Search
Total
1927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16099 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2019-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file. | |||||
| CVE-2019-16059 | 1 Sapplica | 1 Sentrifugo | 2019-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page. | |||||
| CVE-2018-17584 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2019-09-07 | 6.8 MEDIUM | 8.8 HIGH |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page. | |||||
| CVE-2018-1000086 | 1 Npr | 1 Pym.js | 2019-09-06 | 6.8 MEDIUM | 8.8 HIGH |
| NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery (CSRF) vulnerability in Pym.js _onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.js#L573 that can result in Arbitrary javascript code execution. This attack appear to be exploitable via Attacker gains full javascript access to pages with Pym.js embeds when user visits an attacker crafted page.. This vulnerability appears to have been fixed in versions 1.3.2 and later. | |||||
| CVE-2016-10884 | 1 Simple-membership-plugin | 1 Simple Membership | 2019-09-06 | 6.8 MEDIUM | 8.8 HIGH |
| The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues. | |||||
| CVE-2019-15828 | 1 Tribulant | 1 One Click Ssl | 2019-09-05 | 6.8 MEDIUM | 8.8 HIGH |
| The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. | |||||
| CVE-2019-15769 | 1 Haktansuren | 1 Handl Utm Grabber | 2019-09-05 | 6.8 MEDIUM | 8.8 HIGH |
| The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option. | |||||
| CVE-2019-15835 | 1 Wp Better Permalinks Project | 1 Wp Better Permalinks | 2019-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. | |||||
| CVE-2019-15770 | 1 Hallme | 1 Woocommerce Address Book | 2019-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks. | |||||
| CVE-2019-15834 | 1 Webp Converter For Media Project | 1 Webp Converter For Media | 2019-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF. | |||||
| CVE-2019-15779 | 1 Quadlayers | 1 Wp Social Feed Gallery | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete. | |||||
| CVE-2019-15841 | 1 Facebook | 1 Facebook For Woocommerce | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. | |||||
| CVE-2019-15868 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The affiliates-manager plugin before 2.6.6 for WordPress has CSRF. | |||||
| CVE-2019-15831 | 1 Wp-buy | 1 Visitor Traffic Real Time Statistics | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. | |||||
| CVE-2019-15832 | 1 Wp-buy | 1 Visitor Traffic Real Time Statistics | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. | |||||
| CVE-2015-9380 | 1 10web | 1 Photo Gallery | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The photo-gallery plugin before 1.2.42 for WordPress has CSRF. | |||||
| CVE-2019-15865 | 1 Holest | 1 Breadcrumbs By Menu | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF. | |||||
| CVE-2019-15840 | 1 Facebook | 1 Facebook For Woocommerce | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. | |||||
| CVE-2018-16966 | 1 File Manager Project | 1 File Manager | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. | |||||
| CVE-2015-4089 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2019-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page. | |||||
| CVE-2019-15781 | 1 Weblizar | 1 Social Likebox \& Feed | 2019-08-30 | 6.8 MEDIUM | 8.8 HIGH |
| The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. | |||||
| CVE-2019-15496 | 1 Manageyourteam | 1 Myt Project Management | 2019-08-30 | 6.8 MEDIUM | 8.8 HIGH |
| MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page. | |||||
| CVE-2018-14668 | 1 Yandex | 1 Clickhouse | 2019-08-29 | 6.8 MEDIUM | 8.8 HIGH |
| In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks. | |||||
| CVE-2015-9343 | 1 Impress | 1 Wp Rollback | 2019-08-29 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-rollback plugin before 1.2.3 for WordPress has CSRF. | |||||
| CVE-2018-21002 | 1 Joomsky | 1 Js Help Desk | 2019-08-28 | 6.8 MEDIUM | 8.8 HIGH |
| The js-support-ticket plugin before 2.0.6 for WordPress has CSRF. | |||||
