CVE's - CVE Vulnerability

CVE

Vendors

Products

Updated

CVSS v2

CVSS v3

CVE-2022-1611

2022-06-08

N/A

8.8 HIGH

The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF.

CVE-2022-1610

2022-06-28

N/A

6.5 MEDIUM

The Seamless Donations WordPress plugin before 5.1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVE-2022-1608

2022-06-17

N/A

6.5 MEDIUM

The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVE-2022-1606

2022-12-02

N/A

4.3 MEDIUM

Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects.

CVE-2022-1605

2022-06-17

N/A

6.5 MEDIUM

The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users

CVE-2022-1604

2022-06-17

N/A

6.1 MEDIUM

The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

CVE-2022-1603

2022-07-01

N/A

4.3 MEDIUM

The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list

CVE-2022-1602

Hp, Thinpro

0150a129, 0150a12a, 0150a12b, 0150a12c, 0231a0av, 0231a0kl, 0231a65t, 0231a761, 0231a791, 0231a832

2022-09-15

N/A

5.5 MEDIUM

A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8.

CVE-2022-1600

2022-08-04

N/A

5.3 MEDIUM

The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.

CVE-2022-1599

2022-07-15

N/A

6.5 MEDIUM

The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.

« Previous 1 … 10,941 10,942 10,943 10,944 10,945 … 11,258 Next »