Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-02 | CVE-2023-28671 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Octoperf Load Testing A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 4.3 |
| 2023-04-02 | CVE-2023-28674 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Octoperf Load Testing A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. | 8.8 |
| 2023-04-02 | CVE-2023-28676 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Convert to Pipeline 1.0 A cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution (RCE). | 8.8 |
| 2023-04-02 | CVE-2022-42447 | Cross-Site Request Forgery (CSRF) vulnerability in Hcltech HCL Compass HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). | 8.8 |
| 2023-03-29 | CVE-2022-38077 | Cross-Site Request Forgery (CSRF) vulnerability in Essentialplugin Popup Anything Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions. | 8.8 |
| 2023-03-28 | CVE-2023-28718 | Cross-Site Request Forgery (CSRF) vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. | 8.0 |
| 2023-03-27 | CVE-2023-0498 | Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes WP Education The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 4.3 |
| 2023-03-27 | CVE-2023-1089 | Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes Coupon ZEN The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 4.3 |
| 2023-03-23 | CVE-2023-28335 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle 4.1.0/4.1.1 The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. | 8.8 |
| 2023-03-23 | CVE-2023-20113 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Sd-Wan A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 8.1 |