Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-16 | CVE-2022-31294 | Cross-Site Request Forgery (CSRF) vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0 An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts. | 6.5 |
| 2022-06-16 | CVE-2017-20053 | Cross-Site Request Forgery (CSRF) vulnerability in Xyzscripts Contact Form Manager A vulnerability was found in XYZScripts Contact Form Manager Plugin. | 4.3 |
| 2022-06-14 | CVE-2022-30930 | Cross-Site Request Forgery (CSRF) vulnerability in PHPgurukul Tourism Management System 3.2 Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF). | 4.3 |
| 2022-06-14 | CVE-2022-30931 | Cross-Site Request Forgery (CSRF) vulnerability in Employee Leaves Management System Project Employee Leaves Management System 2.1 Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF) via /myprofile.php. | 6.5 |
| 2022-06-13 | CVE-2022-1749 | Cross-Site Request Forgery (CSRF) vulnerability in Wpmk Ajax Finder Project Wpmk Ajax Finder 1.0.1 The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. | 8.8 |
| 2022-06-13 | CVE-2022-1969 | Cross-Site Request Forgery (CSRF) vulnerability in Script Mobile Browser Color Select 1.0.1 The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. | 8.8 |
| 2022-06-13 | CVE-2022-1763 | Cross-Site Request Forgery (CSRF) vulnerability in Static Page Extended Project Static Page Extended 2.1 Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. | 5.4 |
| 2022-06-13 | CVE-2022-1793 | Cross-Site Request Forgery (CSRF) vulnerability in Private Files Project Private Files 0.40 The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public | 4.3 |
| 2022-06-13 | CVE-2022-1900 | Cross-Site Request Forgery (CSRF) vulnerability in Copify The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. | 8.8 |
| 2022-06-13 | CVE-2022-1918 | Cross-Site Request Forgery (CSRF) vulnerability in Toolbar to Share Project Toolbar to Share 2.0 The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. | 8.8 |