Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-38759

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 Aug, 2023 | 00:00
Updated At-10 Oct, 2024 | 19:00
Rejected At-
Credits

Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 Aug, 2023 | 00:00
Updated At:10 Oct, 2024 | 19:00
Rejected At:
▼CVE Numbering Authority (CNA)

Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wger.de
N/A
https://github.com/0x72303074/CVE-Disclosures
N/A
Hyperlink: https://wger.de
Resource: N/A
Hyperlink: https://github.com/0x72303074/CVE-Disclosures
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wger.de
x_transferred
https://github.com/0x72303074/CVE-Disclosures
x_transferred
Hyperlink: https://wger.de
Resource:
x_transferred
Hyperlink: https://github.com/0x72303074/CVE-Disclosures
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 Aug, 2023 | 16:15
Updated At:11 Aug, 2023 | 16:06

Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
wger
wger
>>workout_manager>>2.2.0
cpe:2.3:a:wger:workout_manager:2.2.0:a3:*:*:*:android:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/0x72303074/CVE-Disclosurescve@mitre.org
Third Party Advisory
https://wger.decve@mitre.org
Product
Hyperlink: https://github.com/0x72303074/CVE-Disclosures
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://wger.de
Source: cve@mitre.org
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

2356Records found
CVE-2023-32501
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 22:18
Updated-04 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.6.1 versions.

Action-Not Available
Vendor-vikwpE4J s.r.l.vikwp
Product-vikbooking_hotel_booking_engine_\&_pmsVikBooking Hotel Booking Engine & PMSvikbooking_hotel_booking_engine_\&_pms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32745
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 20:38
Updated-03 Sep, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.1 versions.

Action-Not Available
Vendor-WooCommerce
Product-automatewooAutomateWoo
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32124
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 14:22
Updated-17 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Publish Confirm Message Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publish Confirm Message plugin <= 1.3.1 versions.

Action-Not Available
Vendor-arulprasadjArul Prasad J
Product-publish_confirm_messagePublish Confirm Message
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32579
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 21:18
Updated-04 Sep, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Forget About Shortcode Buttons Plugin <= 2.1.2 is vulnerable to Broken Access Control

Cross-Site Request Forgery (CSRF) vulnerability in Designs & Code Forget About Shortcode Buttons plugin <= 2.1.2 versions.

Action-Not Available
Vendor-designsandcodeDesigns & Code
Product-forget_about_shortcode_buttonsForget About Shortcode Buttons
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32589
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.17%
||
7 Day CHG~0.00%
Published-20 May, 2023 | 22:48
Updated-09 Jan, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dyslexiefont Free Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <= 1.0.0 versions.

Action-Not Available
Vendor-pingonlinePingOnline
Product-dyslexiefont_freeDyslexiefont Free
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32091
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.65%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 13:04
Updated-20 Sep, 2024 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress POEditor Plugin <= 0.9.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions.

Action-Not Available
Vendor-poeditorPOEditor
Product-poeditorPOEditor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32602
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 20:59
Updated-03 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CALL ME NOW Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in LOKALYZE CALL ME NOW plugin <= 3.0 versions.

Action-Not Available
Vendor-lokalyzeLOKALYZE
Product-call_me_nowCALL ME NOW
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32594
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 21:02
Updated-03 Sep, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hyphenator Plugin <= 5.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej Gryniuk Hyphenator plugin <= 5.1.5 versions.

Action-Not Available
Vendor-e2bBenedict B., Maciej Gryniuk
Product-hyphenatorHyphenator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32514
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.18%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 22:24
Updated-10 Jun, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Google Site Verification plugin using Meta Tag Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2.

Action-Not Available
Vendor-himanshuparasharHimanshu Parashar
Product-google_site_verification_plugin_using_meta_tagGoogle Site Verification plugin using Meta Tag
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32092
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 22:36
Updated-03 Sep, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Community by PeepSo Plugin <= 6.0.9.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.9.0 versions.

Action-Not Available
Vendor-peepsoPeepSo
Product-peepsoCommunity by PeepSo – Social Network, Membership, Registration, User Profiles
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32583
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 20.97%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 01:18
Updated-28 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP All Backup Plugin <= 2.4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Prashant Walke WP All Backup plugin <= 2.4.3 versions.

