Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2021-11-24 CVE-2021-20842 Cross-Site Request Forgery (CSRF) vulnerability in Ec-Cube
Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page.
network
ec-cube CWE-352
4.3
2021-11-24 CVE-2021-20845 Cross-Site Request Forgery (CSRF) vulnerability in Xml-Sitemaps Unlimited Sitemap Generator
Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions prior to v8.2 allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operation via a specially crafted web page.
6.8
2021-11-24 CVE-2021-20846 Cross-Site Request Forgery (CSRF) vulnerability in Delitestudio Push Notifications for Wordpress Lite
Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page.
6.8
2021-11-23 CVE-2021-24641 Cross-Site Request Forgery (CSRF) vulnerability in Imagestowebp Project Images to Webp
The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion
5.8
2021-11-23 CVE-2021-24668 Cross-Site Request Forgery (CSRF) vulnerability in Feataholic MAZ Loader
The MAZ Loader WordPress plugin through 1.3.4 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack
4.3
2021-11-22 CVE-2021-43559 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
6.8
2021-11-20 CVE-2021-34358 Cross-Site Request Forgery (CSRF) vulnerability in Qnap Qmailagent
We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later
network
qnap CWE-352
6.8
2021-11-19 CVE-2021-39198 Cross-Site Request Forgery (CSRF) vulnerability in Oroinc Client Relationship Management
OroCRM is an open source Client Relationship Management (CRM) application.
network
oroinc CWE-352
5.8
2021-11-19 CVE-2021-44036 Cross-Site Request Forgery (CSRF) vulnerability in Teampasswordmanager Team Password Manager
Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during import.
6.8
2021-11-19 CVE-2021-39353 Cross-Site Request Forgery (CSRF) vulnerability in Easyregistrationforms Easy Registration Forms
The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1.
6.8