Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2022-06-09 CVE-2022-30898 Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.2
A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password.
network
low complexity
chshcms CWE-352
6.5
6.5
2022-06-09 CVE-2019-25064 Cross-Site Request Forgery (CSRF) vulnerability in Theaccessgroup Corehr Core Portal
A vulnerability was found in CoreHR Core Portal up to 27.0.7.
network
low complexity
theaccessgroup CWE-352
8.8
8.8
2022-06-08 CVE-2022-1577 Cross-Site Request Forgery (CSRF) vulnerability in Deliciousbrains Database Backup
The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack.
network
low complexity
deliciousbrains CWE-352
5.4
5.4
2022-06-08 CVE-2022-1695 Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq WP Simple Adsense Insertion
The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.
network
low complexity
tipsandtricks-hq CWE-352
4.3
4.3
2022-06-07 CVE-2020-36534 Cross-Site Request Forgery (CSRF) vulnerability in Easyiicms
A vulnerability was found in easyii CMS.
network
low complexity
easyiicms CWE-352
6.5
6.5
2022-06-02 CVE-2020-20971 Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 2.0.3
Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.
network
low complexity
pbootcms CWE-352
8.8
8.8
2022-06-02 CVE-2021-36890 Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Social Share Buttons
Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress.
network
low complexity
supsystic CWE-352
4.3
4.3
2022-06-02 CVE-2022-29647 Cross-Site Request Forgery (CSRF) vulnerability in Mingsoft Mcms 5.2.7
An issue was discovered in MCMS 5.2.7.
network
low complexity
mingsoft CWE-352
8.8
8.8
2022-06-02 CVE-2022-29735 Cross-Site Request Forgery (CSRF) vulnerability in Deltacontrols Entelitouch Firmware 3.33.4005/3.40.3706/3.40.3935
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request.
network
low complexity
deltacontrols CWE-352
8.8
8.8
2022-05-31 CVE-2022-22361 Cross-Site Request Forgery (CSRF) vulnerability in IBM products
IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
6.5
6.5