Action-Not Available
Vendor-walkeprashantPrashant Walke
Product-wp_all_backupWP All Backup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32500
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 22:22
Updated-04 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WoodMart Theme <= 7.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme <= 7.1.1 versions.

Action-Not Available
Vendor-XTemos Studio
Product-woodmartWoodMart - Multipurpose WooCommerce Themewoodmart
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32125
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 22:28
Updated-04 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi Rating Plugin <= 5.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.

Action-Not Available
Vendor-danielpowneyDaniel Powney
Product-multi_ratingMulti Rating
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32744
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 20:53
Updated-03 Sep, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Product Recommendations Plugin < 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin <= 2.3.0 versions.

Action-Not Available
Vendor-WooCommerce
Product-product_recommendationsProduct Recommendations
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32512
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 21:21
Updated-04 Sep, 2024 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShortPixel Adaptive Images Plugin <= 3.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin <= 3.7.1 versions.

Action-Not Available
Vendor-shortpixelShortPixel
Product-shortpixel_adaptive_imagesShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-30474
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.34%
||
7 Day CHG~0.00%
Published-16 Apr, 2023 | 07:50
Updated-10 Jan, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Noindex Nofollow Tool II Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Kilian Evang Ultimate Noindex Nofollow Tool II plugin <= 1.3 versions.

Action-Not Available
Vendor-ultimate_noindex_nofollow_tool_ii_projectKilian Evang
Product-ultimate_noindex_nofollow_tool_iiUltimate Noindex Nofollow Tool II
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-31088
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 22:53
Updated-03 Sep, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Floating Action Button Plugin <=1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Faraz Quazi Floating Action Button plugin <= 1.2.1 versions.

Action-Not Available
Vendor-floating_action_button_projectFaraz Quazi
Product-floating_action_buttonFloating Action Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-31093
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 22:49
Updated-03 Sep, 2024 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chronosly Events Calendar Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly Events Calendar plugin <= 2.6.2 versions.

Action-Not Available
Vendor-chronosly-events-calendar_projectChronosly
Product-chronosly-events-calendarChronosly Events Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-31077
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-10 Nov, 2023 | 13:36
Updated-03 Sep, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Export WP Page to Static HTML/CSS Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin <= 2.1.9 versions.

Action-Not Available
Vendor-myrecorpReCorp
Product-export_wp_page_to_static_html\/cssExport WP Page to Static HTML/CSS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-31089
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.40%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 22:38
Updated-02 Aug, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video XML Sitemap Generator Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video XML Sitemap Generator.This issue affects Video XML Sitemap Generator: from n/a through 1.0.0.

Action-Not Available
Vendor-webternsolutionsTradebooster
Product-video_xml_sitemap_generatorVideo XML Sitemap Generator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-30901
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.85%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 08:17
Updated-09 Dec, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.11), SICAM T (All versions < V3.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.

Action-Not Available
Vendor-Siemens AG
Product-q200q200_firmwareSICAM P850SICAM TSICAM P855
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-30525
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.10%
||
7 Day CHG~0.00%
Published-12 Apr, 2023 | 17:05
Updated-07 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication.

Action-Not Available
Vendor-Jenkins
Product-report_portalJenkins Report Portal Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-31086
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 22:57
Updated-03 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Giveaways Plugin <= 2.46.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin <= 2.46.0 versions.

Action-Not Available
Vendor-ibenicIgor Benic
Product-simple_giveawaysSimple Giveaways – Grow your business, email lists and traffic with contests
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-30607
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5||MEDIUM
EPSS-0.11% / 29.91%
||
7 Day CHG~0.00%
Published-05 Jul, 2023 | 17:42
Updated-24 Oct, 2024 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
icingaweb2-module-jira template and field configuration are susceptible to CSRF

icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is fixed in version 1.3.2. There are no known workarounds.

Action-Not Available
Vendor-icingaIcinga
Product-icinga_web_jira_integrationicingaweb2-module-jira
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-31061
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.77% / 73.32%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 00:00
Updated-04 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Repetier Server through 1.4.10 does not have CSRF protection.

