Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2023-05-23 CVE-2023-33359 Cross-Site Request Forgery (CSRF) vulnerability in Piwigo 13.6.0
Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function.
network
low complexity
piwigo CWE-352
4.3
4.3
2023-05-23 CVE-2023-25481 Cross-Site Request Forgery (CSRF) vulnerability in Podlove Subscribe Button
Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions.
network
low complexity
podlove CWE-352
8.8
8.8
2023-05-23 CVE-2023-27387 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP.
network
low complexity
tandd especmic CWE-352
8.8
8.8
2023-05-23 CVE-2023-31708 Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.6.2
A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function.
network
low complexity
eyoucms CWE-352
4.3
4.3
2023-05-22 CVE-2022-45076 Cross-Site Request Forgery (CSRF) vulnerability in Webmat Flexible Elementor Panel
Cross-Site Request Forgery (CSRF) vulnerability in WebMat Flexible Elementor Panel plugin <= 2.3.8 versions.
network
low complexity
webmat CWE-352
8.8
8.8
2023-05-22 CVE-2022-47183 Cross-Site Request Forgery (CSRF) vulnerability in Stylist Project Stylist 0.2.6
Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <= 0.2.6 versions.
network
low complexity
stylist-project CWE-352
8.8
8.8
2023-05-20 CVE-2023-2717 Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8.
network
low complexity
groundhogg CWE-352
4.3
4.3
2023-05-20 CVE-2023-2736 Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8.
network
low complexity
groundhogg CWE-352
8.0
8.0
2023-05-17 CVE-2023-2608 Cross-Site Request Forgery (CSRF) vulnerability in Themeisle multiple Page Generator
The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projects_list function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
themeisle CWE-352
4.3
4.3
2023-05-17 CVE-2023-2528 Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form
The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24.
network
low complexity
supsystic CWE-352
8.8
8.8