Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-03 | CVE-2022-40131 | Cross-Site Request Forgery (CSRF) vulnerability in A3Rev Page View Count Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings. | 4.3 |
| 2022-11-03 | CVE-2022-44627 | Cross-Site Request Forgery (CSRF) vulnerability in Coleds Simple SEO Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemaps. | 5.4 |
| 2022-11-03 | CVE-2022-42751 | Cross-Site Request Forgery (CSRF) vulnerability in Auieo Candidats 3.0.0 CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. | 8.8 |
| 2022-10-31 | CVE-2022-40291 | Cross-Site Request Forgery (CSRF) vulnerability in PHPpointofsale PHP Point of Sale 19.0 The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts. | 8.8 |
| 2022-10-31 | CVE-2022-40488 | Cross-Site Request Forgery (CSRF) vulnerability in Processwire 3.0.200 ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF). | 6.5 |
| 2022-10-27 | CVE-2022-43340 | Cross-Site Request Forgery (CSRF) vulnerability in Dzzoffice 2.02.1 A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users. | 8.8 |
| 2022-10-27 | CVE-2022-41996 | Cross-Site Request Forgery (CSRF) vulnerability in Theme-Fusion Avada Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation. | 8.8 |
| 2022-10-20 | CVE-2022-42199 | Cross-Site Request Forgery (CSRF) vulnerability in Simple Exam Reviewer Management System Project Simple Exam Reviewer Management System 1.0 Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List. | 8.8 |
| 2022-10-19 | CVE-2022-43407 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Pipeline: Input Step Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from 'input' step IDs that would bypass the CSRF protection of any target URL in Jenkins when the 'input' step is interacted with. | 8.8 |
| 2022-10-19 | CVE-2022-43408 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Pipeline:Stage View Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins. | 6.5 |