Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-21006 | 1 Bbpress Move Topics Project | 1 Bbpress Move Topics | 2019-08-28 | 6.8 MEDIUM | 8.8 HIGH |
| The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF. | |||||
| CVE-2019-15645 | 1 Zoho | 1 Salesiq | 2019-08-28 | 6.8 MEDIUM | 8.8 HIGH |
| The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. | |||||
| CVE-2019-14526 | 1 Netgear | 2 Mr1100, Mr1100 Firmware | 2019-08-27 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This entirely bypasses the intended security benefits of the use of a CSRF-protection token. | |||||
| CVE-2019-15491 | 1 It-novum | 1 Openitcockpit | 2019-08-26 | 6.8 MEDIUM | 8.8 HIGH |
| openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. | |||||
| CVE-2016-10918 | 1 Supsystic | 1 Photo Gallery | 2019-08-26 | 6.8 MEDIUM | 8.8 HIGH |
| The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. | |||||
| CVE-2019-15229 | 1 Thedaylightstudio | 1 Fuel Cms | 2019-08-26 | 6.8 MEDIUM | 8.8 HIGH |
| FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page. | |||||
| CVE-2019-15329 | 1 Codection | 1 Import Users From Csv With Meta | 2019-08-23 | 6.8 MEDIUM | 8.8 HIGH |
| The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF. | |||||
| CVE-2019-14216 | 1 Wp Svg Icons Project | 1 Wp Svg Icons | 2019-08-23 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file. | |||||
| CVE-2016-10903 | 1 Godaddy | 1 Godaddy Email Marketing | 2019-08-23 | 6.8 MEDIUM | 8.8 HIGH |
| The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF. | |||||
| CVE-2017-18521 | 1 Wp-kama | 1 Democracy Poll | 2019-08-23 | 6.8 MEDIUM | 8.8 HIGH |
| The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n. | |||||
| CVE-2016-10902 | 1 Gowebsolutions | 1 Wp Customer Reviews | 2019-08-22 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools. | |||||
| CVE-2017-18569 | 1 Mythemeshop | 1 My Wp Translate | 2019-08-22 | 6.8 MEDIUM | 8.8 HIGH |
| The my-wp-translate plugin before 1.0.4 for WordPress has CSRF. | |||||
| CVE-2016-10914 | 1 Add From Server Project | 1 Add From Server | 2019-08-22 | 6.8 MEDIUM | 8.8 HIGH |
| The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file. | |||||
| CVE-2017-18523 | 1 Eelv Newsletter Project | 1 Eelv Newsletter | 2019-08-22 | 6.8 MEDIUM | 8.8 HIGH |
| The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book. | |||||
| CVE-2019-15238 | 1 Cformsii Project | 1 Cformsii | 2019-08-22 | 6.8 MEDIUM | 8.8 HIGH |
| The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field. | |||||
| CVE-2019-14682 | 1 Acf\ | 1 Better Search Project | 2019-08-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF. | |||||
| CVE-2015-9332 | 1 Wordpress Uninstall Project | 1 Wordpress Uninstall | 2019-08-22 | 5.8 MEDIUM | 6.5 MEDIUM |
| The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI. | |||||
| CVE-2015-9322 | 1 Erident Custom Login And Dashboard Project | 1 Erident Custom Login And Dashboard | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF. | |||||
| CVE-2016-10915 | 1 Supsystic | 1 Popup | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. | |||||
| CVE-2011-5328 | 1 User Access Manager Project | 1 User Access Manager | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The user-access-manager plugin before 1.2 for WordPress has CSRF. | |||||