Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-10 | CVE-2021-37366 | Cross-Site Request Forgery (CSRF) vulnerability in Ctparental Project Ctparental CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. | 8.8 |
| 2021-08-09 | CVE-2021-34661 | Cross-Site Request Forgery (CSRF) vulnerability in Verygoodplugins WP Fusion 3.37.18 The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin, in versions up to and including 3.37.18. | 4.7 |
| 2021-08-09 | CVE-2021-24500 | Cross-Site Request Forgery (CSRF) vulnerability in Amentotech Workreap Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. | 8.1 |
| 2021-08-06 | CVE-2020-21358 | Cross-Site Request Forgery (CSRF) vulnerability in Wagecms Project Wage-Cms 1.5.0 A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attackers to arbitrarily add users. | 6.5 |
| 2021-08-06 | CVE-2020-18694 | Cross-Site Request Forgery (CSRF) vulnerability in Ignitedcms 1.0.0 Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote attackers to obtain sensitive information and gain privilege via the component "/admin/profile/save_profile". | 8.8 |
| 2021-08-06 | CVE-2021-37381 | Cross-Site Request Forgery (CSRF) vulnerability in Southsoft Graduate Management Information System 5.0 Southsoft GMIS 5.0 is vulnerable to CSRF attacks. | 8.8 |
| 2021-08-05 | CVE-2021-34633 | Cross-Site Request Forgery (CSRF) vulnerability in Youtube Feeder Project Youtube Feeder 2.0.1 The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Request Forgery via the printAdminPage function found in the ~/youtube-feeder.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.1. | 8.8 |
| 2021-08-05 | CVE-2021-34634 | Cross-Site Request Forgery (CSRF) vulnerability in Sola-Newsletters Project Sola-Newsletters 4.0.23 The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the sola_nl_wp_head function found in the ~/sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23. | 8.8 |
| 2021-08-05 | CVE-2021-23849 | Cross-Site Request Forgery (CSRF) vulnerability in Bosch products A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). | 8.8 |
| 2021-08-05 | CVE-2021-34631 | Cross-Site Request Forgery (CSRF) vulnerability in Ipdgroup Newsplugin 1.0.18 The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handle_save_style function found in the ~/news-plugin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.18. | 8.8 |