Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2019-08-13 CVE-2018-20964 Cross-Site Request Forgery (CSRF) vulnerability in Codepeople Contact Form Email
The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.
network
low complexity
codepeople CWE-352
8.8
8.8
2019-08-12 CVE-2017-18504 Cross-Site Request Forgery (CSRF) vulnerability in Wpdeveloper Twitter Cards Meta
The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF.
network
low complexity
wpdeveloper CWE-352
8.8
8.8
2019-08-12 CVE-2016-10876 Cross-Site Request Forgery (CSRF) vulnerability in Wpseeds WP Database Backup
The wp-database-backup plugin before 4.3.1 for WordPress has CSRF.
network
low complexity
wpseeds CWE-352
8.8
8.8
2019-08-12 CVE-2016-10874 Cross-Site Request Forgery (CSRF) vulnerability in Wpseeds WP Database Backup
The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.
network
low complexity
wpseeds CWE-352
8.8
8.8
2019-08-11 CVE-2019-14933 Cross-Site Request Forgery (CSRF) vulnerability in Webkul Bagisto 0.1.5
Bagisto 0.1.5 allows CSRF under /admin URIs.
network
low complexity
webkul CWE-352
8.8
8.8
2019-08-09 CVE-2016-10865 Cross-Site Request Forgery (CSRF) vulnerability in 23Systems Lightbox Plus Colorbox 2.7.2
The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS.
network
low complexity
23systems CWE-352
6.1
6.1
2019-08-08 CVE-2017-18485 Cross-Site Request Forgery (CSRF) vulnerability in Elementalpath Cognitoys Dino Firmware
Cognitoys Dino devices allow profiles_add.html CSRF.
network
low complexity
elementalpath CWE-352
5.4
5.4
2019-08-08 CVE-2016-10863 Cross-Site Request Forgery (CSRF) vulnerability in Edimax 7237Rpd Firmware and Ew-7438Rpn Mini Firmware
Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure.
network
low complexity
edimax CWE-352
8.8
8.8
2019-08-08 CVE-2016-10862 Cross-Site Request Forgery (CSRF) vulnerability in Neetcables Airstream NAS Firmware 1.1
Neet AirStream NAS1.1 devices have a password of ifconfig for the root account.
network
low complexity
neetcables CWE-352
8.8
8.8
2019-08-08 CVE-2015-9292 Cross-Site Request Forgery (CSRF) vulnerability in 6Kbbs 7.1/8.0
6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter).
network
low complexity
6kbbs CWE-352
8.8
8.8