Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-04 | CVE-2023-29003 | Cross-Site Request Forgery (CSRF) vulnerability in Svelte Sveltekit 1.15.0 SvelteKit is a web development framework. | 8.8 |
| 2023-04-04 | CVE-2020-19278 | Cross-Site Request Forgery (CSRF) vulnerability in Mm-Wiki Project Mm-Wiki 0.1.2 Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter. | 8.8 |
| 2023-04-02 | CVE-2023-28671 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Octoperf Load Testing A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 4.3 |
| 2023-04-02 | CVE-2023-28674 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Octoperf Load Testing A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. | 8.8 |
| 2023-04-02 | CVE-2023-28676 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Convert to Pipeline 1.0 A cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution (RCE). | 8.8 |
| 2023-04-02 | CVE-2022-42447 | Cross-Site Request Forgery (CSRF) vulnerability in Hcltech HCL Compass HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). | 8.8 |
| 2023-03-29 | CVE-2022-38077 | Cross-Site Request Forgery (CSRF) vulnerability in Essentialplugin Popup Anything Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions. | 8.8 |
| 2023-03-28 | CVE-2023-28718 | Cross-Site Request Forgery (CSRF) vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. | 8.0 |
| 2023-03-27 | CVE-2023-0498 | Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes WP Education The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 4.3 |
| 2023-03-27 | CVE-2023-1089 | Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes Coupon ZEN The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 4.3 |