Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-09 | CVE-2021-24500 | Cross-Site Request Forgery (CSRF) vulnerability in Amentotech Workreap Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. | 8.1 |
| 2021-08-06 | CVE-2020-21358 | Cross-Site Request Forgery (CSRF) vulnerability in Wagecms Project Wage-Cms 1.5.0 A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attackers to arbitrarily add users. | 6.5 |
| 2021-08-06 | CVE-2020-18694 | Cross-Site Request Forgery (CSRF) vulnerability in Ignitedcms 1.0.0 Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote attackers to obtain sensitive information and gain privilege via the component "/admin/profile/save_profile". | 8.8 |
| 2021-08-06 | CVE-2021-37381 | Cross-Site Request Forgery (CSRF) vulnerability in Southsoft Graduate Management Information System 5.0 Southsoft GMIS 5.0 is vulnerable to CSRF attacks. | 8.8 |
| 2021-08-05 | CVE-2021-34633 | Cross-Site Request Forgery (CSRF) vulnerability in Youtube Feeder Project Youtube Feeder 2.0.1 The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Request Forgery via the printAdminPage function found in the ~/youtube-feeder.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.1. | 8.8 |
| 2021-08-05 | CVE-2021-34634 | Cross-Site Request Forgery (CSRF) vulnerability in Sola-Newsletters Project Sola-Newsletters 4.0.23 The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the sola_nl_wp_head function found in the ~/sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23. | 8.8 |
| 2021-08-05 | CVE-2021-23849 | Cross-Site Request Forgery (CSRF) vulnerability in Bosch products A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). | 8.8 |
| 2021-08-05 | CVE-2021-34631 | Cross-Site Request Forgery (CSRF) vulnerability in Ipdgroup Newsplugin 1.0.18 The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handle_save_style function found in the ~/news-plugin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.18. | 8.8 |
| 2021-08-04 | CVE-2021-33338 | Cross-Site Request Forgery (CSRF) vulnerability in Liferay DXP and Liferay Portal The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, exposes the CSRF token in URLs, which allows man-in-the-middle attackers to obtain the token and conduct Cross-Site Request Forgery (CSRF) attacks via the p_auth parameter. | 7.5 |
| 2021-08-03 | CVE-2021-35343 | Cross-Site Request Forgery (CSRF) vulnerability in Seeddms Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. | 4.3 |