Search
Total
1927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-10381 | 1 User Domain Whitelist Project | 1 User Domain Whitelist | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. | |||||
| CVE-2017-18547 | 1 Neliosoftware | 1 Nelio Ab Testing | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms. | |||||
| CVE-2018-20971 | 1 Churchadminplugin | 1 Church Admin | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan. | |||||
| CVE-2017-18546 | 1 Jayj Quicktag Project | 1 Jayj Quicktag | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF. | |||||
| CVE-2017-18544 | 1 Invite Anyone Project | 1 Invite Anyone | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF. | |||||
| CVE-2018-20972 | 1 Codeermeneer | 1 Companion Auto Update | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The companion-auto-update plugin before 3.2.1 for WordPress has CSRF. | |||||
| CVE-2018-20974 | 1 Joomsky | 1 Js Job Manager | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The js-jobs plugin before 1.0.7 for WordPress has CSRF. | |||||
| CVE-2019-15113 | 1 Codeermeneer | 1 Companion Sitemap Generator | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF. | |||||
| CVE-2019-15114 | 1 Ncrafts | 1 Formcraft | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF. | |||||
| CVE-2019-14681 | 1 Deny All Firewall Project | 1 Deny All Firewall | 2019-08-20 | 6.8 MEDIUM | 8.8 HIGH |
| The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF. | |||||
| CVE-2013-7476 | 1 Simple Fields Project | 1 Simple Fields | 2019-08-20 | 6.8 MEDIUM | 8.8 HIGH |
| The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface. | |||||
| CVE-2017-18512 | 1 Supsystic | 1 Newsletter By Supsystic | 2019-08-20 | 6.8 MEDIUM | 8.8 HIGH |
| The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF. | |||||
| CVE-2017-18511 | 1 Wpmudev | 1 Custom Sidebars | 2019-08-20 | 6.8 MEDIUM | 8.8 HIGH |
| The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. | |||||
| CVE-2017-18510 | 1 Wpmudev | 1 Custom Sidebars | 2019-08-20 | 6.8 MEDIUM | 8.8 HIGH |
| The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions. | |||||
| CVE-2018-20968 | 1 Smackcoders | 1 Ultimate Exporter | 2019-08-19 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. | |||||
| CVE-2018-20967 | 1 Smackcoders | 1 Wp Ultimate Csv Importer | 2019-08-19 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF. | |||||
| CVE-2016-10882 | 1 Google Doc Embedder Project | 1 Google Doc Embedder | 2019-08-19 | 6.8 MEDIUM | 8.8 HIGH |
| The google-document-embedder plugin before 2.6.2 for WordPress has CSRF. | |||||
| CVE-2016-10863 | 1 Edimax | 4 7237rpd, 7237rpd Firmware, Ew-7438rpn Mini and 1 more | 2019-08-16 | 6.8 MEDIUM | 8.8 HIGH |
| Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure. | |||||
| CVE-2017-18504 | 1 Wpdeveloper | 1 Twitter Cards Meta | 2019-08-16 | 6.8 MEDIUM | 8.8 HIGH |
| The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF. | |||||
| CVE-2018-20964 | 1 Codepeople | 1 Contact Form Email | 2019-08-15 | 6.8 MEDIUM | 8.8 HIGH |
| The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. | |||||
| CVE-2016-10862 | 1 Neetcables | 2 Airstream Nas, Airstream Nas Firmware | 2019-08-15 | 6.8 MEDIUM | 8.8 HIGH |
| Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page. | |||||
| CVE-2015-9292 | 1 6kbbs | 1 6kbbs | 2019-08-15 | 6.8 MEDIUM | 8.8 HIGH |
| 6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter). | |||||
| CVE-2016-10876 | 1 Wpseeds | 1 Wp Database Backup | 2019-08-14 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-database-backup plugin before 4.3.1 for WordPress has CSRF. | |||||
| CVE-2019-14933 | 1 Webkul | 1 Bagisto | 2019-08-14 | 6.8 MEDIUM | 8.8 HIGH |
| Bagisto 0.1.5 allows CSRF under /admin URIs. | |||||
| CVE-2019-14703 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2019-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account. | |||||
| CVE-2019-14346 | 1 Schben | 1 Adive | 2019-08-13 | 4.3 MEDIUM | 8.8 HIGH |
| Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password. | |||||
