Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-29 | CVE-2018-13010 | Cross-Site Request Forgery (CSRF) vulnerability in Wstmall 1.9.1170316 WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account. | 8.8 |
| 2018-06-29 | CVE-2018-12971 | Cross-Site Request Forgery (CSRF) vulnerability in Easycms 1.3 EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users. | 6.5 |
| 2018-06-26 | CVE-2018-11447 | Cross-Site Request Forgery (CSRF) vulnerability in Siemens Scalance M875 Firmware A vulnerability has been identified in SCALANCE M875 (All versions). | 8.8 |
| 2018-06-26 | CVE-2018-1000514 | Cross-Site Request Forgery (CSRF) vulnerability in Limesurvey 3.0.0 LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. | 4.3 |
| 2018-06-26 | CVE-2018-1000507 | Cross-Site Request Forgery (CSRF) vulnerability in JJJ WP User Groups 2.0.0 WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. | 6.5 |
| 2018-06-26 | CVE-2018-1000506 | Cross-Site Request Forgery (CSRF) vulnerability in Mediaron Metronet TAG Manager 1.2.7 Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. | 8.8 |
| 2018-06-26 | CVE-2018-1000505 | Cross-Site Request Forgery (CSRF) vulnerability in Tooltipy 5.0 Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. | 6.5 |
| 2018-06-25 | CVE-2018-12603 | Cross-Site Request Forgery (CSRF) vulnerability in Lfdycms Lfcms 3.7.0 Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114. | 8.8 |
| 2018-06-25 | CVE-2018-12602 | Cross-Site Request Forgery (CSRF) vulnerability in Lfdycms Lfcms 3.7.0 A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily. | 8.8 |
| 2018-06-22 | CVE-2018-12659 | Cross-Site Request Forgery (CSRF) vulnerability in Slims Akasia Project Slims Akasia 8.3.1 SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter. | 8.8 |