• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2022-1843

February 23, 2023 by

The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks

CVE-2022-1844

February 23, 2023 by

The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well

CVE-2022-1845

February 23, 2023 by

The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin’s data, update the settings, add new entries and more via CSRF attacks

CVE-2022-1846

February 23, 2023 by

The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVE-2022-1847

February 23, 2023 by

The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVE-2022-1709

February 23, 2023 by

The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attack

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 403
  • Go to page 404
  • Go to page 405
  • Go to page 406
  • Go to page 407
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE