Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-26 | CVE-2019-16667 | Cross-Site Request Forgery (CSRF) vulnerability in Netgate Pfsense 2.4.4 diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. | 8.8 |
| 2019-09-26 | CVE-2015-9447 | Cross-Site Request Forgery (CSRF) vulnerability in Unitegallery Unite Gallery Lite The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters. | 6.5 |
| 2019-09-26 | CVE-2015-9445 | Cross-Site Request Forgery (CSRF) vulnerability in Unitegallery Unite Gallery Lite The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. | 8.8 |
| 2019-09-26 | CVE-2015-9443 | Cross-Site Request Forgery (CSRF) vulnerability in WP Accurate Form Data Project WP Accurate Form Data 1.2 The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP. | 6.5 |
| 2019-09-26 | CVE-2015-9442 | Cross-Site Request Forgery (CSRF) vulnerability in Avenirsoft Directdownload 1.0 The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin. | 6.5 |
| 2019-09-26 | CVE-2015-9441 | Cross-Site Request Forgery (CSRF) vulnerability in Bookmarkify Project Bookmarkify 2.9.2 The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php. | 6.5 |
| 2019-09-26 | CVE-2015-9440 | Cross-Site Request Forgery (CSRF) vulnerability in Monetize Project Monetize 1.03 The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new. | 6.5 |
| 2019-09-26 | CVE-2015-9437 | Cross-Site Request Forgery (CSRF) vulnerability in Vivwebsolutions Dynamic Widgets The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter. | 6.5 |
| 2019-09-26 | CVE-2015-9434 | Cross-Site Request Forgery (CSRF) vulnerability in Kiwi-Logo-Carousel Project Kiwi-Logo-Carousel The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter. | 6.5 |
| 2019-09-26 | CVE-2015-9433 | Cross-Site Request Forgery (CSRF) vulnerability in WP Social Bookmarking Light Project WP Social Bookmarking Light The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. | 6.5 |