Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-14 | CVE-2022-30931 | Cross-Site Request Forgery (CSRF) vulnerability in Employee Leaves Management System Project Employee Leaves Management System 2.1 Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF) via /myprofile.php. | 6.5 |
| 2022-06-13 | CVE-2022-1749 | Cross-Site Request Forgery (CSRF) vulnerability in Wpmk Ajax Finder Project Wpmk Ajax Finder 1.0.1 The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. | 8.8 |
| 2022-06-13 | CVE-2022-1969 | Cross-Site Request Forgery (CSRF) vulnerability in Script Mobile Browser Color Select 1.0.1 The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. | 8.8 |
| 2022-06-13 | CVE-2022-1763 | Cross-Site Request Forgery (CSRF) vulnerability in Static Page Extended Project Static Page Extended 2.1 Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. | 5.4 |
| 2022-06-13 | CVE-2022-1793 | Cross-Site Request Forgery (CSRF) vulnerability in Private Files Project Private Files 0.40 The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public | 4.3 |
| 2022-06-13 | CVE-2022-1900 | Cross-Site Request Forgery (CSRF) vulnerability in Copify The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. | 8.8 |
| 2022-06-13 | CVE-2022-1918 | Cross-Site Request Forgery (CSRF) vulnerability in Toolbar to Share Project Toolbar to Share 2.0 The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. | 8.8 |
| 2022-06-13 | CVE-2017-20045 | Cross-Site Request Forgery (CSRF) vulnerability in Vendavo Pricepoint 4.6.0.0 A vulnerability was found in Navetti PricePoint 4.6.0.0. | 8.8 |
| 2022-06-13 | CVE-2022-27174 | Cross-Site Request Forgery (CSRF) vulnerability in Easy Blog Project Easy Blog Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page. | 4.3 |
| 2022-06-10 | CVE-2022-22479 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Spectrum Copy Data Management IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |