• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2022-0707

February 23, 2023 by

The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack

CVE-2022-0616

February 23, 2023 by

The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack

CVE-2022-0638

February 23, 2023 by

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

CVE-2022-0642

February 23, 2023 by

The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.

CVE-2022-0499

February 23, 2023 by

The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones.

CVE-2022-0505

February 23, 2023 by

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 412
  • Go to page 413
  • Go to page 414
  • Go to page 415
  • Go to page 416
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE