• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2022-35613

February 23, 2023 by godfreyd94

Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF).

CVE-2022-35656

February 23, 2023 by godfreyd94

Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly.

CVE-2022-3568

February 23, 2023 by godfreyd94

The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the ‘cli_path’ parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.

CVE-2022-3536

February 23, 2023 by godfreyd94

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog

CVE-2022-3537

February 23, 2023 by godfreyd94

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP

CVE-2022-3538

February 23, 2023 by godfreyd94

The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 355
  • Go to page 356
  • Go to page 357
  • Go to page 358
  • Go to page 359
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE