Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-21 | CVE-2022-34367 | Cross-Site Request Forgery (CSRF) vulnerability in Dell EMC Data Protection Central Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5, 19.6, contain(s) a Cross-Site Request Forgery Vulnerability. | 8.8 |
| 2022-07-19 | CVE-2022-22359 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2022-07-18 | CVE-2021-38868 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Engineering Requirements Quality Assistant On-Premises IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2022-07-18 | CVE-2022-1912 | Cross-Site Request Forgery (CSRF) vulnerability in Smartsoft Button Widget Smartsoft 1.0.1 The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. | 8.8 |
| 2022-07-18 | CVE-2022-2001 | Cross-Site Request Forgery (CSRF) vulnerability in Devrix DX Share Selection 1.2/1.3/1.4 The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. | 8.8 |
| 2022-07-18 | CVE-2022-2223 | Cross-Site Request Forgery (CSRF) vulnerability in Ghozylab Image Slider The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewic_duplicate_slider. | 4.3 |
| 2022-07-18 | CVE-2022-2435 | Cross-Site Request Forgery (CSRF) vulnerability in Anymind Widget The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. | 8.8 |
| 2022-07-17 | CVE-2022-32320 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A Cross-Site Request Forgery (CSRF) in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file. | 8.8 |
| 2022-07-17 | CVE-2022-2146 | Cross-Site Request Forgery (CSRF) vulnerability in Import CSV Files Project Import CSV Files The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting | 6.1 |
| 2022-07-11 | CVE-2022-1599 | Cross-Site Request Forgery (CSRF) vulnerability in Admin Management Xtended Project Admin Management Xtended The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. | 6.5 |