Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-22 | CVE-2021-43156 | Cross-Site Request Forgery (CSRF) vulnerability in Projectworlds Online Book Store Project in PHP 1.0 In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book. | 6.5 |
| 2021-12-22 | CVE-2021-43158 | Cross-Site Request Forgery (CSRF) vulnerability in Projectworlds Online Shopping System in PHP 1.0 In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart. | 4.3 |
| 2021-12-20 | CVE-2021-36887 | Cross-Site Request Forgery (CSRF) vulnerability in Tarteaucitron.Js - Cookies Legislation & Gdpr Project Tarteaucitron.Js - Cookies Legislation & Gdpr Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass". | 8.8 |
| 2021-12-16 | CVE-2021-26800 | Cross-Site Request Forgery (CSRF) vulnerability in User Management System in PHP Stored Procedure Project User Management System in PHP Stored Procedure 1.0 Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows attackers to change the password to an arbitrary account. | 6.5 |
| 2021-12-15 | CVE-2021-45017 | Cross-Site Request Forgery (CSRF) vulnerability in Catfish-Cms Catfish CMS Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1.* when you upload an html file containing CSRF on the website that uses a google editor; you can specify the menu url address as your malicious url address in the Add Menu column. | 8.8 |
| 2021-12-14 | CVE-2021-44942 | Cross-Site Request Forgery (CSRF) vulnerability in Glfusion 1.7.9 glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. | 4.3 |
| 2021-12-13 | CVE-2021-24780 | Cross-Site Request Forgery (CSRF) vulnerability in Single Post Exporter Project Single Post Exporter 1.1.1 The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. | 4.3 |
| 2021-12-13 | CVE-2021-24945 | Cross-Site Request Forgery (CSRF) vulnerability in Likebtn Like Button Rating The Like Button Rating ? LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog. | 8.0 |
| 2021-12-09 | CVE-2020-19682 | Cross-Site Request Forgery (CSRF) vulnerability in Zzzcms 1.7.1 A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php. | 8.8 |
| 2021-12-06 | CVE-2021-31631 | Cross-Site Request Forgery (CSRF) vulnerability in B2Evolution CMS 7.2.3 b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. | 8.8 |