Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10978 | 1 Fossura | 1 Tag Miner | 2019-09-17 | 6.8 MEDIUM | 8.8 HIGH |
| The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF. | |||||
| CVE-2016-10982 | 1 Kentothemes | 1 Kento-post-view-counter | 2019-09-17 | 6.8 MEDIUM | 8.8 HIGH |
| The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF. | |||||
| CVE-2019-5993 | 1 Tipsandtricks-hq | 1 Category Specific Rss Feed Subscription | 2019-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-16311 | 1 Niushop | 1 Niushop | 2019-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| NIUSHOP V1.11 has CSRF via search_info to index.php. | |||||
| CVE-2019-5986 | 2 Ntt-east, Ntt-west | 92 Pr-400ki, Pr-400ki Firmware, Pr-400mi and 89 more | 2019-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2016-10938 | 1 Copy-me Project | 1 Copy-me | 2019-09-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location. | |||||
| CVE-2016-10946 | 1 Wp-d3 Project | 1 Wp-d3 | 2019-09-13 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-d3 plugin before 2.4.1 for WordPress has CSRF. | |||||
| CVE-2016-10944 | 1 Wpmaz | 1 Multisite Post Duplicator | 2019-09-13 | 6.8 MEDIUM | 8.8 HIGH |
| The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF. | |||||
| CVE-2019-5992 | 1 Ultra-prod | 1 Wordpress Ultra Simple Paypal Shopping Cart | 2019-09-13 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-1261 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2019-09-12 | 6.8 MEDIUM | 8.8 HIGH |
| A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1259. | |||||
| CVE-2019-1259 | 1 Microsoft | 1 Sharepoint Foundation | 2019-09-12 | 6.8 MEDIUM | 8.8 HIGH |
| A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261. | |||||
| CVE-2019-10253 | 1 Teammatesolutions | 1 Teammate\+ | 2019-09-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data (upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files). The specific flaw exists within the handling of Upload/DomainObjectDocumentUpload.ashx requests because of failure to validate a CSRF token before handling a POST request. | |||||
| CVE-2017-18607 | 1 Theme-fusion | 1 Avada | 2019-09-10 | 6.8 MEDIUM | 8.8 HIGH |
| The avada theme before 5.1.5 for WordPress has CSRF. | |||||
| CVE-2019-16099 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2019-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file. | |||||
| CVE-2019-15128 | 1 If.svnadmin Project | 1 If.svnadmin | 2019-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user. | |||||
| CVE-2019-16059 | 1 Sapplica | 1 Sentrifugo | 2019-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page. | |||||
| CVE-2018-17584 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2019-09-07 | 6.8 MEDIUM | 8.8 HIGH |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page. | |||||
| CVE-2018-1000086 | 1 Npr | 1 Pym.js | 2019-09-06 | 6.8 MEDIUM | 8.8 HIGH |
| NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery (CSRF) vulnerability in Pym.js _onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.js#L573 that can result in Arbitrary javascript code execution. This attack appear to be exploitable via Attacker gains full javascript access to pages with Pym.js embeds when user visits an attacker crafted page.. This vulnerability appears to have been fixed in versions 1.3.2 and later. | |||||
| CVE-2019-15828 | 1 Tribulant | 1 One Click Ssl | 2019-09-05 | 6.8 MEDIUM | 8.8 HIGH |
| The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. | |||||
| CVE-2019-15769 | 1 Haktansuren | 1 Handl Utm Grabber | 2019-09-05 | 6.8 MEDIUM | 8.8 HIGH |
| The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option. | |||||