Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2019-08-29 CVE-2019-15781 Cross-Site Request Forgery (CSRF) vulnerability in Weblizar Social Likebox & Feed
The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF.
network
low complexity
weblizar CWE-352
8.8
8.8
2019-08-29 CVE-2019-15779 Cross-Site Request Forgery (CSRF) vulnerability in Quadlayers WP Social Feed Gallery
The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete.
network
low complexity
quadlayers CWE-352
8.8
8.8
2019-08-29 CVE-2019-15770 Cross-Site Request Forgery (CSRF) vulnerability in Hallme Woocommerce Address Book
The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks.
network
low complexity
hallme CWE-352
8.8
8.8
2019-08-29 CVE-2019-15769 Cross-Site Request Forgery (CSRF) vulnerability in Haktansuren Handl UTM Grabber
The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option.
network
low complexity
haktansuren CWE-352
8.8
8.8
2019-08-28 CVE-2019-10057 Cross-Site Request Forgery (CSRF) vulnerability in Lexmark products
Various Lexmark products have CSRF.
network
low complexity
lexmark CWE-352
6.5
6.5
2019-08-28 CVE-2019-15496 Cross-Site Request Forgery (CSRF) vulnerability in Manageyourteam MYT Project Management 1.5.1
MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack.
network
low complexity
manageyourteam CWE-352
8.8
8.8
2019-08-28 CVE-2019-10384 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.
network
low complexity
jenkins oracle redhat CWE-352
8.8
8.8
2019-08-27 CVE-2019-11457 Cross-Site Request Forgery (CSRF) vulnerability in Micropyramid Django CRM 0.2.1
Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/.
network
low complexity
micropyramid CWE-352
8.8
8.8
2019-08-27 CVE-2019-15660 Cross-Site Request Forgery (CSRF) vulnerability in Butlerblog Wp-Members
The wp-members plugin before 3.2.8 for WordPress has CSRF.
network
low complexity
butlerblog CWE-352
8.8
8.8
2019-08-27 CVE-2019-15645 Cross-Site Request Forgery (CSRF) vulnerability in Zoho Salesiq
The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF.
network
low complexity
zoho CWE-352
8.8
8.8