Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2019-08-11 CVE-2019-14933 Cross-Site Request Forgery (CSRF) vulnerability in Webkul Bagisto 0.1.5
Bagisto 0.1.5 allows CSRF under /admin URIs.
network
low complexity
webkul CWE-352
8.8
8.8
2019-08-09 CVE-2016-10865 Cross-Site Request Forgery (CSRF) vulnerability in 23Systems Lightbox Plus Colorbox 2.7.2
The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS.
network
low complexity
23systems CWE-352
6.1
6.1
2019-08-08 CVE-2017-18485 Cross-Site Request Forgery (CSRF) vulnerability in Elementalpath Cognitoys Dino Firmware
Cognitoys Dino devices allow profiles_add.html CSRF.
network
low complexity
elementalpath CWE-352
5.4
5.4
2019-08-08 CVE-2016-10863 Cross-Site Request Forgery (CSRF) vulnerability in Edimax 7237Rpd Firmware and Ew-7438Rpn Mini Firmware
Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure.
network
low complexity
edimax CWE-352
8.8
8.8
2019-08-08 CVE-2016-10862 Cross-Site Request Forgery (CSRF) vulnerability in Neetcables Airstream NAS Firmware 1.1
Neet AirStream NAS1.1 devices have a password of ifconfig for the root account.
network
low complexity
neetcables CWE-352
8.8
8.8
2019-08-08 CVE-2015-9292 Cross-Site Request Forgery (CSRF) vulnerability in 6Kbbs 7.1/8.0
6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter).
network
low complexity
6kbbs CWE-352
8.8
8.8
2019-08-08 CVE-2019-14683 Cross-Site Request Forgery (CSRF) vulnerability in Codection Import Users From CSV With Meta
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.
network
low complexity
codection CWE-352
5.7
5.7
2019-08-08 CVE-2019-14682 Cross-Site Request Forgery (CSRF) vulnerability in Acf: Better Search Project Acf: Better Search
The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF.
network
low complexity
acf CWE-352
4.3
4.3
2019-08-08 CVE-2019-14681 Cross-Site Request Forgery (CSRF) vulnerability in Deny ALL Firewall Project Deny ALL Firewall
The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF.
network
low complexity
deny-all-firewall-project CWE-352
8.8
8.8
2019-08-08 CVE-2019-14680 Cross-Site Request Forgery (CSRF) vulnerability in Mijnpress Admin-Renamer-Extended 3.2.1
The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF.
network
low complexity
mijnpress CWE-352
5.7
5.7