Search
Total
3999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10902 | 1 Gowebsolutions | 1 Wp Customer Reviews | 2019-08-22 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools. | |||||
| CVE-2017-18569 | 1 Mythemeshop | 1 My Wp Translate | 2019-08-22 | 6.8 MEDIUM | 8.8 HIGH |
| The my-wp-translate plugin before 1.0.4 for WordPress has CSRF. | |||||
| CVE-2017-18523 | 1 Eelv Newsletter Project | 1 Eelv Newsletter | 2019-08-22 | 6.8 MEDIUM | 8.8 HIGH |
| The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book. | |||||
| CVE-2016-10914 | 1 Add From Server Project | 1 Add From Server | 2019-08-22 | 6.8 MEDIUM | 8.8 HIGH |
| The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file. | |||||
| CVE-2019-15238 | 1 Cformsii Project | 1 Cformsii | 2019-08-22 | 6.8 MEDIUM | 8.8 HIGH |
| The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field. | |||||
| CVE-2019-14682 | 1 Acf\ | 1 Better Search Project | 2019-08-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF. | |||||
| CVE-2016-10885 | 1 Wp Editor Project | 1 Wp Editor | 2019-08-22 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-editor plugin before 1.2.6 for WordPress has CSRF. | |||||
| CVE-2015-9332 | 1 Wordpress Uninstall Project | 1 Wordpress Uninstall | 2019-08-22 | 5.8 MEDIUM | 6.5 MEDIUM |
| The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI. | |||||
| CVE-2019-14683 | 1 Codection | 1 Import Users From Csv With Meta | 2019-08-22 | 4.9 MEDIUM | 5.7 MEDIUM |
| The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. | |||||
| CVE-2015-9322 | 1 Erident Custom Login And Dashboard Project | 1 Erident Custom Login And Dashboard | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF. | |||||
| CVE-2016-10915 | 1 Supsystic | 1 Popup | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. | |||||
| CVE-2011-5328 | 1 User Access Manager Project | 1 User Access Manager | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The user-access-manager plugin before 1.2 for WordPress has CSRF. | |||||
| CVE-2014-10381 | 1 User Domain Whitelist Project | 1 User Domain Whitelist | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. | |||||
| CVE-2017-18547 | 1 Neliosoftware | 1 Nelio Ab Testing | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms. | |||||
| CVE-2019-14680 | 1 Mijnpress | 1 Admin-renamer-extended | 2019-08-21 | 3.5 LOW | 5.7 MEDIUM |
| The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF. | |||||
| CVE-2018-20971 | 1 Churchadminplugin | 1 Church Admin | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan. | |||||
| CVE-2017-18546 | 1 Jayj Quicktag Project | 1 Jayj Quicktag | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF. | |||||
| CVE-2017-18544 | 1 Invite Anyone Project | 1 Invite Anyone | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF. | |||||
| CVE-2018-20972 | 1 Codeermeneer | 1 Companion Auto Update | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The companion-auto-update plugin before 3.2.1 for WordPress has CSRF. | |||||
| CVE-2018-20974 | 1 Joomsky | 1 Js Job Manager | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The js-jobs plugin before 1.0.7 for WordPress has CSRF. | |||||
| CVE-2019-15113 | 1 Codeermeneer | 1 Companion Sitemap Generator | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF. | |||||
| CVE-2019-15114 | 1 Ncrafts | 1 Formcraft | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF. | |||||
| CVE-2019-14681 | 1 Deny All Firewall Project | 1 Deny All Firewall | 2019-08-20 | 6.8 MEDIUM | 8.8 HIGH |
| The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF. | |||||
| CVE-2013-7476 | 1 Simple Fields Project | 1 Simple Fields | 2019-08-20 | 6.8 MEDIUM | 8.8 HIGH |
| The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface. | |||||
| CVE-2016-10883 | 1 Mijnpress | 1 Simple Add Pages Or Posts | 2019-08-20 | 5.8 MEDIUM | 6.5 MEDIUM |
