Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2021-04-08 CVE-2020-23426 Cross-Site Request Forgery (CSRF) vulnerability in Zzcms 201910
zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.
network
low complexity
zzcms CWE-352
critical
 9.8
9.8
2021-04-08 CVE-2021-30114 Cross-Site Request Forgery (CSRF) vulnerability in Web-School Enterprise Resource Planning 5.0
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create.
network
low complexity
web-school CWE-352
6.5
6.5
2021-04-08 CVE-2021-30112 Cross-Site Request Forgery (CSRF) vulnerability in Web-School Enterprise Resource Planning 5.0
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create.
network
low complexity
web-school CWE-352
6.5
6.5
2021-04-07 CVE-2021-21641 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Promoted Builds
A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.
network
low complexity
jenkins CWE-352
4.3
4.3
2021-04-07 CVE-2021-20687 Cross-Site Request Forgery (CSRF) vulnerability in Daifukuya Kagemai 0.8.8
Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
low complexity
daifukuya CWE-352
8.8
8.8
2021-04-07 CVE-2021-30147 Cross-Site Request Forgery (CSRF) vulnerability in Dmasoftlab Radius Manager 4.4.0
DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php.
network
low complexity
dmasoftlab CWE-352
8.8
8.8
2021-04-05 CVE-2021-24173 Cross-Site Request Forgery (CSRF) vulnerability in VM Backups Project VM Backups 1.0
The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue.
network
low complexity
vm-backups-project CWE-352
6.1
6.1
2021-04-05 CVE-2021-24172 Cross-Site Request Forgery (CSRF) vulnerability in VM Backups Project VM Backups 1.0
The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current .
network
low complexity
vm-backups-project CWE-352
4.3
4.3
2021-04-05 CVE-2021-24166 Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection.
network
low complexity
ninjaforms CWE-352
5.4
5.4
2021-04-05 CVE-2021-24162 Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Responsive Menu
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings.
network
low complexity
expresstech CWE-352
8.8
8.8