Action-Not Available
Vendor-repetier-servern/a
Product-repetier-servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-31235
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 22:40
Updated-03 Sep, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Participants Database Plugin <= 2.4.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.9 versions.

Action-Not Available
Vendor-xnauRoland Barker, xnau webdesign
Product-participants_databaseParticipants Database
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-19517
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.19%
||
7 Day CHG~0.00%
Published-05 May, 2020 | 17:03
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process.

Action-Not Available
Vendor-intelbrasn/a
Product-action_rf_1200_firmwareaction_rf_1200n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-31452
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.13% / 78.13%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 00:00
Updated-10 Oct, 2024 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Action-Not Available
Vendor-paesslern/a
Product-prtg_network_monitorn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-30484
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.17%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 09:32
Updated-08 Jan, 2025 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Enable Accessibility Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Accessibility plugin <= 1.4 versions.

Action-Not Available
Vendor-upressuPress
Product-enable_accessibilityEnable Accessibility
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-31075
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.60%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 22:41
Updated-02 Aug, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Hide Login Plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Login.This issue affects Easy Hide Login: from n/a through 1.0.8.

Action-Not Available
Vendor-ciphercoinArshid
Product-easy_hide_loginEasy Hide Login
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-3052
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.17% / 38.45%
||
7 Day CHG+0.03%
Published-02 Jun, 2023 | 23:37
Updated-20 Dec, 2024 | 23:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_add_post', 'azh_duplicate_post', 'azh_update_post' and 'azh_remove_post' functions. This makes it possible for unauthenticated attackers to create, modify, and delete a post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-azexoazexo
Product-page_builder_with_image_map_by_azexoPage Builder with Image Map by AZEXO
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-31078
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-10 Nov, 2023 | 13:32
Updated-03 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP BrowserUpdate Plugin <= 4.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <= 4.4.1 versions.

Action-Not Available
Vendor-browserupdateMarco Steinbrecher
Product-wp_browserupdateWP BrowserUpdate
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-31216
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.26%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 13:50
Updated-30 Sep, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Member Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.

Action-Not Available
Vendor-Ultimate Member Group Ltd
Product-ultimate_memberUltimate Member
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-30478
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-10 Nov, 2023 | 13:42
Updated-03 Sep, 2024 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Newsletters Plugin <= 4.8.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions.

Action-Not Available
Vendor-tribulantTribulant
Product-newslettersNewsletters
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-29003
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.49% / 65.40%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 21:20
Updated-10 Feb, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SvelteKit has Insufficient Cross-Site Request Forgery Protection

SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. While the implementation does a sufficient job in mitigating common CSRF attacks, prior to version 1.15.1, the protection can be bypassed by simply specifying a different `Content-Type` header value. If abused, this issue will allow malicious requests to be submitted from third-party domains, which can allow execution of operations within the context of the victim's session, and in extreme scenarios can lead to unauthorized access to users’ accounts. SvelteKit 1.15.1 updates the `is_form_content_type` function call in the CSRF protection logic to include `text/plain`. As additional hardening of the CSRF protection mechanism against potential method overrides, SvelteKit 1.15.1 is now performing validation on `PUT`, `PATCH` and `DELETE` methods as well. This latter hardening is only needed to protect users who have put in some sort of `?_method= override` feature themselves in their `handle` hook, so that the request that resolve sees could be `PUT`/`PATCH`/`DELETE` when the browser issues a `POST` request.

Action-Not Available
Vendor-sveltesveltejs
Product-sveltekitkit
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28989
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 12:51
Updated-07 Oct, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Happy Addons for Elementor Plugin <= 3.8.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons for Elementor plugin <= 3.8.2 versions.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-happy_addons_for_elementorHappy Addons for Elementor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-29235
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.65%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 13:05
Updated-19 Sep, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Maintenance Switch Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions.

Action-Not Available
Vendor-fuguFugu
Product-maintenance_switchMaintenance Switch
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-24395
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.21%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 10:40
Updated-18 Oct, 2024 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form 7 Redirect & Thank You Page Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 Redirect & Thank You Page plugin <= 1.0.3 versions.

