Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-17 | CVE-2023-2608 | Cross-Site Request Forgery (CSRF) vulnerability in Themeisle multiple Page Generator The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projects_list function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 4.3 |
| 2023-05-17 | CVE-2023-2528 | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. | 8.8 |
| 2023-05-16 | CVE-2023-2195 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Code DX A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL. | 3.5 |
| 2023-05-16 | CVE-2023-2631 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Code DX A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | 4.3 |
| 2023-05-16 | CVE-2023-32991 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Saml Single Sign on A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML. | 8.8 |
| 2023-05-16 | CVE-2023-32995 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Saml Single Sign on A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails. | 8.8 |
| 2023-05-16 | CVE-2023-32998 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Appspider A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. | 8.8 |
| 2023-05-16 | CVE-2023-33003 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins TAG Profiler A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics. | 4.3 |
| 2023-05-16 | CVE-2023-33006 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Wso2 Oauth A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account. | 5.4 |
| 2023-05-16 | CVE-2023-32978 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Lightweight Directory Access Protocol A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. | 4.3 |