Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-21 | CVE-2022-0681 | Cross-Site Request Forgery (CSRF) vulnerability in Simple-Membership-Plugin Simple Membership The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack | 6.5 |
| 2022-03-21 | CVE-2022-24235 | Cross-Site Request Forgery (CSRF) vulnerability in Snapt Aria 12.8 A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. | 8.8 |
| 2022-03-19 | CVE-2022-27226 | Cross-Site Request Forgery (CSRF) vulnerability in IRZ products A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. | 8.8 |
| 2022-03-15 | CVE-2022-27198 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Cloudbees AWS Credentials A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. | 8.0 |
| 2022-03-15 | CVE-2022-27204 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Extended Choice Parameter 346.Vd87693C5A86C A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL. | 8.8 |
| 2022-03-15 | CVE-2022-27210 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
| 2022-03-15 | CVE-2022-27214 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Release Helper A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
| 2022-03-14 | CVE-2022-22346 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Spectrum Protect Operations Center IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2022-03-14 | CVE-2022-22348 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Spectrum Protect Operations Center IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. | 2.4 |
| 2022-03-13 | CVE-2021-45886 | Cross-Site Request Forgery (CSRF) vulnerability in Ponton X/P Messenger 3.10.0/3.8.0 An issue was discovered in PONTON X/P Messenger before 3.11.2. | 8.8 |