Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-25 CVE-2022-46865 Cross-Site Request Forgery (CSRF) vulnerability in Bulk Resize Media Project Bulk Resize Media
Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Bulk Resize Media plugin <= 1.1 versions.
network
low complexity
bulk-resize-media-project CWE-352
8.8
2023-05-25 CVE-2022-46866 Cross-Site Request Forgery (CSRF) vulnerability in Import External Images Project Import External Images
Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Import External Images plugin <= 1.4 versions.
network
low complexity
import-external-images-project CWE-352
8.8
2023-05-25 CVE-2022-47135 Cross-Site Request Forgery (CSRF) vulnerability in Chronoengine Chronoforms
Cross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Chronoforms plugin <= 7.0.9 versions.
network
low complexity
chronoengine CWE-352
8.8
2023-05-25 CVE-2022-47138 Cross-Site Request Forgery (CSRF) vulnerability in Login and Registration Attempts Limit Project Login and Registration Attempts Limit
Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin <= 2.1 versions.
8.8
2023-05-25 CVE-2022-47139 Cross-Site Request Forgery (CSRF) vulnerability in WP Basic Elements Project WP Basic Elements
Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Basic Elements plugin <= 5.2.15 versions.
network
low complexity
wp-basic-elements-project CWE-352
8.8
2023-05-25 CVE-2022-47159 Cross-Site Request Forgery (CSRF) vulnerability in Logaster Logo Generator
Cross-Site Request Forgery (CSRF) vulnerability in Logaster Logaster Logo Generator plugin <= 1.3 versions.
network
low complexity
logaster CWE-352
8.8
2023-05-25 CVE-2022-47164 Cross-Site Request Forgery (CSRF) vulnerability in Mage-People Event Manager and Tickets Selling Plugin for Woocommerce
Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.7.7 versions.
network
low complexity
mage-people CWE-352
8.8
2023-05-25 CVE-2023-2883 Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
network
low complexity
CWE-639
8.8
2023-05-25 CVE-2023-2885 Channel Accessible by Non-Endpoint vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM).This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
network
high complexity
CWE-924
8.1
2023-05-25 CVE-2023-31861 Path Traversal vulnerability in Zlmediakit Project Zlmediakit 4.0
ZLMediaKit 4.0 is vulnerable to Directory Traversal.
network
low complexity
zlmediakit-project CWE-22
7.5