Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-08 | CVE-2021-24806 | Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpdiscuz The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. | 4.3 |
| 2021-11-08 | CVE-2021-24832 | Cross-Site Request Forgery (CSRF) vulnerability in WP SEO Redirect 301 Project WP SEO Redirect 301 The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack | 4.3 |
| 2021-11-04 | CVE-2020-21139 | Cross-Site Request Forgery (CSRF) vulnerability in EC Cloud E-Commerce System Project EC Cloud E-Commerce System 1.3 EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&act=add. | 6.5 |
| 2021-11-04 | CVE-2021-34773 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. | 6.5 |
| 2021-11-02 | CVE-2020-23686 | Cross-Site Request Forgery (CSRF) vulnerability in Ayacms Project Ayacms 3.1.2 Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts. | 8.8 |
| 2021-11-02 | CVE-2021-29888 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2021-11-01 | CVE-2021-24799 | Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq FAR Future Expiry Header The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 4.3 |
| 2021-11-01 | CVE-2021-24809 | Cross-Site Request Forgery (CSRF) vulnerability in Wordplus Better Messages The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread. | 8.8 |
| 2021-10-27 | CVE-2021-3900 | Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 6.5 |
| 2021-10-21 | CVE-2021-20120 | Cross-Site Request Forgery (CSRF) vulnerability in Commscope Arris Surfboard Sb8200 Firmware Ab01.02.053.01112320193.0A.Nsh The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. | 8.8 |