• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2022-2933

February 23, 2023 by godfreyd94

The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This makes it possible for unauthenticated attackers to inject malicious web scripts via the ‘zeromk_user’ and ‘zeromk_apikluc’ parameters through a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2022-29412

February 23, 2023 by godfreyd94

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source.

CVE-2022-29413

February 23, 2023 by godfreyd94

Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter.

CVE-2022-29414

February 23, 2023 by godfreyd94

Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube’s Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription.

CVE-2022-29048

February 23, 2023 by godfreyd94

A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.

CVE-2022-29050

February 23, 2023 by godfreyd94

A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 373
  • Go to page 374
  • Go to page 375
  • Go to page 376
  • Go to page 377
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE