Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2019-09-26 CVE-2015-9432 Cross-Site Request Forgery (CSRF) vulnerability in Thealpinepress Alpine-Photo-Tile-For-Instagram
The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter.
network
low complexity
thealpinepress CWE-352
6.5
6.5
2019-09-26 CVE-2015-9431 Cross-Site Request Forgery (CSRF) vulnerability in Qtranslate X Project Qtranslate X
The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter.
network
low complexity
qtranslate-x-project CWE-352
6.5
6.5
2019-09-26 CVE-2015-9429 Cross-Site Request Forgery (CSRF) vulnerability in Yithemes Yith Maintenance Mode
The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter.
network
low complexity
yithemes CWE-352
6.5
6.5
2019-09-26 CVE-2015-9428 Cross-Site Request Forgery (CSRF) vulnerability in Wplegalpages WP Legal Pages 1.0.0
The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters.
network
low complexity
wplegalpages CWE-352
6.5
6.5
2019-09-26 CVE-2015-9427 Cross-Site Request Forgery (CSRF) vulnerability in Googmonify Project Googmonify 0.5.1
The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter.
network
low complexity
googmonify-project CWE-352
6.5
6.5
2019-09-26 CVE-2015-9425 Cross-Site Request Forgery (CSRF) vulnerability in Byonepress Social Locker
The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter.
network
low complexity
byonepress CWE-352
5.4
5.4
2019-09-26 CVE-2015-9424 Cross-Site Request Forgery (CSRF) vulnerability in Doc4Design Multicons
The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter.
network
low complexity
doc4design CWE-352
6.5
6.5
2019-09-26 CVE-2015-9422 Cross-Site Request Forgery (CSRF) vulnerability in Simplysymphony Plugnedit 1.0/1.1/1.2
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters.
network
low complexity
simplysymphony CWE-352
6.5
6.5
2019-09-26 CVE-2015-9421 Cross-Site Request Forgery (CSRF) vulnerability in Olevmedia Shortcodes
The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter.
network
low complexity
olevmedia CWE-352
6.5
6.5
2019-09-26 CVE-2015-9418 Cross-Site Request Forgery (CSRF) vulnerability in Kibokolabs Watupro
The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes.
network
low complexity
kibokolabs CWE-352
4.3
4.3