Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-05 | CVE-2021-24166 | Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection. | 5.4 |
| 2021-04-05 | CVE-2021-24162 | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Responsive Menu In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. | 8.8 |
| 2021-04-05 | CVE-2021-24161 | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Responsive Menu In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. | 8.8 |
| 2021-04-05 | CVE-2021-24159 | Cross-Site Request Forgery (CSRF) vulnerability in Rocklobster Contact Form 7 Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. | 8.8 |
| 2021-04-02 | CVE-2021-29660 | Cross-Site Request Forgery (CSRF) vulnerability in Softing OPC Toolbox 4.10.1.13035 A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker. | 8.8 |
| 2021-04-02 | CVE-2021-22202 | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all previous versions. | 4.3 |
| 2021-04-01 | CVE-2021-25924 | Cross-Site Request Forgery (CSRF) vulnerability in Thoughtworks Gocd In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. | 8.8 |
| 2021-04-01 | CVE-2021-26071 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian products The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability. | 3.5 |
| 2021-03-31 | CVE-2021-29349 | Cross-Site Request Forgery (CSRF) vulnerability in Mahara 20.10 Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. | 6.5 |
| 2021-03-30 | CVE-2021-21638 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Team Foundation Server A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |