Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2019-08-20 CVE-2017-18523 Cross-Site Request Forgery (CSRF) vulnerability in Eelv Newsletter Project Eelv Newsletter
The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book.
network
low complexity
eelv-newsletter-project CWE-352
8.8
8.8
2019-08-20 CVE-2019-15238 Cross-Site Request Forgery (CSRF) vulnerability in Cformsii Project Cformsii
The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field.
network
low complexity
cformsii-project CWE-352
8.8
8.8
2019-08-20 CVE-2017-18569 Cross-Site Request Forgery (CSRF) vulnerability in Mythemeshop MY WP Translate
The my-wp-translate plugin before 1.0.4 for WordPress has CSRF.
network
low complexity
mythemeshop CWE-352
8.8
8.8
2019-08-20 CVE-2016-10915 Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Popup
The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.
network
low complexity
supsystic CWE-352
8.8
8.8
2019-08-20 CVE-2016-10914 Cross-Site Request Forgery (CSRF) vulnerability in ADD From Server Project ADD From Server 3.3/3.3.1
The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file.
network
low complexity
add-from-server-project CWE-352
8.8
8.8
2019-08-20 CVE-2015-9332 Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Uninstall Project Wordpress Uninstall 1.0/1.1
The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI.
network
low complexity
wordpress-uninstall-project CWE-352
6.5
6.5
2019-08-20 CVE-2014-10381 Cross-Site Request Forgery (CSRF) vulnerability in User Domain Whitelist Project User Domain Whitelist
The user-domain-whitelist plugin before 1.5 for WordPress has CSRF.
network
low complexity
user-domain-whitelist-project CWE-352
8.8
8.8
2019-08-20 CVE-2011-5328 Cross-Site Request Forgery (CSRF) vulnerability in User Access Manager Project User Access Manager
The user-access-manager plugin before 1.2 for WordPress has CSRF.
network
low complexity
user-access-manager-project CWE-352
8.8
8.8
2019-08-20 CVE-2019-15229 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console.
network
low complexity
thedaylightstudio CWE-352
8.8
8.8
2019-08-19 CVE-2019-15150 Cross-Site Request Forgery (CSRF) vulnerability in Schine.Games Mw-Oauth2Client 0.2/0.3
In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function.
network
low complexity
schine-games CWE-352
8.8
8.8