| CVE-2019-15660 | 1 Wp-members Project | 1 Wp-members | 2019-08-28 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-members plugin before 3.2.8 for WordPress has CSRF. | |||||
| CVE-2018-21006 | 1 Bbpress Move Topics Project | 1 Bbpress Move Topics | 2019-08-28 | 6.8 MEDIUM | 8.8 HIGH |
| The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF. | |||||
| CVE-2019-15645 | 1 Zoho | 1 Salesiq | 2019-08-28 | 6.8 MEDIUM | 8.8 HIGH |
| The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. | |||||
| CVE-2019-15062 | 1 Dolibarr | 1 Dolibarr | 2019-08-28 | 6.0 MEDIUM | 8.0 HIGH |
| An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.) | |||||
| CVE-2019-10186 | 1 Moodle | 1 Moodle | 2019-08-27 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool. | |||||
| CVE-2019-14526 | 1 Netgear | 2 Mr1100, Mr1100 Firmware | 2019-08-27 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This entirely bypasses the intended security benefits of the use of a CSRF-protection token. | |||||
| CVE-2019-13477 | 1 Centos-webpanel | 1 Centos Web Panel | 2019-08-27 | 4.3 MEDIUM | 8.8 HIGH |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account. | |||||
| CVE-2019-15491 | 1 It-novum | 1 Openitcockpit | 2019-08-26 | 6.8 MEDIUM | 8.8 HIGH |
| openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. | |||||
| CVE-2016-10918 | 1 Supsystic | 1 Photo Gallery | 2019-08-26 | 6.8 MEDIUM | 8.8 HIGH |
| The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. | |||||
| CVE-2019-15229 | 1 Thedaylightstudio | 1 Fuel Cms | 2019-08-26 | 6.8 MEDIUM | 8.8 HIGH |
| FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page. | |||||
| CVE-2019-15150 | 1 Schine.games | 1 Mw-oauth2client | 2019-08-26 | 6.8 MEDIUM | 8.8 HIGH |
| In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function. | |||||
| CVE-2019-15329 | 1 Codection | 1 Import Users From Csv With Meta | 2019-08-23 | 6.8 MEDIUM | 8.8 HIGH |
| The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF. | |||||
| CVE-2016-10903 | 1 Godaddy | 1 Godaddy Email Marketing | 2019-08-23 | 6.8 MEDIUM | 8.8 HIGH |
| The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF. | |||||
| CVE-2017-18521 | 1 Wp-kama | 1 Democracy Poll | 2019-08-23 | 6.8 MEDIUM | 8.8 HIGH |
| The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n. | |||||
| CVE-2019-14216 | 1 Wp Svg Icons Project | 1 Wp Svg Icons | 2019-08-23 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file. | |||||
| CVE-2019-5924 | 1 Rednao | 1 Smart Forms | 2019-08-23 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page. | |||||
| CVE-2016-10902 | 1 Gowebsolutions | 1 Wp Customer Reviews | 2019-08-22 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools. | |||||
| CVE-2017-18569 | 1 Mythemeshop | 1 My Wp Translate | 2019-08-22 | 6.8 MEDIUM | 8.8 HIGH |
| The my-wp-translate plugin before 1.0.4 for WordPress has CSRF. | |||||
| CVE-2017-18523 | 1 Eelv Newsletter Project | 1 Eelv Newsletter | 2019-08-22 | 6.8 MEDIUM | 8.8 HIGH |
| The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book. | |||||
| CVE-2016-10914 | 1 Add From Server Project | 1 Add From Server | 2019-08-22 | 6.8 MEDIUM | 8.8 HIGH |
| The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file. | |||||
| CVE-2019-15238 | 1 Cformsii Project | 1 Cformsii | 2019-08-22 | 6.8 MEDIUM | 8.8 HIGH |
| The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field. | |||||
| CVE-2016-10885 | 1 Wp Editor Project | 1 Wp Editor | 2019-08-22 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-editor plugin before 1.2.6 for WordPress has CSRF. | |||||
| CVE-2015-9322 | 1 Erident Custom Login And Dashboard Project | 1 Erident Custom Login And Dashboard | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF. | |||||
| CVE-2016-10915 | 1 Supsystic | 1 Popup | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. | |||||
| CVE-2011-5328 | 1 User Access Manager Project | 1 User Access Manager | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The user-access-manager plugin before 1.2 for WordPress has CSRF. | |||||