Total
9142 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45128 | 1 Gofiber | 1 Fiber | 2024-11-21 | 10 Critical |
| Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform various malicious actions on behalf of an authenticated user, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This issue has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes as defense in depth measures. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-45106 | 1 Urvanov | 1 Urvanov Syntax Highlighter | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin <= 2.8.33 versions. | ||||
| CVE-2023-45103 | 1 Yasglobalizer | 1 Permalinks Customizer | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions. | ||||
| CVE-2023-45102 | 1 Otwthemes | 1 Blog Manager Light | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Blog Manager Light plugin <= 1.20 versions. | ||||
| CVE-2023-45047 | 1 Leadsquared | 1 Leadsquared Suite | 2024-11-21 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in LeadSquared, Inc LeadSquared Suite plugin <= 0.7.4 versions. | ||||
| CVE-2023-44997 | 1 Nitinrathod | 1 Wp Forms Puzzle Captcha | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin <= 4.1 versions. | ||||
| CVE-2023-44996 | 1 Nareshparmar827 | 1 Post View Count | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Naresh Parmar Post View Count plugin <= 1.8.2 versions. | ||||
| CVE-2023-44995 | 1 Wpdoctor | 1 Woocommerce Login Redirect | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect plugin <= 2.2.4 versions. | ||||
| CVE-2023-44994 | 1 Bainternet | 1 Shortcodes Ui | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions. | ||||
| CVE-2023-44811 | 1 Moosocial | 1 Moosocial | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function. | ||||
| CVE-2023-44476 | 1 Wp-copyrightpro | 1 Wp-copyrightpro | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. CopyRightPro plugin <= 2.1 versions. | ||||
| CVE-2023-44473 | 1 Dublue | 1 Table Of Contents Plus | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus plugin <= 2302 versions. | ||||
| CVE-2023-44471 | 1 Kau-boys | 1 Backend Localization | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backend Localization plugin <= 2.1.10 versions. | ||||
| CVE-2023-44470 | 1 Kvvaradha | 1 Kv Tinymce Editor Add Fonts | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin <= 1.1 versions. | ||||
| CVE-2023-44385 | 1 Home-assistant | 1 Home Assistant Companion | 2024-11-21 | 8.6 High |
| The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this security advisory, may result in full compromise and remote code execution (RCE). Version 2023.7 addresses this issue and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-161. | ||||
| CVE-2023-44261 | 1 Dineshkarki | 1 Block Plugin Update | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <= 3.3 versions. | ||||
| CVE-2023-44260 | 1 Rebing | 1 Woocommerce Esto | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Mikk Mihkel Nurges, Rebing OÜ Woocommerce ESTO plugin <= 2.23.1 versions. | ||||
| CVE-2023-44259 | 1 Mediavine | 1 Mediavine Control Panel | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Mediavine Control Panel plugin <= 2.10.2 versions. | ||||
| CVE-2023-44257 | 1 Mangboard | 1 Mang Board | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Hometory Mang Board WP plugin <= 1.7.6 versions. | ||||
| CVE-2023-44246 | 1 Matiass | 1 Shockingly Simple Favicon | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Matias s Shockingly Simple Favicon plugin <= 1.8.2 versions. | ||||