Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-11 | CVE-2022-25600 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). | 8.8 |
| 2022-03-07 | CVE-2021-25098 | Cross-Site Request Forgery (CSRF) vulnerability in Fatcatapps Easy Pricing Tables The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash | 6.5 |
| 2022-03-07 | CVE-2022-0445 | Cross-Site Request Forgery (CSRF) vulnerability in Devowl Wordpress Real Cookie Banner The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack | 6.5 |
| 2022-03-04 | CVE-2020-18326 | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.2.1 Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. | 8.8 |
| 2022-03-04 | CVE-2021-44321 | Cross-Site Request Forgery (CSRF) vulnerability in Mini-Inventory-And-Sales-Management-System Project Mini-Inventory-And-Sales-Management-System 1.0 Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. | 5.0 |
| 2022-03-03 | CVE-2022-23052 | Cross-Site Request Forgery (CSRF) vulnerability in Petereport Project Petereport 0.5 PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application. | 6.5 |
| 2022-02-28 | CVE-2021-24688 | Cross-Site Request Forgery (CSRF) vulnerability in Orange-Form Project Orange-Form The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure that the post belong to them (or that they are allowed to perform such action on it) | 4.3 |
| 2022-02-28 | CVE-2021-25011 | Cross-Site Request Forgery (CSRF) vulnerability in Wpgooglemap WP Google MAP The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings. | 5.7 |
| 2022-02-25 | CVE-2022-24342 | Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. | 8.8 |
| 2022-02-25 | CVE-2022-24947 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Jspwiki Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. | 8.8 |