Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 8298 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-37974 1 Wp Social Autoconnect Project 1 Wp Social Autoconnect 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Social AutoConnect plugin <= 4.6.1 versions.
CVE-2023-37973 1 Replace Word Project 1 Replace Word 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in David Pokorny Replace Word plugin <= 2.1 versions.
CVE-2023-37968 1 Faboba 1 Falang 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <= 1.3.39 versions.
CVE-2023-37964 1 Jenkins 1 Elasticbox Ci 2024-11-21 N/A 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2023-37962 1 Jenkins 1 Benchmark Evaluator 2024-11-21 N/A 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.
CVE-2023-37961 1 Jenkins 1 Assembla 2024-11-21 N/A 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account.
CVE-2023-37958 1 Jenkins 1 Sumologic Publisher 2024-11-21 N/A 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2023-37957 1 Jenkins 1 Pipeline Restful Api 2024-11-21 N/A 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token.
CVE-2023-37955 1 Jenkins 1 Test Results Aggregator 2024-11-21 N/A 6.5 MEDIUM
A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2023-37954 1 Jenkins 1 Rebuilder 2024-11-21 N/A 4.3 MEDIUM
A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build.
CVE-2023-37952 1 Jenkins 1 Mabl 2024-11-21 N/A 6.5 MEDIUM
A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2023-37892 1 Pluginpress 1 Shortcode Imdb 2024-11-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB plugin <= 6.0.8 versions.
CVE-2023-37891 1 Optimonk 1 Optimonk\ 2024-11-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <= 2.0.4 versions.
CVE-2023-37889 1 Wpadmin 1 Aws Cdn 2024-11-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in WPAdmin WPAdmin AWS CDN plugin <= 2.0.13 versions.
CVE-2023-37650 1 Agentejo 1 Cockpit 2024-11-21 N/A 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands.
CVE-2023-37598 1 Issabel 1 Pbx 2024-11-21 N/A 4.5 MEDIUM
A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function.
CVE-2023-37597 1 Issabel 1 Pbx 2024-11-21 N/A 8.1 HIGH
Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function.
CVE-2023-37596 1 Issabel 1 Pbx 2024-11-21 N/A 8.1 HIGH
Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function.
CVE-2023-37562 1 Elecom 4 Wtc-c1167gc-b, Wtc-c1167gc-b Firmware, Wtc-c1167gc-w and 1 more 2024-11-21 N/A 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a user views a malicious page while logged in, unintended operations may be performed.
CVE-2023-37392 1 Wp Dummy Content Generator Project 1 Wp Dummy Content Generator 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Deepak Anand WP Dummy Content Generator plugin <= 2.3.0 versions.