Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24251 | 1 Strategy11 | 1 Business Directory Plugin - Easy Listing Directories | 2021-12-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as change their status (from pending to completed to example) | |||||
| CVE-2021-31762 | 1 Webmin | 1 Webmin | 2021-12-08 | 6.8 MEDIUM | 8.8 HIGH |
| Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature. | |||||
| CVE-2021-4049 | 1 Livehelperchat | 1 Live Helper Chat | 2021-12-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-31631 | 1 B2evolution | 1 B2evolution Cms | 2021-12-07 | 6.8 MEDIUM | 8.8 HIGH |
| b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges. | |||||
| CVE-2021-35242 | 1 Solarwinds | 1 Serv-u | 2021-12-06 | 6.8 MEDIUM | 8.8 HIGH |
| Serv-U server responds with valid CSRFToken when the request contains only Session. | |||||
| CVE-2019-15115 | 1 Profilepress | 1 Loginwp | 2021-12-06 | 6.8 MEDIUM | 8.8 HIGH |
| The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. | |||||
| CVE-2021-4005 | 1 Firefly-iii | 1 Firefly Iii | 2021-12-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2015-20105 | 1 Cbads | 1 Clickbank Affiliate Ads | 2021-12-03 | 6.8 MEDIUM | 9.6 CRITICAL |
| The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues | |||||
| CVE-2021-3944 | 1 Bookstackapp | 1 Bookstack | 2021-12-03 | 4.0 MEDIUM | 6.8 MEDIUM |
| bookstack is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-24272 | 1 Codeinitiator | 1 Fitness Calculators | 2021-12-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue | |||||
| CVE-2021-24174 | 1 Database-backups Project | 1 Database-backups | 2021-12-03 | 5.8 MEDIUM | 8.1 HIGH |
| The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups. | |||||
| CVE-2021-3993 | 1 Showdoc | 1 Showdoc | 2021-12-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-4015 | 1 Firefly-iii | 1 Firefly Iii | 2021-12-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-4017 | 1 Showdoc | 1 Showdoc | 2021-12-02 | 6.8 MEDIUM | 8.8 HIGH |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-20851 | 1 Browser And Operating System Finder Project | 1 Browser And Operating System Finder | 2021-12-02 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of an administrator via unspecified vectors. | |||||
| CVE-2021-20860 | 1 Elecom | 28 Edwrc-2533gst2, Edwrc-2533gst2 Firmware, Wrc-1167gst2 and 25 more | 2021-12-02 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a remote authenticated attacker to hijack the authentication of an administrator via a specially crafted page. | |||||
| CVE-2021-42364 | 1 Stetic | 1 Stetic | 2021-12-01 | 6.8 MEDIUM | 8.8 HIGH |
| The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6. | |||||
| CVE-2021-42358 | 1 Contact Form With Captcha Project | 1 Contact Form With Captcha | 2021-12-01 | 6.8 MEDIUM | 8.8 HIGH |
| The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2. | |||||
| CVE-2020-10771 | 3 Infinispan, Netapp, Redhat | 3 Infinispan-server-rest, Oncommand Insight, Data Grid | 2021-11-30 | 5.8 MEDIUM | 7.1 HIGH |
| A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack. | |||||
| CVE-2021-24749 | 1 Kazencoders | 1 Url Shortify | 2021-11-29 | 4.3 MEDIUM | 4.3 MEDIUM |
| The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack. | |||||