Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-28 | CVE-2021-24688 | Cross-Site Request Forgery (CSRF) vulnerability in Orange-Form Project Orange-Form The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure that the post belong to them (or that they are allowed to perform such action on it) | 4.3 |
| 2022-02-28 | CVE-2021-25011 | Cross-Site Request Forgery (CSRF) vulnerability in Wpgooglemap WP Google MAP The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings. | 5.7 |
| 2022-02-25 | CVE-2022-24342 | Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. | 8.8 |
| 2022-02-25 | CVE-2022-24947 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Jspwiki Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. | 8.8 |
| 2022-02-24 | CVE-2021-4030 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nbg6816 Firmware and Nbg6817 Firmware A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts. | 8.8 |
| 2022-02-24 | CVE-2022-21179 | Cross-Site Request Forgery (CSRF) vulnerability in Ec-Cube E-Mail Newsletter Management Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series) allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted page, and Mail Magazine Templates and/or transmitted history information may be deleted unintendedly. | 4.3 |
| 2022-02-21 | CVE-2022-23983 | Cross-Site Request Forgery (CSRF) vulnerability in Wp-Buy WP Content Copy Protection & NO Right Click Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4). | 8.8 |
| 2022-02-21 | CVE-2022-25599 | Cross-Site Request Forgery (CSRF) vulnerability in Spiffyplugins Spiffy Calendar Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). | 4.3 |
| 2022-02-20 | CVE-2021-45007 | Cross-Site Request Forgery (CSRF) vulnerability in Plesk 18.0.37 Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. | 6.5 |
| 2022-02-16 | CVE-2022-25241 | Cross-Site Request Forgery (CSRF) vulnerability in Filecloud In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery (CSRF). | 8.8 |