Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2023-49744: WordPress Gift Up Gift Cards for WordPress and WooCommerce plugin <= 2.21.3 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3.

CVE
#csrf#vulnerability#wordpress#auth
CVE-2023-49197: WordPress DoFollow Case by Case plugin <= 3.4.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Apasionados, Apasionados del Marketing, NetConsulting DoFollow Case by Case.This issue affects DoFollow Case by Case: from n/a through 3.4.2.

CVE-2023-50017: cms/CSRF exists in the backup and restore location.md at main · 849200701/cms

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup

GHSA-7ccg-jm7j-4f8v: Cross-site request forgery vulnerability in Jenkins HTMLResource Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system.

GHSA-v672-5x3h-57qp: Cross-site request forgery vulnerability in Jenkins Deployment Dashboard Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs.

GHSA-g4xm-5mqm-8m32: Cross-Site Request Forgery in Jenkins PaaSLane Estimate Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token.

CVE-2023-50765: Jenkins Security Advisory 2023-12-13

A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.

CVE-2023-50779: Jenkins Security Advisory 2023-12-13

Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token.

CVE-2023-50774: Jenkins Security Advisory 2023-12-13

A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system.

CVE-2023-50770: Jenkins Security Advisory 2023-12-13

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins.