Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-24 | CVE-2021-25013 | Cross-Site Request Forgery (CSRF) vulnerability in Themeum Qubely The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts | 6.5 |
| 2022-01-20 | CVE-2021-46028 | Cross-Site Request Forgery (CSRF) vulnerability in Mblog Project Mblog In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. | 4.3 |
| 2022-01-19 | CVE-2021-46027 | Cross-Site Request Forgery (CSRF) vulnerability in Mysiteforme Project Mysiteforme mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. | 6.5 |
| 2022-01-19 | CVE-2021-44777 | Cross-Site Request Forgery (CSRF) vulnerability in Email Tracker Project Email Tracker Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions <= 5.2.6). | 4.3 |
| 2022-01-18 | CVE-2021-43353 | Cross-Site Request Forgery (CSRF) vulnerability in Crisp Live Chat The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisp_plugin_settings_page function found in the ~/crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31. | 8.8 |
| 2022-01-18 | CVE-2022-0154 | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. | 8.0 |
| 2022-01-18 | CVE-2022-0215 | Cross-Site Request Forgery (CSRF) vulnerability in Xootix products The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it possible for attackers to update arbitrary options on a site that can be used to create an administrative user account and grant full privileged access to a compromised site. | 8.8 |
| 2022-01-17 | CVE-2022-0180 | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Quiz and Survey Master Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page. | 8.8 |
| 2022-01-12 | CVE-2021-41597 | Cross-Site Request Forgery (CSRF) vulnerability in Salesagility Suitecrm SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive. | 8.8 |
| 2022-01-12 | CVE-2022-20612 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set. | 4.3 |