| CVE-2019-7865 | 1 Magento | 1 Magento | 2019-08-06 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration. | |||||
| CVE-2013-7473 | 1 Windu | 1 Windu Cms | 2019-08-06 | 6.8 MEDIUM | 8.8 HIGH |
| Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account. | |||||
| CVE-2019-14328 | 1 Simple-membership-plugin | 1 Simple Membership | 2019-08-05 | 6.8 MEDIUM | 8.8 HIGH |
| The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section. | |||||
| CVE-2019-3959 | 1 Wallaceit | 1 Wallacepos | 2019-08-02 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | |||||
| CVE-2019-7281 | 1 Primasystems | 1 Flexair | 2019-07-31 | 6.8 MEDIUM | 8.8 HIGH |
| Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website. | |||||
| CVE-2019-5979 | 1 Najeebmedia | 1 Personalized Woocommerce Cart Page | 2019-07-31 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-5973 | 1 Sukimalab | 1 Online Lesson Booking | 2019-07-31 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-12826 | 1 Wpchef | 1 Widget Logic | 2019-07-31 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code. | |||||
| CVE-2019-5980 | 1 Meomundo | 1 Related Youtube Videos | 2019-07-31 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Related YouTube Videos versions prior to 1.9.9 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-11712 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2019-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2019-9231 | 1 Audiocodes | 8 Mediant 500-mbsr, Mediant 500-mbsr Firmware, Mediant 500l-msbr and 5 more | 2019-07-26 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. A Cross-Site Request Forgery (CSRF) vulnerability in the management web interface allows remote attackers to execute malicious and unauthorized actions, because CSRFProtection=1 is not a default and is not documented. | |||||
| CVE-2019-10353 | 1 Jenkins | 1 Jenkins | 2019-07-26 | 5.1 MEDIUM | 7.5 HIGH |
| CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection. | |||||
| CVE-2019-13611 | 1 Python-engineio Project | 1 Python-engineio | 2019-07-22 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted. | |||||
| CVE-2019-1010112 | 1 Phpcoo | 1 Oecms | 2019-07-22 | 6.8 MEDIUM | 8.8 HIGH |
| OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery (CSRF). The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connectivity. The fixed version is: v4.3. | |||||
| CVE-2019-13961 | 1 Flatcore | 1 Flatcore | 2019-07-19 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php. | |||||
| CVE-2019-13974 | 1 Layerbb | 1 Layerbb | 2019-07-19 | 6.8 MEDIUM | 8.8 HIGH |
| LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. | |||||
| CVE-2019-1010094 | 1 Domainmod | 1 Domainmod | 2019-07-19 | 6.8 MEDIUM | 8.8 HIGH |
| domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page. | |||||
| CVE-2019-13949 | 1 Syguestbook A5 Project | 1 Syguestbook A5 | 2019-07-19 | 6.8 MEDIUM | 8.8 HIGH |
| SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change. | |||||
| CVE-2019-1010054 | 1 Dolibarr | 1 Dolibarr | 2019-07-19 | 6.8 MEDIUM | 8.8 HIGH |
| Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access malitious urls. | |||||
| CVE-2019-13594 | 1 Mirumee | 1 Saleor | 2019-07-17 | 6.8 MEDIUM | 8.8 HIGH |
| In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server. | |||||
| CVE-2019-12363 | 1 Mybb-2fa Project | 1 Mybb-2fa | 2019-07-17 | 6.8 MEDIUM | 8.8 HIGH |
| An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate (or usercp.php?action=mybb2fa&do=activate). A deactivate operation lowers the security of the targeted account by disabling two factor authentication. | |||||
| CVE-2019-5974 | 1 Contest-gallery | 1 Contest Gallery | 2019-07-15 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-12466 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2019-07-11 | 6.8 MEDIUM | 8.8 HIGH |
| Wikimedia MediaWiki through 1.32.1 allows CSRF. | |||||
| CVE-2018-12628 | 1 Eventum Project | 1 Eventum | 2019-07-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges. | |||||