Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-12 | CVE-2020-18454 | Cross-Site Request Forgery (CSRF) vulnerability in Bycms Project Bycms 1.3.0 Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html. | 6.8 |
| 2021-08-12 | CVE-2020-18457 | Cross-Site Request Forgery (CSRF) vulnerability in Bycms Project Bycms 1.3.0 Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html. | 6.8 |
| 2021-08-11 | CVE-2020-25562 | Cross-Site Request Forgery (CSRF) vulnerability in Sapphireims 5.0 In SapphireIMS 5.0, there is no CSRF token present in the entire application. | 6.5 |
| 2021-08-11 | CVE-2021-32122 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 8.0 |
| 2021-08-10 | CVE-2021-29400 | Cross-Site Request Forgery (CSRF) vulnerability in Netexplorer MY Smtp Contact 1.1.1 A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site. | 6.5 |
| 2021-08-10 | CVE-2021-37366 | Cross-Site Request Forgery (CSRF) vulnerability in Ctparental Project Ctparental CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. | 8.8 |
| 2021-08-09 | CVE-2021-34661 | Cross-Site Request Forgery (CSRF) vulnerability in Verygoodplugins WP Fusion 3.37.18 The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin, in versions up to and including 3.37.18. | 4.7 |
| 2021-08-09 | CVE-2021-24500 | Cross-Site Request Forgery (CSRF) vulnerability in Amentotech Workreap Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. | 8.1 |
| 2021-08-06 | CVE-2020-21358 | Cross-Site Request Forgery (CSRF) vulnerability in Wagecms Project Wage-Cms 1.5.0 A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attackers to arbitrarily add users. | 6.5 |
| 2021-08-06 | CVE-2020-18694 | Cross-Site Request Forgery (CSRF) vulnerability in Ignitedcms 1.0.0 Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote attackers to obtain sensitive information and gain privilege via the component "/admin/profile/save_profile". | 8.8 |