Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43156 | 1 Projectworlds | 1 Online Book Store Project In Php | 2021-12-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book. | |||||
| CVE-2021-43158 | 1 Projectworlds | 1 Online Shopping System In Php | 2021-12-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart. | |||||
| CVE-2021-24981 | 1 Wpwax | 1 Directorist | 2021-12-27 | 5.1 MEDIUM | 7.5 HIGH |
| The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. | |||||
| CVE-2020-20595 | 1 Opms Project | 1 Opms | 2021-12-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add. | |||||
| CVE-2021-41260 | 1 Galette | 1 Galette | 2021-12-21 | 6.8 MEDIUM | 8.8 HIGH |
| Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue. | |||||
| CVE-2021-4131 | 1 Livehelperchat | 1 Live Helper Chat | 2021-12-21 | 6.8 MEDIUM | 8.8 HIGH |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-4130 | 1 Snipeitapp | 1 Snipe-it | 2021-12-21 | 6.8 MEDIUM | 8.8 HIGH |
| snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-26800 | 1 User Management System In Php Stored Procedure Project | 1 User Management System In Php Stored Procedure | 2021-12-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows attackers to change the password to an arbitrary account. | |||||
| CVE-2021-45017 | 1 Catfish-cms | 1 Catfish Cms | 2021-12-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1.* when you upload an html file containing CSRF on the website that uses a google editor; you can specify the menu url address as your malicious url address in the Add Menu column. | |||||
| CVE-2021-4123 | 1 Livehelperchat | 1 Live Helper Chat | 2021-12-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-24818 | 1 Wp Limits Project | 1 Wp Limits | 2021-12-16 | 4.3 MEDIUM | 4.3 MEDIUM |
| The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values | |||||
| CVE-2021-24795 | 1 Phoeniixx | 1 Filter Portfolio Gallery | 2021-12-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking Cross-Site Request Forgery (CSRF) check when deleting a Gallery, which could allow attackers to make a logged in admin delete arbitrary Gallery. | |||||
| CVE-2021-24780 | 1 Single Post Exporter Project | 1 Single Post Exporter | 2021-12-15 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL | |||||
| CVE-2021-44942 | 1 Glfusion | 1 Glfusion | 2021-12-15 | 4.3 MEDIUM | 4.3 MEDIUM |
| glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a blacklist. | |||||
| CVE-2021-24922 | 1 Fatcatapps | 1 Pixel Cat | 2021-12-15 | 6.0 MEDIUM | 9.0 CRITICAL |
| The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks | |||||
| CVE-2021-24784 | 1 Wp Admin Logo Changer Project | 1 Wp Admin Logo Changer | 2021-12-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| The WP Admin Logo Changer WordPress plugin through 1.0 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin update them via a CSRF attack. | |||||
| CVE-2021-4092 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2021-12-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-4082 | 1 Pimcore | 1 Pimcore | 2021-12-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| pimcore is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2020-19682 | 1 Zzzcms | 1 Zzzcms | 2021-12-13 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php. | |||||
| CVE-2021-4033 | 1 Kimai | 1 Kimai 2 | 2021-12-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) | |||||