Total
8298 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28173 | 1 Digitalinspiration | 1 Google Xml Sitemap For Images | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Images plugin <= 2.1.3 versions. | |||||
| CVE-2023-28167 | 1 Vsourz | 1 Cf7 Invisible Recaptcha | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital CF7 Invisible reCAPTCHA plugin <= 1.3.3 versions. | |||||
| CVE-2023-28023 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | N/A | 4.9 MEDIUM |
| A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). | |||||
| CVE-2023-27634 | 1 Intrepidity Project | 1 Intrepidity | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions. | |||||
| CVE-2023-27633 | 1 Pixelgrade | 1 Customify | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin <= 2.10.4 versions. | |||||
| CVE-2023-27632 | 1 Mmrs151 | 1 Daily Prayer Time | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.03.08 versions. | |||||
| CVE-2023-27623 | 1 Jenst | 1 Wp Page Numbers | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Jens Törnell WP Page Numbers plugin <= 0.5 versions. | |||||
| CVE-2023-27615 | 1 Dipakgajjar | 1 Wp Super Minify | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP Super Minify plugin <= 1.5.1 versions. | |||||
| CVE-2023-27611 | 1 Jeanbaptisteaudras | 1 Reusable Blocks Extended | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in audrasjb Reusable Blocks Extended plugin <= 0.9 versions. | |||||
| CVE-2023-27606 | 1 Wp Reroute Email Project | 1 Wp Reroute Email | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP Reroute Email plugin <= 1.4.6 versions. | |||||
| CVE-2023-27495 | 1 Fastify | 1 Csrf-protection | 2024-11-21 | N/A | 5.3 MEDIUM |
| @fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions. @fastify/csrf-protection supports an optional userInfo parameter that binds the CSRF token to the user. This parameter has been introduced to prevent cookie-tossing attacks as a fix for CVE-2021-29624. Whenever userInfo parameter is missing, or its value can be predicted for the target user account, network and same-site attackers can 1. fixate a _csrf cookie in the victim's browser, and 2. forge CSRF tokens that are valid for the victim's session. This allows attackers to bypass the CSRF protection mechanism. As a fix, @fastify/csrf-protection starting from version 6.3.0 (and v4.1.0) includes a server-defined secret hmacKey that cryptographically binds the CSRF token to the value of the _csrf cookie and the userInfo parameter, making tokens non-spoofable by attackers. This protection is effective as long as the userInfo parameter is unique for each user. This is patched in versions 6.3.0 and v4.1.0. Users are advised to upgrade. Users unable to upgrade may use a random, non-predictable userInfo parameter for each user as a mitigation. | |||||
| CVE-2023-27490 | 1 Nextauth.js | 1 Next-auth | 2024-11-21 | N/A | 8.1 HIGH |
| NextAuth.js is an open source authentication solution for Next.js applications. `next-auth` applications using OAuth provider versions before `v4.20.1` have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to **log in as the victim**, bypassing the CSRF protection. This is due to a partial failure during a compromised OAuth session where a session code is erroneously generated. This issue has been addressed in version 4.20.1. Users are advised to upgrade. Users unable to upgrade may using Advanced Initialization, manually check the callback request for state, pkce, and nonce against the provider configuration to prevent this issue. See the linked GHSA for details. | |||||
| CVE-2023-27461 | 1 Yoohooplugins | 1 When Last Login | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <= 1.2.1 versions. | |||||
| CVE-2023-27458 | 1 Wpstream | 1 Wpstream | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream plugin <= 4.4.10 versions. | |||||
| CVE-2023-27457 | 1 Passionatebrains | 1 Add Expires Headers \& Optimized Minify | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains Add Expires Headers & Optimized Minify plugin <= 2.7 versions. | |||||
| CVE-2023-27453 | 1 Lws | 1 Lws Tools | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.3.1 versions. | |||||
| CVE-2023-27448 | 1 Makestories | 1 Makestories \(for Google Web Stories\) | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <= 2.8.0 versions. | |||||
| CVE-2023-27446 | 1 Fluenx | 1 Deepl Pro Api Translation | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.1.4 versions. | |||||
| CVE-2023-27445 | 1 Meril | 1 Blog Floating Button | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc. Blog Floating Button plugin <= 1.4.12 versions. | |||||
| CVE-2023-27444 | 1 Perfops | 1 Decalog | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin <= 3.7.0 versions. | |||||