Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2021-11-23 CVE-2021-24703 Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Plugin
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.
network
low complexity
metagauss CWE-352
5.7
5.7
2021-11-22 CVE-2021-43559 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle fedoraproject CWE-352
8.8
8.8
2021-11-19 CVE-2021-39198 Cross-Site Request Forgery (CSRF) vulnerability in Oroinc Client Relationship Management
OroCRM is an open source Client Relationship Management (CRM) application.
network
low complexity
oroinc CWE-352
5.4
5.4
2021-11-19 CVE-2021-44036 Cross-Site Request Forgery (CSRF) vulnerability in Teampasswordmanager Team Password Manager
Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during import.
network
low complexity
teampasswordmanager CWE-352
8.8
8.8
2021-11-19 CVE-2021-3963 Cross-Site Request Forgery (CSRF) vulnerability in Kimai 2
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
kimai CWE-352
4.3
4.3
2021-11-17 CVE-2021-41273 Cross-Site Request Forgery (CSRF) vulnerability in Pterodactyl Panel
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go.
network
low complexity
pterodactyl CWE-352
4.3
4.3
2021-11-17 CVE-2021-24853 Cross-Site Request Forgery (CSRF) vulnerability in QR Redirector Project QR Redirector
The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects
network
low complexity
qr-redirector-project CWE-352
4.3
4.3
2021-11-16 CVE-2021-25965 Cross-Site Request Forgery (CSRF) vulnerability in Janeczku Calibre-Web
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF).
network
low complexity
janeczku CWE-352
8.8
8.8
2021-11-16 CVE-2021-25976 Cross-Site Request Forgery (CSRF) vulnerability in Dotnetfoundation Piranha CMS
In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known.
network
low complexity
dotnetfoundation CWE-352
8.1
8.1
2021-11-12 CVE-2020-21141 Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.15
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.
network
low complexity
idreamsoft CWE-352
8.8
8.8