Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-15 | CVE-2021-45017 | Cross-Site Request Forgery (CSRF) vulnerability in Catfish-Cms Catfish CMS Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1.* when you upload an html file containing CSRF on the website that uses a google editor; you can specify the menu url address as your malicious url address in the Add Menu column. | 8.8 |
| 2021-12-14 | CVE-2021-44942 | Cross-Site Request Forgery (CSRF) vulnerability in Glfusion 1.7.9 glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. | 4.3 |
| 2021-12-13 | CVE-2021-24780 | Cross-Site Request Forgery (CSRF) vulnerability in Single Post Exporter Project Single Post Exporter 1.1.1 The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. | 4.3 |
| 2021-12-13 | CVE-2021-24945 | Cross-Site Request Forgery (CSRF) vulnerability in Likebtn Like Button Rating The Like Button Rating ? LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog. | 8.0 |
| 2021-12-09 | CVE-2020-19682 | Cross-Site Request Forgery (CSRF) vulnerability in Zzzcms 1.7.1 A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php. | 8.8 |
| 2021-12-06 | CVE-2021-31631 | Cross-Site Request Forgery (CSRF) vulnerability in B2Evolution CMS 7.2.3 b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. | 8.8 |
| 2021-12-06 | CVE-2021-35242 | Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds Serv-U Serv-U server responds with valid CSRFToken when the request contains only Session. | 8.8 |
| 2021-12-06 | CVE-2021-24914 | Cross-Site Request Forgery (CSRF) vulnerability in Tawk Tawk.To Live Chat The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. | 8.0 |
| 2021-12-03 | CVE-2021-29756 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2021-12-02 | CVE-2021-44227 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. | 8.8 |