Action-Not Available
Vendor-wppluginScott Paterson
Product-contact_form_7_redirect_\&_thank_you_pageContact Form 7 Redirect & Thank You Page
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-29238
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 21:21
Updated-03 Sep, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Whydonate – FREE Donate button Plugin <= 3.12.15 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Whydonate Whydonate – FREE Donate button – Crowdfunding – Fundraising plugin <= 3.12.15 versions.

Action-Not Available
Vendor-whydonateWhydonate
Product-wp_whydonateWhydonate – FREE Donate button – Crowdfunding – Fundraising
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-29425
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.65%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 21:16
Updated-03 Sep, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.23 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions.

Action-Not Available
Vendor-plainwareplainware.com
Product-shiftcontrollerShiftController Employee Shift Scheduling
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-29440
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-10 Nov, 2023 | 13:46
Updated-03 Sep, 2024 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Job Board Plugin <= 2.10.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board plugin <= 2.10.3 versions.

Action-Not Available
Vendor-presstigersPressTigers
Product-simple_job_boardSimple Job Board
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-29008
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.74%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 16:36
Updated-10 Feb, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SvelteKit framework has Insufficient CSRF protection for CORS requests

The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. The protection is implemented at `kit/src/runtime/server/respond.js`. While the implementation does a sufficient job of mitigating common CSRF attacks, the protection can be bypassed in versions prior to 1.15.2 by simply specifying an upper-cased `Content-Type` header value. The browser will not send uppercase characters, but this check does not block all expected CORS requests. If abused, this issue will allow malicious requests to be submitted from third-party domains, which can allow execution of operations within the context of the victim's session, and in extreme scenarios can lead to unauthorized access to users’ accounts. This may lead to all POST operations requiring authentication being allowed in the following cases: If the target site sets `SameSite=None` on its auth cookie and the user visits a malicious site in a Chromium-based browser; if the target site doesn't set the `SameSite` attribute explicitly and the user visits a malicious site with Firefox/Safari with tracking protections turned off; and/or if the user is visiting a malicious site with a very outdated browser. SvelteKit 1.15.2 contains a patch for this issue. It is also recommended to explicitly set `SameSite` to a value other than `None` on authentication cookies especially if the upgrade cannot be done in a timely manner.

Action-Not Available
Vendor-sveltesveltejs
Product-sveltekitkit
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-29815
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.86%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 00:00
Updated-30 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF).

Action-Not Available
Vendor-chshcmsn/a
Product-mccmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28696
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 21:40
Updated-02 Aug, 2024 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress I Recommend This Plugin <= 3.9.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend This allows Cross Site Request Forgery.This issue affects I Recommend This: from n/a through 3.9.0.

Action-Not Available
Vendor-themeistHarish Chouhan, Themeist
Product-i_recommend_thisI Recommend This
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28791
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 13:01
Updated-19 Sep, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Org Chart Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.

Action-Not Available
Vendor-webtechforceGangesh Matta
Product-simple_org_chartSimple Org Chart
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-2830
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.86%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 11:22
Updated-23 Sep, 2024 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Testimonials Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions.

Action-Not Available
Vendor-trustindexTrustindex.io
Product-wp_testimonialsWP Testimonials
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28674
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.09% / 24.89%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 11:26
Updated-25 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-octoperf_load_testingJenkins OctoPerf Load Testing Plugin Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28497
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.65%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 22:01
Updated-02 Aug, 2024 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions.

Action-Not Available
Vendor-tribulantTribulant
Product-slideshow_gallerySlideshow Gallery LITE
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28498
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-12 Nov, 2023 | 21:57
Updated-30 Aug, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hotel Booking Lite Plugin <= 4.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in MotoPress Hotel Booking Lite plugin <= 4.6.0 versions.

Action-Not Available
Vendor-motopressMotoPress
Product-hotel_booking_liteHotel Booking Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27634
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.78%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 13:19
Updated-21 Oct, 2024 | 11:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Intrepidity Theme <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions.

Action-Not Available
Vendor-intrepidity_projectShingo
Product-intrepidityIntrepidity
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 35
  • 36
  • 37
  • ...
  • 47
  • 48
  • Next
Details not found