Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2018-06-26 CVE-2018-1000507 Cross-Site Request Forgery (CSRF) vulnerability in JJJ WP User Groups 2.0.0
WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types.
network
low complexity
jjj CWE-352
6.5
6.5
2018-06-26 CVE-2018-1000506 Cross-Site Request Forgery (CSRF) vulnerability in Mediaron Metronet TAG Manager 1.2.7
Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can.
network
low complexity
mediaron CWE-352
8.8
8.8
2018-06-26 CVE-2018-1000505 Cross-Site Request Forgery (CSRF) vulnerability in Tooltipy 5.0
Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts.
network
low complexity
tooltipy CWE-352
6.5
6.5
2018-06-25 CVE-2018-12603 Cross-Site Request Forgery (CSRF) vulnerability in Lfdycms Lfcms 3.7.0
Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114.
network
low complexity
lfdycms CWE-352
8.8
8.8
2018-06-25 CVE-2018-12602 Cross-Site Request Forgery (CSRF) vulnerability in Lfdycms Lfcms 3.7.0
A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily.
network
low complexity
lfdycms CWE-352
8.8
8.8
2018-06-22 CVE-2018-12659 Cross-Site Request Forgery (CSRF) vulnerability in Slims Akasia Project Slims Akasia 8.3.1
SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter.
network
low complexity
slims-akasia-project CWE-352
8.8
8.8
2018-06-21 CVE-2018-0365 Cross-Site Request Forgery (CSRF) vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
network
low complexity
cisco CWE-352
8.8
8.8
2018-06-21 CVE-2018-0364 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager
A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
network
low complexity
cisco CWE-352
8.8
8.8
2018-06-21 CVE-2018-0363 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager IM and Presence Service 11.5(1)
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
network
low complexity
cisco CWE-352
8.8
8.8
2018-06-20 CVE-2018-6563 Cross-Site Request Forgery (CSRF) vulnerability in Totemo Encryption Gateway 6.0.0
Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1) change user settings, (2) send emails, or (3) change contact information by leveraging lack of an anti-CSRF token.
network
low complexity
totemo CWE-352
8.8
8.8