Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 4240 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16660 1 Joyplus Project 1 Joyplus 2019-09-23 6.8 MEDIUM 8.8 HIGH
joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.
CVE-2015-9394 1 Usersultra 1 Users Ultra Membership 2019-09-20 6.8 MEDIUM 8.8 HIGH
The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.
CVE-2019-15089 1 Prise 1 Adas 2019-09-20 6.8 MEDIUM 8.8 HIGH
An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.
CVE-2015-9408 1 Cyberseo 1 Xpinner Lite 2019-09-20 4.3 MEDIUM 6.5 MEDIUM
The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.
CVE-2016-10997 1 Yourinspirationweb 1 Beauty-premium 2019-09-20 4.3 MEDIUM 6.5 MEDIUM
The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.
CVE-2019-16531 1 Layerbb 1 Layerbb 2019-09-20 6.8 MEDIUM 8.8 HIGH
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
CVE-2016-10989 1 Leenk 1 Leenk.me 2019-09-17 6.8 MEDIUM 8.8 HIGH
The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF.
CVE-2016-10974 1 Tonjoostudio 1 Fluid-responsive-slideshow 2019-09-17 6.8 MEDIUM 8.8 HIGH
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS.
CVE-2016-10978 1 Fossura 1 Tag Miner 2019-09-17 6.8 MEDIUM 8.8 HIGH
The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF.
CVE-2016-10982 1 Kentothemes 1 Kento-post-view-counter 2019-09-17 6.8 MEDIUM 8.8 HIGH
The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF.
CVE-2016-10962 1 Icegram 1 Icegram 2019-09-16 4.3 MEDIUM 6.5 MEDIUM
The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.
CVE-2019-5993 1 Tipsandtricks-hq 1 Category Specific Rss Feed Subscription 2019-09-16 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2019-16311 1 Niushop 1 Niushop 2019-09-16 6.8 MEDIUM 8.8 HIGH
NIUSHOP V1.11 has CSRF via search_info to index.php.
CVE-2019-5986 2 Ntt-east, Ntt-west 92 Pr-400ki, Pr-400ki Firmware, Pr-400mi and 89 more 2019-09-16 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2016-10938 1 Copy-me Project 1 Copy-me 2019-09-13 4.3 MEDIUM 6.5 MEDIUM
The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location.
CVE-2016-10946 1 Wp-d3 Project 1 Wp-d3 2019-09-13 6.8 MEDIUM 8.8 HIGH
The wp-d3 plugin before 2.4.1 for WordPress has CSRF.
CVE-2016-10944 1 Wpmaz 1 Multisite Post Duplicator 2019-09-13 6.8 MEDIUM 8.8 HIGH
The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF.
CVE-2019-5992 1 Ultra-prod 1 Wordpress Ultra Simple Paypal Shopping Cart 2019-09-13 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2019-1261 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2019-09-12 6.8 MEDIUM 8.8 HIGH
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1259.
CVE-2019-1259 1 Microsoft 1 Sharepoint Foundation 2019-09-12 6.8 MEDIUM 8.8 HIGH
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261.