Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-14 | CVE-2021-20781 | Cross-Site Request Forgery (CSRF) vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2021-07-14 | CVE-2021-20782 | Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq Software License Manager Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2021-07-12 | CVE-2020-4938 | Cross-Site Request Forgery (CSRF) vulnerability in IBM MQ Appliance IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2021-07-08 | CVE-2020-20586 | Cross-Site Request Forgery (CSRF) vulnerability in Xyhcms 3.6 A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password. | 4.5 |
| 2021-07-07 | CVE-2021-34620 | Cross-Site Request Forgery (CSRF) vulnerability in Fluentforms Contact Form The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions | 8.8 |
| 2021-07-07 | CVE-2021-22224 | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim | 6.5 |
| 2021-07-07 | CVE-2021-20779 | Cross-Site Request Forgery (CSRF) vulnerability in Codemiq Wordpress Email Template Designer Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2021-07-07 | CVE-2021-20780 | Cross-Site Request Forgery (CSRF) vulnerability in Wp-Currency Wordpress Currency Switcher Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2021-07-01 | CVE-2021-32730 | Cross-Site Request Forgery (CSRF) vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 5.7 |
| 2021-06-30 | CVE-2021-21675 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Requests A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. | 6.5 |