTTP Auth Plugin <= 0.3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin <= 0.3.2 versions.

Action-Not Available
Vendor-yasglobalSami Ahmed Siddiqui
Product-http_authHTTP Auth
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27417
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.00%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 22:57
Updated-02 Aug, 2024 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Affiliate Super Assistent Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Timo Reith Affiliate Super Assistent plugin <= 1.5.1 versions.

Action-Not Available
Vendor-ifeelwebTimo Reith
Product-affiliate_super_assistentAffiliate Super Assistent
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27434
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.00%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 23:14
Updated-02 Aug, 2024 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Classic Editor and Classic Widgets Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Classic Editor and Classic Widgets plugin <= 1.2.5 versions.

Action-Not Available
Vendor-wpgrimWPGrim
Product-classic_editor_and_classic_widgetsClassic Editor and Classic Widgets
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-39154
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.84%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 00:00
Updated-15 Apr, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN.

Action-Not Available
Vendor-idccmsn/aidccms_project
Product-idccmsn/aidccms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-23592
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.11%
||
7 Day CHG~0.00%
Published-23 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ' /mgm_dev_reset.asp.' Resetting to default leads to Escalation of Privileges by logging-in with default credentials.

Action-Not Available
Vendor-optilinknetworkn/a
Product-op-xt71000n_firmwareop-xt71000nn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27623
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 22:43
Updated-30 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Page Numbers Plugin <= 0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Jens Törnell WP Page Numbers plugin <= 0.5 versions.

Action-Not Available
Vendor-jenstJens Törnell
Product-wp_page_numbersWP Page Numbers
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-3406
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.89%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 06:00
Updated-15 May, 2025 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Prayer <= 2.0.9 - Email Settings Update via CSRF

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-goprayerUnknowngoprayer
Product-wp_prayerWP Prayerwp_prayer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27423
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 10:29
Updated-09 Jan, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Auto Prune Posts Plugin <= 1.8.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto Prune Posts plugin <= 1.8.0 versions.

Action-Not Available
Vendor-mijnpressRamon Fincken
Product-auto_prune_postsAuto Prune Posts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-22479
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-0.09% / 26.28%
||
7 Day CHG~0.00%
Published-10 Jun, 2022 | 16:00
Updated-16 Sep, 2024 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 225887.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_copy_data_managementlinux_kernelSpectrum Copy Data Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-2233
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.29% / 51.63%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 17:18
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabc_admin_slides_postback() function found in the ~/admin/admin.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site’s administrator into performing an action such as clicking on a link

Action-Not Available
Vendor-banner_cycler_projectjkriddle
Product-banner_cyclerBanner Cycler
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27418
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.00%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 22:53
Updated-30 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Side Menu Lite Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite – add sticky fixed buttons plugin <= 4.0 versions.

Action-Not Available
Vendor-wow-companyWow-Company
Product-side_menu_liteSide Menu Lite – add sticky fixed buttons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27438
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.00%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 23:19
Updated-30 Aug, 2024 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Translitera Plugin <= p1.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Evgen Yurchenko WP Translitera plugin <= p1.2.5 versions.

Action-Not Available
Vendor-yur4enkoEvgen Yurchenko
Product-wp_transliteraWP Translitera
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-2746
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-9.6||CRITICAL
EPSS-0.18% / 39.84%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 13:15
Updated-07 Nov, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation Enhanced HIM Vulnerable to Cross-Site Request Forgery Attack

The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-enhanced_himEnhanced HIM
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27424
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.12%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 12:17
Updated-07 Oct, 2024 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Inactive User Deleter Plugin <= 1.59 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <= 1.59 versions.

Action-Not Available
Vendor-inactive_user_deleter_projectKorol Yuriy aka Shra
Product-inactive_user_deleterInactive User Deleter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27444
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.88%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 13:16
Updated-20 Nov, 2024 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DecaLog Plugin <= 3.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin <= 3.7.0 versions.

Action-Not Available
Vendor-perfopsPierre Lannoy / PerfOps One
Product-decalogDecaLog
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27445
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 23:32
Updated-29 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blog Floating Button Plugin <= 1.4.12 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc. Blog Floating Button plugin <= 1.4.12 versions.

Action-Not Available
Vendor-merilMeril Inc.
Product-blog_floating_buttonBlog Floating Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27632
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 22:49
Updated-04 Oct, 2024 | 12:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Daily Prayer Time Plugin <= 2023.03.08 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.03.08 versions.

Action-Not Available
Vendor-mmrs151mmrs151
Product-daily_prayer_timeDaily Prayer Time
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 45
  • 46
  • Next
Details not found