Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-28 | CVE-2021-22725 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric products A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. | 8.8 |
| 2022-01-26 | CVE-2021-44122 | Cross-Site Request Forgery (CSRF) vulnerability in Spip 4.0.0 SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. | 8.8 |
| 2022-01-25 | CVE-2022-0335 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. | 8.8 |
| 2022-01-24 | CVE-2021-24968 | Cross-Site Request Forgery (CSRF) vulnerability in Etoilewebdesign Ultimate FAQ The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. | 5.7 |
| 2022-01-24 | CVE-2021-25013 | Cross-Site Request Forgery (CSRF) vulnerability in Themeum Qubely The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts | 6.5 |
| 2022-01-20 | CVE-2021-46028 | Cross-Site Request Forgery (CSRF) vulnerability in Mblog Project Mblog In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. | 4.3 |
| 2022-01-19 | CVE-2021-46027 | Cross-Site Request Forgery (CSRF) vulnerability in Mysiteforme Project Mysiteforme mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. | 6.5 |
| 2022-01-19 | CVE-2021-44777 | Cross-Site Request Forgery (CSRF) vulnerability in Email Tracker Project Email Tracker Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions <= 5.2.6). | 4.3 |
| 2022-01-18 | CVE-2021-43353 | Cross-Site Request Forgery (CSRF) vulnerability in Crisp Live Chat The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisp_plugin_settings_page function found in the ~/crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31. | 8.8 |
| 2022-01-18 | CVE-2022-0154 | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. | 8.0 |