Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-07 | CVE-2021-21641 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Promoted Builds A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds. | 4.3 |
| 2021-04-07 | CVE-2021-20687 | Cross-Site Request Forgery (CSRF) vulnerability in Daifukuya Kagemai 0.8.8 Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2021-04-07 | CVE-2021-30147 | Cross-Site Request Forgery (CSRF) vulnerability in Dmasoftlab Radius Manager 4.4.0 DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php. | 8.8 |
| 2021-04-05 | CVE-2021-24173 | Cross-Site Request Forgery (CSRF) vulnerability in VM Backups Project VM Backups 1.0 The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue. | 6.1 |
| 2021-04-05 | CVE-2021-24172 | Cross-Site Request Forgery (CSRF) vulnerability in VM Backups Project VM Backups 1.0 The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current . | 4.3 |
| 2021-04-05 | CVE-2021-24166 | Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection. | 5.4 |
| 2021-04-05 | CVE-2021-24162 | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Responsive Menu In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. | 8.8 |
| 2021-04-05 | CVE-2021-24161 | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Responsive Menu In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. | 8.8 |
| 2021-04-05 | CVE-2021-24159 | Cross-Site Request Forgery (CSRF) vulnerability in Rocklobster Contact Form 7 Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. | 8.8 |
| 2021-04-02 | CVE-2021-29660 | Cross-Site Request Forgery (CSRF) vulnerability in Softing OPC Toolbox 4.10.1.13035 A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker. | 8.8 |