Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-24 | CVE-2021-20842 | Cross-Site Request Forgery (CSRF) vulnerability in Ec-Cube Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page. | 4.3 |
| 2021-11-24 | CVE-2021-20845 | Cross-Site Request Forgery (CSRF) vulnerability in Xml-Sitemaps Unlimited Sitemap Generator Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions prior to v8.2 allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operation via a specially crafted web page. | 6.8 |
| 2021-11-24 | CVE-2021-20846 | Cross-Site Request Forgery (CSRF) vulnerability in Delitestudio Push Notifications for Wordpress Lite Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page. | 6.8 |
| 2021-11-23 | CVE-2021-24641 | Cross-Site Request Forgery (CSRF) vulnerability in Imagestowebp Project Images to Webp The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion | 5.8 |
| 2021-11-23 | CVE-2021-24668 | Cross-Site Request Forgery (CSRF) vulnerability in Feataholic MAZ Loader The MAZ Loader WordPress plugin through 1.3.4 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack | 4.3 |
| 2021-11-22 | CVE-2021-43559 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. | 6.8 |
| 2021-11-20 | CVE-2021-34358 | Cross-Site Request Forgery (CSRF) vulnerability in Qnap Qmailagent We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later | 6.8 |
| 2021-11-19 | CVE-2021-39198 | Cross-Site Request Forgery (CSRF) vulnerability in Oroinc Client Relationship Management OroCRM is an open source Client Relationship Management (CRM) application. | 5.8 |
| 2021-11-19 | CVE-2021-44036 | Cross-Site Request Forgery (CSRF) vulnerability in Teampasswordmanager Team Password Manager Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during import. | 6.8 |
| 2021-11-19 | CVE-2021-39353 | Cross-Site Request Forgery (CSRF) vulnerability in Easyregistrationforms Easy Registration Forms The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1. | 6.8 |