Search
Total
3999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9413 | 1 Eshop Project | 1 Eshop | 2019-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter. | |||||
| CVE-2015-9445 | 1 Unitegallery | 1 Unite Gallery Lite | 2019-09-26 | 6.8 MEDIUM | 8.8 HIGH |
| The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. | |||||
| CVE-2018-17792 | 1 Altn | 1 Mdaemon Webmail | 2019-09-26 | 6.8 MEDIUM | 8.8 HIGH |
| MDaemon Webmail (formerly WorldClient) has CSRF. | |||||
| CVE-2015-9417 | 1 Slidervilla | 1 Testimonial Slider | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS. | |||||
| CVE-2015-9422 | 1 Simplysymphony | 1 Plugnedit | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters. | |||||
| CVE-2015-9421 | 1 Olevmedia | 1 Olevmedia Shortcodes | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter. | |||||
| CVE-2015-9433 | 1 Wp Social Bookmarking Light Project | 1 Wp Social Bookmarking Light | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php. | |||||
| CVE-2015-9431 | 1 Qtranslate X Project | 1 Qtranslate X | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter. | |||||
| CVE-2015-9432 | 1 Thealpinepress | 1 Alpine-photo-tile-for-instagram | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter. | |||||
| CVE-2015-9428 | 1 Wplegalpages | 1 Wp Legal Pages | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters. | |||||
| CVE-2015-9425 | 1 Byonepress | 1 Social Locker | 2019-09-26 | 4.3 MEDIUM | 5.4 MEDIUM |
| The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter. | |||||
| CVE-2015-9424 | 1 Doc4design | 1 Multicons | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter. | |||||
| CVE-2015-9429 | 1 Yithemes | 1 Yith Maintenance Mode | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter. | |||||
| CVE-2015-9427 | 1 Googmonify Project | 1 Googmonify | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter. | |||||
| CVE-2015-9409 | 1 Alo-easymail Project | 1 Alo-easymail | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php. | |||||
| CVE-2015-9437 | 1 Qurl | 1 Dynamic Widgets | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter. | |||||
| CVE-2015-9434 | 1 Kiwi-logo-carousel Project | 1 Kiwi-logo-carousel | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter. | |||||
| CVE-2019-16706 | 1 Kkcms Project | 1 Kkcms | 2019-09-23 | 6.8 MEDIUM | 8.8 HIGH |
| kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php. | |||||
| CVE-2019-16677 | 1 Idreamsoft | 1 Icms | 2019-09-23 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF. | |||||
| CVE-2019-16721 | 1 5none | 1 Nonecms | 2019-09-23 | 5.8 MEDIUM | 6.5 MEDIUM |
| NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user. | |||||
| CVE-2010-0289 | 1 Dokuwiki | 1 Dokuwiki | 2019-09-23 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors. | |||||
| CVE-2015-9388 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2019-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS. | |||||
| CVE-2015-9387 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2019-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF. | |||||
| CVE-2019-16678 | 1 Yzmcms | 1 Yzmcms | 2019-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route. | |||||
| CVE-2019-16658 | 1 Tuzicms | 1 Tuzicms | 2019-09-23 | 6.8 MEDIUM | 8.8 HIGH |
| TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. | |||||
| CVE-2018-16380 | 1 Digimute | 1 Ogma Cms | 2019-09-23 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account. | |||||
| CVE-2019-16659 | 1 Tuzicms | 1 Tuzicms | 2019-09-23 | 6.8 MEDIUM | 8.8 HIGH |
| TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. | |||||
| CVE-2019-16660 | 1 Joyplus Project | 1 Joyplus | 2019-09-23 | 6.8 MEDIUM | 8.8 HIGH |
| joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF. | |||||
| CVE-2015-9394 | 1 Usersultra | 1 Users Ultra Membership | 2019-09-20 | 6.8 MEDIUM | 8.8 HIGH |
| The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php. | |||||
| CVE-2019-15089 | 1 Prise | 1 Adas | 2019-09-20 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator. | |||||
| CVE-2015-9408 | 1 Cyberseo | 1 Xpinner Lite | 2019-09-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS. | |||||
| CVE-2016-10997 | 1 Yourinspirationweb | 1 Beauty-premium | 2019-09-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php. | |||||
| CVE-2019-16531 | 1 Layerbb | 1 Layerbb | 2019-09-20 | 6.8 MEDIUM | 8.8 HIGH |
| LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php. | |||||
| CVE-2019-10176 | 1 Redhat | 1 Openshift Container Platform | 2019-09-17 | 5.8 MEDIUM | 5.4 MEDIUM |
| A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use the token to perform a CSRF attack. | |||||
| CVE-2016-10989 | 1 Leenk | 1 Leenk.me | 2019-09-17 | 6.8 MEDIUM | 8.8 HIGH |
| The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF. | |||||
| CVE-2016-10974 | 1 Tonjoostudio | 1 Fluid-responsive-slideshow | 2019-09-17 | 6.8 MEDIUM | 8.8 HIGH |
| The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS. | |||||
| CVE-2016-10978 | 1 Fossura | 1 Tag Miner | 2019-09-17 | 6.8 MEDIUM | 8.8 HIGH |
| The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF. | |||||
| CVE-2016-10982 | 1 Kentothemes | 1 Kento-post-view-counter | 2019-09-17 | 6.8 MEDIUM | 8.8 HIGH |
| The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF. | |||||
| CVE-2019-14998 | 1 Atlassian | 1 Jira | 2019-09-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance. | |||||
| CVE-2019-5993 | 1 Tipsandtricks-hq | 1 Category Specific Rss Feed Subscription | 2019-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-16311 | 1 Niushop | 1 Niushop | 2019-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| NIUSHOP V1.11 has CSRF via search_info to index.php. | |||||
| CVE-2019-5986 | 2 Ntt-east, Ntt-west | 92 Pr-400ki, Pr-400ki Firmware, Pr-400mi and 89 more | 2019-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2016-10938 | 1 Copy-me Project | 1 Copy-me | 2019-09-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location. | |||||
| CVE-2016-10946 | 1 Wp-d3 Project | 1 Wp-d3 | 2019-09-13 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-d3 plugin before 2.4.1 for WordPress has CSRF. | |||||
| CVE-2016-10944 | 1 Wpmaz | 1 Multisite Post Duplicator | 2019-09-13 | 6.8 MEDIUM | 8.8 HIGH |
| The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF. | |||||
| CVE-2019-5992 | 1 Ultra-prod | 1 Wordpress Ultra Simple Paypal Shopping Cart | 2019-09-13 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-1259 | 1 Microsoft | 1 Sharepoint Foundation | 2019-09-12 | 6.8 MEDIUM | 8.8 HIGH |
| A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261. | |||||
| CVE-2019-1261 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2019-09-12 | 6.8 MEDIUM | 8.8 HIGH |
| A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1259. | |||||
| CVE-2019-10253 | 1 Teammatesolutions | 1 Teammate\+ | 2019-09-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data (upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files). The specific flaw exists within the handling of Upload/DomainObjectDocumentUpload.ashx requests because of failure to validate a CSRF token before handling a POST request. | |||||
| CVE-2017-18607 | 1 Theme-fusion | 1 Avada | 2019-09-10 | 6.8 MEDIUM | 8.8 HIGH |
| The avada theme before 5.1.5 for WordPress has CSRF. | |||||