Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-03 | CVE-2021-36542 | Cross-Site Request Forgery (CSRF) vulnerability in Seeddms Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocument.php in SeedDMS v5.1.x<5.1.23 and v6.0.x <6.0.16 allows a remote attacker to lock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. | 4.3 |
| 2021-08-03 | CVE-2021-36543 | Cross-Site Request Forgery (CSRF) vulnerability in Seeddms Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x <5.1.23 and v6.0.x <6.0.16 allows a remote attacker to unlock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. | 4.3 |
| 2021-08-02 | CVE-2021-34628 | Cross-Site Request Forgery (CSRF) vulnerability in Weblizar Admin Custom Login The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7. | 8.8 |
| 2021-08-02 | CVE-2021-34632 | Cross-Site Request Forgery (CSRF) vulnerability in SEO Backlinks Project SEO Backlinks 4.0.1 The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1. | 8.8 |
| 2021-08-02 | CVE-2021-34637 | Cross-Site Request Forgery (CSRF) vulnerability in Post Index Project Post Index 0.7.5 The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the ~/php/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.5. | 8.8 |
| 2021-08-02 | CVE-2021-29757 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Qradar User Behavior Analytics 4.1.1 IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2021-07-30 | CVE-2020-18157 | Cross-Site Request Forgery (CSRF) vulnerability in Metinfo 6.1.3 Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php. | 8.8 |
| 2021-07-30 | CVE-2020-22761 | Cross-Site Request Forgery (CSRF) vulnerability in Flatpress 1.1 Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php. | 8.8 |
| 2021-07-30 | CVE-2021-20783 | Cross-Site Request Forgery (CSRF) vulnerability in Softbank Optical BB Unit E-Wmta Firmware 2.3 Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacker to hijack the authentication of administrators via a specially crafted page. | 8.8 |
| 2021-07-30 | CVE-2021-20786 | Cross-Site Request Forgery (CSRF) vulnerability in Groupsession products Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to hijack the authentication of administrators via a specially crafted URL. | 4.3 |