Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9431 | 1 Qtranslate X Project | 1 Qtranslate X | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter. | |||||
| CVE-2015-9432 | 1 Thealpinepress | 1 Alpine-photo-tile-for-instagram | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter. | |||||
| CVE-2015-9428 | 1 Wplegalpages | 1 Wp Legal Pages | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters. | |||||
| CVE-2015-9425 | 1 Byonepress | 1 Social Locker | 2019-09-26 | 4.3 MEDIUM | 5.4 MEDIUM |
| The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter. | |||||
| CVE-2015-9424 | 1 Doc4design | 1 Multicons | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter. | |||||
| CVE-2015-9429 | 1 Yithemes | 1 Yith Maintenance Mode | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter. | |||||
| CVE-2015-9427 | 1 Googmonify Project | 1 Googmonify | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter. | |||||
| CVE-2015-9409 | 1 Alo-easymail Project | 1 Alo-easymail | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php. | |||||
| CVE-2015-9437 | 1 Qurl | 1 Dynamic Widgets | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter. | |||||
| CVE-2015-9434 | 1 Kiwi-logo-carousel Project | 1 Kiwi-logo-carousel | 2019-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter. | |||||
| CVE-2019-16706 | 1 Kkcms Project | 1 Kkcms | 2019-09-23 | 6.8 MEDIUM | 8.8 HIGH |
| kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php. | |||||
| CVE-2019-16677 | 1 Idreamsoft | 1 Icms | 2019-09-23 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF. | |||||
| CVE-2019-16721 | 1 5none | 1 Nonecms | 2019-09-23 | 5.8 MEDIUM | 6.5 MEDIUM |
| NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user. | |||||
| CVE-2010-0289 | 1 Dokuwiki | 1 Dokuwiki | 2019-09-23 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors. | |||||
| CVE-2015-9388 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2019-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS. | |||||
| CVE-2015-9387 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2019-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF. | |||||
| CVE-2019-16678 | 1 Yzmcms | 1 Yzmcms | 2019-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route. | |||||
| CVE-2019-16658 | 1 Tuzicms | 1 Tuzicms | 2019-09-23 | 6.8 MEDIUM | 8.8 HIGH |
| TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. | |||||
| CVE-2018-16380 | 1 Digimute | 1 Ogma Cms | 2019-09-23 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account. | |||||
| CVE-2019-16659 | 1 Tuzicms | 1 Tuzicms | 2019-09-23 | 6.8 MEDIUM | 8.8 HIGH |
| TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. | |||||