| The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users. | |||||
| CVE-2017-18512 | 1 Supsystic | 1 Newsletter By Supsystic | 2019-08-20 | 6.8 MEDIUM | 8.8 HIGH |
| The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF. | |||||
| CVE-2017-18511 | 1 Wpmudev | 1 Custom Sidebars | 2019-08-20 | 6.8 MEDIUM | 8.8 HIGH |
| The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. | |||||
| CVE-2017-18510 | 1 Wpmudev | 1 Custom Sidebars | 2019-08-20 | 6.8 MEDIUM | 8.8 HIGH |
| The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions. | |||||
| CVE-2018-20968 | 1 Smackcoders | 1 Ultimate Exporter | 2019-08-19 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. | |||||
| CVE-2018-20967 | 1 Smackcoders | 1 Wp Ultimate Csv Importer | 2019-08-19 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF. | |||||
| CVE-2019-14679 | 1 Reputeinfosystems | 1 Arprice Lite | 2019-08-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arplite_import_export CSRF. | |||||
| CVE-2016-10882 | 1 Google Doc Embedder Project | 1 Google Doc Embedder | 2019-08-19 | 6.8 MEDIUM | 8.8 HIGH |
| The google-document-embedder plugin before 2.6.2 for WordPress has CSRF. | |||||
| CVE-2016-10863 | 1 Edimax | 4 7237rpd, 7237rpd Firmware, Ew-7438rpn Mini and 1 more | 2019-08-16 | 6.8 MEDIUM | 8.8 HIGH |
| Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure. | |||||
| CVE-2017-18504 | 1 Wpdeveloper | 1 Twitter Cards Meta | 2019-08-16 | 6.8 MEDIUM | 8.8 HIGH |
| The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF. | |||||
| CVE-2018-20964 | 1 Codepeople | 1 Contact Form Email | 2019-08-15 | 6.8 MEDIUM | 8.8 HIGH |
| The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. | |||||
| CVE-2017-18485 | 1 Elementalpath | 2 Cognitoys Dino, Cognitoys Dino Firmware | 2019-08-15 | 5.8 MEDIUM | 5.4 MEDIUM |
| Cognitoys Dino devices allow profiles_add.html CSRF. | |||||
| CVE-2016-10862 | 1 Neetcables | 2 Airstream Nas, Airstream Nas Firmware | 2019-08-15 | 6.8 MEDIUM | 8.8 HIGH |
| Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page. | |||||
| CVE-2015-9292 | 1 6kbbs | 1 6kbbs | 2019-08-15 | 6.8 MEDIUM | 8.8 HIGH |
| 6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter). | |||||
| CVE-2016-10865 | 1 23systems | 1 Lightbox Plus Colorbox | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS. | |||||
| CVE-2016-10876 | 1 Wpseeds | 1 Wp Database Backup | 2019-08-14 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-database-backup plugin before 4.3.1 for WordPress has CSRF. | |||||
| CVE-2019-14933 | 1 Webkul | 1 Bagisto | 2019-08-14 | 6.8 MEDIUM | 8.8 HIGH |
| Bagisto 0.1.5 allows CSRF under /admin URIs. | |||||
| CVE-2019-14703 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2019-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account. | |||||
| CVE-2019-14346 | 1 Schben | 1 Adive | 2019-08-13 | 4.3 MEDIUM | 8.8 HIGH |
| Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password. | |||||
| CVE-2019-7947 | 1 Magento | 1 Magento | 2019-08-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | |||||
| CVE-2011-0447 | 1 Rubyonrails | 1 Rails | 2019-08-08 | 6.8 MEDIUM | N/A |
| Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696. | |||||
| CVE-2008-5189 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function. | |||||
| CVE-2019-7874 | 1 Magento | 1 Magento | 2019-08-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles. | |||||
| CVE-2019-7873 | 1 Magento | 1 Magento | 2019-08-07 | 5.8 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule. | |||||
| CVE-2019-7851 | 1 Magento | 1 Magento | 2019-08-06 | 5.8 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages. | |||||
| CVE-2019-7857 | 1 Magento | 1 Magento | 2019-08-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation. | |||||