CWE-352

CVE-2022-29647

February 23, 2023 by godfreyd94

An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.

February 23, 2023 by godfreyd94

Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation.

February 23, 2023 by godfreyd94

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings.

February 23, 2023 by godfreyd94

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking.

February 23, 2023 by godfreyd94

Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni’s Disable Right Click For WP plugin <= 1.1.6 at WordPress.

February 23, 2023 by godfreyd94

Remote Code Execution (RCE) in Alexander Stokmann’s Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery.