Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-01 | CVE-2021-24799 | Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq FAR Future Expiry Header The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 4.3 |
| 2021-11-01 | CVE-2021-24809 | Cross-Site Request Forgery (CSRF) vulnerability in Wordplus Better Messages The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread. | 8.8 |
| 2021-10-27 | CVE-2021-3900 | Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 6.5 |
| 2021-10-21 | CVE-2021-20120 | Cross-Site Request Forgery (CSRF) vulnerability in Commscope Arris Surfboard Sb8200 Firmware Ab01.02.053.01112320193.0A.Nsh The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. | 8.8 |
| 2021-10-21 | CVE-2021-34743 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. | 7.1 |
| 2021-10-21 | CVE-2021-39126 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Data Center and Jira Server Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. | 6.5 |
| 2021-10-21 | CVE-2021-42097 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products GNU Mailman before 2.1.35 may allow remote Privilege Escalation. | 8.0 |
| 2021-10-20 | CVE-2021-21745 | Cross-Site Request Forgery (CSRF) vulnerability in ZTE Mf971R Firmware ZTE MF971R product has a Referer authentication bypass vulnerability. | 4.3 |
| 2021-10-19 | CVE-2021-3858 | Cross-Site Request Forgery (CSRF) vulnerability in Snipeitapp Snipe-It snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | 8.8 |
| 2021-10-18 | CVE-2021-24752 | Cross-Site Request Forgery (CSRF) vulnerability in Catchplugins products Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement WordPress plugin before 1.5, Generate Child Theme WordPress plugin before 1.6, Essential Content Types WordPress plugin before 1.9, Catch Web Tools WordPress plugin before 2.7, Catch Under Construction WordPress plugin before 1.4, Catch Themes Demo Import WordPress plugin before 1.6, Catch Sticky Menu WordPress plugin before 1.7, Catch Scroll Progress Bar WordPress plugin before 1.6, Social Gallery and Widget WordPress plugin before 2.3, Catch Infinite Scroll WordPress plugin before 1.9, Catch Import Export WordPress plugin before 1.9, Catch Gallery WordPress plugin before 1.7, Catch Duplicate Switcher WordPress plugin before 1.6, Catch Breadcrumb WordPress plugin before 1.7, Catch IDs WordPress plugin before 2.4's configurations. | 5.7 |