• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2022-3750

February 23, 2023 by godfreyd94

The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.

CVE-2022-3763

February 23, 2023 by godfreyd94

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack

CVE-2022-37405

February 23, 2023 by godfreyd94

Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay’s Better Font Awesome plugin <= 2.0.1 at WordPress.

CVE-2022-37411

February 23, 2023 by godfreyd94

Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza’s Captcha Code plugin <= 2.7 at WordPress.

CVE-2022-37043

February 23, 2023 by godfreyd94

An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. Thus, when an authenticated user views an attacker-controlled page, a request will be sent to the application that appears to be intended. The CSRF token is omitted from the request, but the request still succeeds.

CVE-2022-36968

February 23, 2023 by godfreyd94

In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 348
  • Go to page 349
  • Go to page 350
  • Go to page 351
  • Go to page 352
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE