Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2019-08-08 CVE-2019-14683 Cross-Site Request Forgery (CSRF) vulnerability in Codection Import Users From CSV With Meta
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.
network
low complexity
codection CWE-352
5.7
5.7
2019-08-08 CVE-2019-14682 Cross-Site Request Forgery (CSRF) vulnerability in Acf: Better Search Project Acf: Better Search
The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF.
network
low complexity
acf CWE-352
4.3
4.3
2019-08-08 CVE-2019-14681 Cross-Site Request Forgery (CSRF) vulnerability in Deny ALL Firewall Project Deny ALL Firewall
The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF.
network
low complexity
deny-all-firewall-project CWE-352
8.8
8.8
2019-08-08 CVE-2019-14680 Cross-Site Request Forgery (CSRF) vulnerability in Mijnpress Admin-Renamer-Extended 3.2.1
The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF.
network
low complexity
mijnpress CWE-352
5.7
5.7
2019-08-08 CVE-2019-14679 Cross-Site Request Forgery (CSRF) vulnerability in Reputeinfosystems Arprice Lite 2.2
core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arplite_import_export CSRF.
network
low complexity
reputeinfosystems CWE-352
6.5
6.5
2019-08-08 CVE-2019-1958 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hyperflex HX Data Platform
A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
network
low complexity
cisco CWE-352
8.8
8.8
2019-08-07 CVE-2019-10388 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Relution Enterprise Appstore Publisher 1.0/1.24
A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.
network
low complexity
jenkins CWE-352
4.3
4.3
2019-08-07 CVE-2019-10386 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins XL Testview
A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
8.8
8.8
2019-08-07 CVE-2019-10368 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Jclouds
A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
8.8
8.8
2019-08-07 CVE-2016-10861 Cross-Site Request Forgery (CSRF) vulnerability in Neetcables Airstream NAS Firmware 1.1
Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password.
network
low complexity
neetcables CWE-352
6.5
6.5