Export limit exceeded: 46645 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10197 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10197 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8044 | 2 Rubayathasan, Wordpress Plugin | 2 Infolinks Ad Wrap, Infolinks Ad Wrap | 2024-09-30 | 5.7 Medium |
| The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-7863 | 1 Pixeljar | 1 Favicon Generator | 2024-09-27 | 8.1 High |
| The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server | ||||
| CVE-2024-7864 | 1 Pixeljar | 1 Favicon Generator | 2024-09-27 | 6.5 Medium |
| The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitrary files on the server | ||||
| CVE-2024-7817 | 2 Michalaugustyniak, Misiek Photo Album | 2 Misiek Photo Album, Misiek Photo Album | 2024-09-27 | 6.5 Medium |
| The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack | ||||
| CVE-2024-8043 | 2 Seanschulte, Wordpress Plugin | 2 Vikinghammer Tweet, Vikinghammer Tweet | 2024-09-27 | 5.7 Medium |
| The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-8051 | 2 Moc, Wordpress Plugin | 2 Special Feed Items, Special Feed Items | 2024-09-27 | 5.7 Medium |
| The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-8091 | 2 Jakesnyder, Jupitercow | 2 Enhanced Search Box, Enhanced Search Box | 2024-09-27 | 4.8 Medium |
| The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-8092 | 2 Alaingg, Alaingonzalez | 2 Accordion Image Menu, Accordion Image Menu | 2024-09-27 | 5.4 Medium |
| The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-8093 | 2 Lucas Garcia, Lucasgarcia | 2 Posts Reminder, Posts Reminder | 2024-09-27 | 4.8 Medium |
| The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-7820 | 2 Elliot, Ilc Thickbox | 2 Ilc Thickbox, Ilc Thickbox | 2024-09-27 | 4.3 Medium |
| The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-8052 | 2 Joen, Moc | 2 Review Ratings, Review Ratings | 2024-09-27 | 4.8 Medium |
| The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-7816 | 2 Adeelraza, Gixaw Chat | 2 Gixaw Chat, Gixaw Chat | 2024-09-26 | 6.1 Medium |
| The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-47089 | 1 Apexsoftcell | 2 Ld Dp Back Office, Ld Geo | 2024-09-26 | 6.5 Medium |
| This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users. | ||||
| CVE-2024-8891 | 1 Circutor | 3 Circutor Q Smt, Q-smt, Q-smt Firmware | 2024-09-26 | 5.3 Medium |
| An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4. | ||||
| CVE-2024-47085 | 1 Apexsoftcell | 2 Ld Dp Back Office, Ld Geo | 2024-09-26 | 6.5 Medium |
| This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters (cCdslClicentcode and cLdClientCode) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users. | ||||
| CVE-2024-47087 | 1 Apexsoftcell | 2 Ld Dp Back Office, Ld Geo | 2024-09-26 | 6.5 Medium |
| This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client ID, DPID or BOID) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users. | ||||
| CVE-2024-3163 | 2 Easy Property Listings, Realestateconnected | 2 Easy Property Listings, Easy Property Listings | 2024-09-26 | 4.3 Medium |
| The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack | ||||
| CVE-2024-46086 | 1 Frogcms Project | 1 Frogcms | 2024-09-25 | 8.8 High |
| FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/delete/123 | ||||
| CVE-2024-46394 | 1 Frogcms Project | 1 Frogcms | 2024-09-25 | 8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add | ||||
| CVE-2024-45591 | 1 Xwiki | 2 Xwiki, Xwiki-platform | 2024-09-20 | 5.3 Medium |
| XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username and displayed name) and the version comment. This information is exposed regardless of the rights setup, and even when the wiki is configured to be fully private. On a private wiki, this can be tested by accessing /xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history, if this shows the history of the main page then the installation is vulnerable. This has been patched in XWiki 15.10.9 and XWiki 16.3.0RC1. | ||||