Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-09 | CVE-2018-9856 | Cross-Site Request Forgery (CSRF) vulnerability in Kotti Project Kotti Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request. | 8.8 |
| 2018-04-06 | CVE-2014-5072 | Cross-Site Request Forgery (CSRF) vulnerability in Wpsecurityauditlog WP Security Audit LOG Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 8.8 |
| 2018-04-06 | CVE-2014-5034 | Cross-Site Request Forgery (CSRF) vulnerability in Fresh-Media Brute Force Login Protection 1.3 Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute-force-login-protection page to wp-admin/options-general.php. | 8.8 |
| 2018-04-05 | CVE-2018-1000153 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Vsphere A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server ("test connection"). | 8.8 |
| 2018-04-04 | CVE-2018-6874 | Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Auth0.Js CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled. | 8.8 |
| 2018-04-04 | CVE-2018-8814 | Cross-Site Request Forgery (CSRF) vulnerability in Wolfcms Wolf CMS 0.8.3.1 Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/[pluginname]/settings by crafting a malicious request. | 6.5 |
| 2018-04-04 | CVE-2017-3965 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Network Security Manager Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs. | 8.8 |
| 2018-03-31 | CVE-2018-8908 | Cross-Site Request Forgery (CSRF) vulnerability in Frog CMS Project Frog CMS 0.9.5 An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. | 8.8 |
| 2018-03-31 | CVE-2018-8893 | Cross-Site Request Forgery (CSRF) vulnerability in Zblogcn Z-Blogphp 1.5.1 Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the ability to execute arbitrary PHP code. | 8.8 |
| 2018-03-30 | CVE-2018-9134 | Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7 file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. | 8.8 |